diff options
| author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2013-05-06 10:26:01 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2013-05-07 08:11:55 -0400 |
| commit | 7678dcfb310a190aea9bee8cdeb1e14987600737 (patch) | |
| tree | 9039d04a93259d37e821d6249dbeaa0bddf03cfc | |
| parent | 9673217c71b433d62d56cfb56c487e31af6f5574 (diff) | |
s390/disassembler: prevent endless loop in print_fn_code()
If the size of the opcode to be printed is larger than "len" we'll
see an overflow of an unsigned long value, which means that the
while loop within print_fn_code() will loop quite a long time until
there is the next chance for an exit.
So add an early exit check.
Reported-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| -rw-r--r-- | arch/s390/kernel/dis.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/s390/kernel/dis.c b/arch/s390/kernel/dis.c index 7f4a4a8c847c..be87d3e05a5b 100644 --- a/arch/s390/kernel/dis.c +++ b/arch/s390/kernel/dis.c | |||
| @@ -1862,6 +1862,8 @@ void print_fn_code(unsigned char *code, unsigned long len) | |||
| 1862 | while (len) { | 1862 | while (len) { |
| 1863 | ptr = buffer; | 1863 | ptr = buffer; |
| 1864 | opsize = insn_length(*code); | 1864 | opsize = insn_length(*code); |
| 1865 | if (opsize > len) | ||
| 1866 | break; | ||
| 1865 | ptr += sprintf(ptr, "%p: ", code); | 1867 | ptr += sprintf(ptr, "%p: ", code); |
| 1866 | for (i = 0; i < opsize; i++) | 1868 | for (i = 0; i < opsize; i++) |
| 1867 | ptr += sprintf(ptr, "%02x", code[i]); | 1869 | ptr += sprintf(ptr, "%02x", code[i]); |