From 9ea6c51f5c86931c2c580ef2710c865946ded568 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 18 Jun 2015 11:42:45 +0200 Subject: [PATCH 2/2] Fix buffer overflow reported by Coverity Message-id: <1434620565-7304-2-git-send-email-pbonzini@redhat.com> Patchwork-id: 66324 O-Subject: [RHEL7.2 PATCH libunwind] Fix buffer overflow reported by Coverity Bugzilla: 1233114 RH-Acked-by: Miroslav Rezanina RH-Acked-by: Jeff Nelson RH-Acked-by: Laszlo Ersek tcmalloc uses it, and Mirek asked me to take a look at the Coverity results for libunwind and tcmalloc. Nothing really stood out, except an off-by-one for which Petr assigned the CVE number CVE-2015-3239. The fix is trivial, and it was sent upstream already but not applied yet. Not holding my breath since the upstream is pretty dead anyway. --- include/dwarf_i.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/dwarf_i.h b/include/dwarf_i.h index 0e72845..86dcdb8 100644 --- a/include/dwarf_i.h +++ b/include/dwarf_i.h @@ -20,7 +20,7 @@ extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH]; /* REG is evaluated multiple times; it better be side-effects free! */ # define dwarf_to_unw_regnum(reg) \ - (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) + (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) #endif #ifdef UNW_LOCAL_ONLY -- 2.4.3