|
From: | LIU Zhiwei |
Subject: | Re: [PATCH v5 08/60] target/riscv: add vector amo operations |
Date: | Sat, 14 Mar 2020 13:07:04 +0800 |
User-agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
On 2020/3/14 12:28, Richard Henderson wrote:
On 3/12/20 7:58 AM, LIU Zhiwei wrote:+ static gen_helper_amo *const fnsw[9] = {...+ static gen_helper_amo *const fnsd[18] = {...+ fn = fnsw[seq]; +#ifdef TARGET_RISCV64 + if (s->sew == 3) { + fn = fnsd[seq]; + +#endifThis indexing is wrong, since for seq == 11 you index past the end of fnsw[].
Yes, it really a security bug. Thanks for pointing that. Zhiwei
You need something like if (s->sew == 3) { #ifdef TARGET_RISCV64 fn = fnsd[seq]; #else /* Check done in amo_check(). */ g_assert_not_reached(); #endif } else { fn = fnsw[seq]; } Otherwise it looks ok. r~
[Prev in Thread] | Current Thread | [Next in Thread] |