diff options
author | Eduardo Habkost <ehabkost@redhat.com> | 2018-01-09 13:45:13 -0200 |
---|---|---|
committer | Eduardo Habkost <ehabkost@redhat.com> | 2018-01-17 23:04:31 -0200 |
commit | 807e9869b8c4119b81df902625af818519e01759 (patch) | |
tree | 3acb35c8261708235b64cfe3b0b72daebae44edc | |
parent | c68bcb3a994a3647ea70899d050debb0ff72d86a (diff) | |
download | qemu-807e9869b8c4119b81df902625af818519e01759.zip qemu-807e9869b8c4119b81df902625af818519e01759.tar.gz qemu-807e9869b8c4119b81df902625af818519e01759.tar.bz2 |
i386: Change X86CPUDefinition::model_id to const char*
It is valid to have a 48-character model ID on CPUID, however the
definition of X86CPUDefinition::model_id is char[48], which can
make the compiler drop the null terminator from the string.
If a CPU model happens to have 48 bytes on model_id, "-cpu help"
will print garbage and the object_property_set_str() call at
x86_cpu_load_def() will read data outside the model_id array.
We could increase the array size to 49, but this would mean the
compiler would not issue a warning if a 49-char string is used by
mistake for model_id.
To make things simpler, simply change model_id to be const char*,
and validate the string length using an assert() on
x86_register_cpudef_type().
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-rw-r--r-- | target/i386/cpu.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 4385853..0e26fa4 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -754,7 +754,7 @@ struct X86CPUDefinition { int model; int stepping; FeatureWordArray features; - char model_id[48]; + const char *model_id; }; static X86CPUDefinition builtin_x86_defs[] = { @@ -923,6 +923,7 @@ static X86CPUDefinition builtin_x86_defs[] = { .features[FEAT_1_EDX] = I486_FEATURES, .xlevel = 0, + .model_id = "", }, { .name = "pentium", @@ -934,6 +935,7 @@ static X86CPUDefinition builtin_x86_defs[] = { .features[FEAT_1_EDX] = PENTIUM_FEATURES, .xlevel = 0, + .model_id = "", }, { .name = "pentium2", @@ -945,6 +947,7 @@ static X86CPUDefinition builtin_x86_defs[] = { .features[FEAT_1_EDX] = PENTIUM2_FEATURES, .xlevel = 0, + .model_id = "", }, { .name = "pentium3", @@ -956,6 +959,7 @@ static X86CPUDefinition builtin_x86_defs[] = { .features[FEAT_1_EDX] = PENTIUM3_FEATURES, .xlevel = 0, + .model_id = "", }, { .name = "athlon", @@ -2736,6 +2740,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def) * they shouldn't be set on the CPU model table. */ assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES)); + /* catch mistakes instead of silently truncating model_id when too long */ + assert(def->model_id && strlen(def->model_id) <= 48); + type_register(&ti); g_free(typename); |