diff options
author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2013-05-06 16:26:01 +0200 |
---|---|---|
committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2013-05-07 14:11:55 +0200 |
commit | 7678dcfb310a190aea9bee8cdeb1e14987600737 (patch) | |
tree | 9039d04a93259d37e821d6249dbeaa0bddf03cfc /arch/s390/kernel/dis.c | |
parent | 9673217c71b433d62d56cfb56c487e31af6f5574 (diff) |
s390/disassembler: prevent endless loop in print_fn_code()
If the size of the opcode to be printed is larger than "len" we'll
see an overflow of an unsigned long value, which means that the
while loop within print_fn_code() will loop quite a long time until
there is the next chance for an exit.
So add an early exit check.
Reported-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/kernel/dis.c')
-rw-r--r-- | arch/s390/kernel/dis.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/s390/kernel/dis.c b/arch/s390/kernel/dis.c index 7f4a4a8c847c..be87d3e05a5b 100644 --- a/arch/s390/kernel/dis.c +++ b/arch/s390/kernel/dis.c @@ -1862,6 +1862,8 @@ void print_fn_code(unsigned char *code, unsigned long len) while (len) { ptr = buffer; opsize = insn_length(*code); + if (opsize > len) + break; ptr += sprintf(ptr, "%p: ", code); for (i = 0; i < opsize; i++) ptr += sprintf(ptr, "%02x", code[i]); |