]>
Commit | Line | Data |
---|---|---|
e3bc6a2b WB |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Eduardo Habkost <ehabkost@redhat.com> | |
3 | Date: Tue, 9 Jan 2018 13:45:13 -0200 | |
4 | Subject: [PATCH] i386: Change X86CPUDefinition::model_id to const char* | |
5 | ||
6 | It is valid to have a 48-character model ID on CPUID, however the | |
7 | definition of X86CPUDefinition::model_id is char[48], which can | |
8 | make the compiler drop the null terminator from the string. | |
9 | ||
10 | If a CPU model happens to have 48 bytes on model_id, "-cpu help" | |
11 | will print garbage and the object_property_set_str() call at | |
12 | x86_cpu_load_def() will read data outside the model_id array. | |
13 | ||
14 | We could increase the array size to 49, but this would mean the | |
15 | compiler would not issue a warning if a 49-char string is used by | |
16 | mistake for model_id. | |
17 | ||
18 | To make things simpler, simply change model_id to be const char*, | |
19 | and validate the string length using an assert() on | |
20 | x86_cpu_cpudef_class_init. | |
21 | ||
22 | Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> | |
23 | Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> | |
24 | --- | |
25 | target/i386/cpu.c | 9 ++++++++- | |
26 | 1 file changed, 8 insertions(+), 1 deletion(-) | |
27 | ||
28 | diff --git a/target/i386/cpu.c b/target/i386/cpu.c | |
29 | index 3d53cb4c86..c673521016 100644 | |
30 | --- a/target/i386/cpu.c | |
31 | +++ b/target/i386/cpu.c | |
32 | @@ -753,7 +753,7 @@ struct X86CPUDefinition { | |
33 | int model; | |
34 | int stepping; | |
35 | FeatureWordArray features; | |
36 | - char model_id[48]; | |
37 | + const char *model_id; | |
38 | }; | |
39 | ||
40 | static X86CPUDefinition builtin_x86_defs[] = { | |
41 | @@ -922,6 +922,7 @@ static X86CPUDefinition builtin_x86_defs[] = { | |
42 | .features[FEAT_1_EDX] = | |
43 | I486_FEATURES, | |
44 | .xlevel = 0, | |
45 | + .model_id = "", | |
46 | }, | |
47 | { | |
48 | .name = "pentium", | |
49 | @@ -933,6 +934,7 @@ static X86CPUDefinition builtin_x86_defs[] = { | |
50 | .features[FEAT_1_EDX] = | |
51 | PENTIUM_FEATURES, | |
52 | .xlevel = 0, | |
53 | + .model_id = "", | |
54 | }, | |
55 | { | |
56 | .name = "pentium2", | |
57 | @@ -944,6 +946,7 @@ static X86CPUDefinition builtin_x86_defs[] = { | |
58 | .features[FEAT_1_EDX] = | |
59 | PENTIUM2_FEATURES, | |
60 | .xlevel = 0, | |
61 | + .model_id = "", | |
62 | }, | |
63 | { | |
64 | .name = "pentium3", | |
65 | @@ -955,6 +958,7 @@ static X86CPUDefinition builtin_x86_defs[] = { | |
66 | .features[FEAT_1_EDX] = | |
67 | PENTIUM3_FEATURES, | |
68 | .xlevel = 0, | |
69 | + .model_id = "", | |
70 | }, | |
71 | { | |
72 | .name = "athlon", | |
73 | @@ -2617,6 +2621,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def) | |
74 | * they shouldn't be set on the CPU model table. | |
75 | */ | |
76 | assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES)); | |
77 | + /* catch mistakes instead of silently truncating model_id when too long */ | |
78 | + assert(def->model_id && strlen(def->model_id) <= 48); | |
79 | + | |
80 | ||
81 | type_register(&ti); | |
82 | g_free(typename); | |
83 | -- | |
84 | 2.11.0 | |
85 |