changeset 78b08f92c290 in /z/repo/gem5
details: http://repo.gem5.org/gem5?cmd=changeset;node=78b08f92c290
description:
Fix memory corruption issue with CopyStringOut()
CopyStringOut() improperly indexed setting the null
character, would result in zeroing a random byte
of memory after(out of bounds) the character array.
diffstat:
src/mem/fs_translating_port_proxy.cc | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diffs (28 lines):
diff -r ba2d2b37e534 -r 78b08f92c290 src/mem/fs_translating_port_proxy.cc
--- a/src/mem/fs_translating_port_proxy.cc Wed Jan 25 17:19:50 2012 +0000
+++ b/src/mem/fs_translating_port_proxy.cc Thu Jan 12 15:27:20 2012 -0600
@@ -138,15 +138,19 @@
void
CopyStringOut(ThreadContext *tc, char *dst, Addr vaddr, size_t maxlen)
{
- int len = 0;
char *start = dst;
FSTranslatingPortProxy* vp = tc->getVirtProxy();
- do {
- vp->readBlob(vaddr++, (uint8_t*)dst++, 1);
- } while (len < maxlen && start[len++] != 0 );
+ bool foundNull = false;
+ while ((dst - start + 1) < maxlen && !foundNull) {
+ vp->readBlob(vaddr++, (uint8_t*)dst, 1);
+ if (dst == '\0')
+ foundNull = true;
+ dst++;
+ }
- dst[len] = 0;
+ if (!foundNull)
+ *dst = '\0';
}
void
_______________________________________________
gem5-dev mailing list
[email protected]
http://m5sim.org/mailman/listinfo/gem5-dev
