Commit 807e9869 authored by Eduardo Habkost's avatar Eduardo Habkost
Browse files

i386: Change X86CPUDefinition::model_id to const char* 



It is valid to have a 48-character model ID on CPUID, however the
definition of X86CPUDefinition::model_id is char[48], which can
make the compiler drop the null terminator from the string.

If a CPU model happens to have 48 bytes on model_id, "-cpu help"
will print garbage and the object_property_set_str() call at
x86_cpu_load_def() will read data outside the model_id array.

We could increase the array size to 49, but this would mean the
compiler would not issue a warning if a 49-char string is used by
mistake for model_id.

To make things simpler, simply change model_id to be const char*,
and validate the string length using an assert() on
x86_register_cpudef_type().

Reported-by: default avatar"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: default avatarEduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-2-ehabkost@redhat.com>
Signed-off-by: default avatarEduardo Habkost <ehabkost@redhat.com>
parent c68bcb3a

target/i386/cpu.c

+8 −1
Original line number Diff line number Diff line
@@ -754,7 +754,7 @@ struct X86CPUDefinition { 
    int model;

    int stepping;

    FeatureWordArray features;

    char model_id[48];

    const char *model_id;

};



static X86CPUDefinition builtin_x86_defs[] = {
@@ -923,6 +923,7 @@ static X86CPUDefinition builtin_x86_defs[] = { 
        .features[FEAT_1_EDX] =

            I486_FEATURES,

        .xlevel = 0,

        .model_id = "",

    },

    {

        .name = "pentium",
@@ -934,6 +935,7 @@ static X86CPUDefinition builtin_x86_defs[] = { 
        .features[FEAT_1_EDX] =

            PENTIUM_FEATURES,

        .xlevel = 0,

        .model_id = "",

    },

    {

        .name = "pentium2",
@@ -945,6 +947,7 @@ static X86CPUDefinition builtin_x86_defs[] = { 
        .features[FEAT_1_EDX] =

            PENTIUM2_FEATURES,

        .xlevel = 0,

        .model_id = "",

    },

    {

        .name = "pentium3",
@@ -956,6 +959,7 @@ static X86CPUDefinition builtin_x86_defs[] = { 
        .features[FEAT_1_EDX] =

            PENTIUM3_FEATURES,

        .xlevel = 0,

        .model_id = "",

    },

    {

        .name = "athlon",
@@ -2736,6 +2740,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def) 
     * they shouldn't be set on the CPU model table.

     */

    assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));

    /* catch mistakes instead of silently truncating model_id when too long */

    assert(def->model_id && strlen(def->model_id) <= 48);





    type_register(&ti);

    g_free(typename);