[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen master] i386: Change X86CPUDefinition::model_id to const char*

commit 4b220d88ba76fb2623ce4b8ba1f1eea66b82144e
Author:     Eduardo Habkost <ehabkost@xxxxxxxxxx>
AuthorDate: Tue Jan 9 13:45:13 2018 -0200
Commit:     Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
CommitDate: Tue Jan 23 17:08:04 2018 -0600

    i386: Change X86CPUDefinition::model_id to const char*
    
    It is valid to have a 48-character model ID on CPUID, however the
    definition of X86CPUDefinition::model_id is char[48], which can
    make the compiler drop the null terminator from the string.
    
    If a CPU model happens to have 48 bytes on model_id, "-cpu help"
    will print garbage and the object_property_set_str() call at
    x86_cpu_load_def() will read data outside the model_id array.
    
    We could increase the array size to 49, but this would mean the
    compiler would not issue a warning if a 49-char string is used by
    mistake for model_id.
    
    To make things simpler, simply change model_id to be const char*,
    and validate the string length using an assert() on
    x86_register_cpudef_type().
    
    Reported-by: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>
    Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
    Message-Id: <20180109154519.25634-2-ehabkost@xxxxxxxxxx>
    Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
    (cherry picked from commit 807e9869b8c4119b81df902625af818519e01759)
    Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
---
 target/i386/cpu.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 045d661..6327952 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -748,7 +748,7 @@ struct X86CPUDefinition {
     int model;
     int stepping;
     FeatureWordArray features;
-    char model_id[48];
+    const char *model_id;
 };
 
 static X86CPUDefinition builtin_x86_defs[] = {
@@ -917,6 +917,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
         .features[FEAT_1_EDX] =
             I486_FEATURES,
         .xlevel = 0,
+        .model_id = "",
     },
     {
         .name = "pentium",
@@ -928,6 +929,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
         .features[FEAT_1_EDX] =
             PENTIUM_FEATURES,
         .xlevel = 0,
+        .model_id = "",
     },
     {
         .name = "pentium2",
@@ -939,6 +941,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
         .features[FEAT_1_EDX] =
             PENTIUM2_FEATURES,
         .xlevel = 0,
+        .model_id = "",
     },
     {
         .name = "pentium3",
@@ -950,6 +953,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
         .features[FEAT_1_EDX] =
             PENTIUM3_FEATURES,
         .xlevel = 0,
+        .model_id = "",
     },
     {
         .name = "athlon",
@@ -2708,6 +2712,9 @@ static void x86_register_cpudef_type(X86CPUDefinition 
*def)
      * they shouldn't be set on the CPU model table.
      */
     assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
+    /* catch mistakes instead of silently truncating model_id when too long */
+    assert(def->model_id && strlen(def->model_id) <= 48);
+
 
     type_register(&ti);
     g_free(typename);
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.