From 9ea6c51f5c86931c2c580ef2710c865946ded568 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 18 Jun 2015 11:42:45 +0200
Subject: [PATCH 2/2] Fix buffer overflow reported by Coverity
Message-id: <1434620565-7304-2-git-send-email-pbonzini@redhat.com>
Patchwork-id: 66324
O-Subject: [RHEL7.2 PATCH libunwind] Fix buffer overflow reported by Coverity
Bugzilla: 1233114
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Jeff Nelson <jenelson@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
tcmalloc uses it, and Mirek asked me to take a look at the Coverity results
for libunwind and tcmalloc. Nothing really stood out, except an off-by-one
for which Petr assigned the CVE number CVE-2015-3239.
The fix is trivial, and it was sent upstream already but not applied yet.
Not holding my breath since the upstream is pretty dead anyway.
---
include/dwarf_i.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/dwarf_i.h b/include/dwarf_i.h
index 0e72845..86dcdb8 100644
--- a/include/dwarf_i.h
+++ b/include/dwarf_i.h
@@ -20,7 +20,7 @@
extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
/* REG is evaluated multiple times; it better be side-effects free! */
# define dwarf_to_unw_regnum(reg) \
- (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
+ (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
#endif
#ifdef UNW_LOCAL_ONLY
--
2.4.3