s390/disassembler: prevent endless loop in print_fn_code()
authorHeiko Carstens <heiko.carstens@de.ibm.com>
Mon, 6 May 2013 14:26:01 +0000 (16:26 +0200)
committerMartin Schwidefsky <schwidefsky@de.ibm.com>
Tue, 7 May 2013 12:11:55 +0000 (14:11 +0200)
If the size of the opcode to be printed is larger than "len" we'll
see an overflow of an unsigned long value, which means that the
while loop within print_fn_code() will loop quite a long time until
there is the next chance for an exit.
So add an early exit check.

Reported-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
arch/s390/kernel/dis.c

index 7f4a4a8c847c7a3807fd6d913f0ca93fe5b874b8..be87d3e05a5be69265a6100f87afe2fa60d51137 100644 (file)
@@ -1862,6 +1862,8 @@ void print_fn_code(unsigned char *code, unsigned long len)
        while (len) {
                ptr = buffer;
                opsize = insn_length(*code);
+               if (opsize > len)
+                       break;
                ptr += sprintf(ptr, "%p: ", code);
                for (i = 0; i < opsize; i++)
                        ptr += sprintf(ptr, "%02x", code[i]);