target-i386: cpu: Fix potential buffer overrun in get_register_name_32()

Spotted by Coverity,
x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing
x86_reg_info_32[CPU_NB_REGS32] will be one element off array.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: liguang <lig.fnst@cn.fujitsu.com>
Reviewed by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 31ccdde298d98b08526dc23059071c9086dec6c2)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 1a501d9d330bdda285020a5256df57b4e294ebde..ae8e68271b027804ab3e86e96c17556d0ad513a7 100644 (file)
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -221,7 +221,7 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
 
 const char *get_register_name_32(unsigned int reg)
 {
-    if (reg > CPU_NB_REGS32) {
+    if (reg >= CPU_NB_REGS32) {
         return NULL;
     }
     return x86_reg_info_32[reg].name;