diff options
author | Mitchell Hayenga <Mitchell.Hayenga@ARM.com> | 2012-01-12 15:27:20 -0600 |
---|---|---|
committer | Mitchell Hayenga <Mitchell.Hayenga@ARM.com> | 2012-01-12 15:27:20 -0600 |
commit | 698408bce2a2294ab620cb70d6272f33fa75e017 (patch) | |
tree | abbc5baf926d183fbf46e1a784517f3e1b71a826 | |
parent | a17dbdf8834b84f05a8f5154a74ac819fe8adc7c (diff) | |
download | gem5-698408bce2a2294ab620cb70d6272f33fa75e017.tar.xz |
Fix memory corruption issue with CopyStringOut()
CopyStringOut() improperly indexed setting the null
character, would result in zeroing a random byte
of memory after(out of bounds) the character array.
-rw-r--r-- | src/mem/fs_translating_port_proxy.cc | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/mem/fs_translating_port_proxy.cc b/src/mem/fs_translating_port_proxy.cc index d202b22bd..c0898a003 100644 --- a/src/mem/fs_translating_port_proxy.cc +++ b/src/mem/fs_translating_port_proxy.cc @@ -138,15 +138,19 @@ CopyIn(ThreadContext *tc, Addr dest, void *source, size_t cplen) void CopyStringOut(ThreadContext *tc, char *dst, Addr vaddr, size_t maxlen) { - int len = 0; char *start = dst; FSTranslatingPortProxy* vp = tc->getVirtProxy(); - do { - vp->readBlob(vaddr++, (uint8_t*)dst++, 1); - } while (len < maxlen && start[len++] != 0 ); + bool foundNull = false; + while ((dst - start + 1) < maxlen && !foundNull) { + vp->readBlob(vaddr++, (uint8_t*)dst, 1); + if (dst == '\0') + foundNull = true; + dst++; + } - dst[len] = 0; + if (!foundNull) + *dst = '\0'; } void |