[Beignet] [PATCH v3] GBE: Don't read past end of printf format string

[Pan, Xiuli]

Ping for pushed.

-----Original Message-----
From: Pan, Xiuli 
Sent: Wednesday, November 4, 2015 9:48 AM
To: Rebecca N. Palmer <rebecca_palmer at zoho.com>; beignet at lists.freedesktop.org
Subject: RE: [Beignet] [PATCH v3] GBE: Don't read past end of printf format string

LGTM, Thanks for your help!

-----Original Message-----
From: Beignet [mailto:beignet-bounces at lists.freedesktop.org] On Behalf Of Rebecca N. Palmer
Sent: Wednesday, November 4, 2015 6:19 AM
To: beignet at lists.freedesktop.org
Subject: Re: [Beignet] [PATCH v3] GBE: Don't read past end of printf format string

When p == end (the null terminator byte), don't try to read p + 1:
as this is outside the string, it might be a '%' from a different object (causing __parse_printf_state(end + 2, end, ...) to be called, which will fail), or an invalid address.

Signed-off-by: Rebecca Palmer <rebecca_palmer at zoho.com>
---
 backend/src/llvm/llvm_printf_parser.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/llvm/llvm_printf_parser.cpp b/backend/src/llvm/llvm_printf_parser.cpp
index bdaed8a..f427107 100644
--- a/backend/src/llvm/llvm_printf_parser.cpp
+++ b/backend/src/llvm/llvm_printf_parser.cpp
@@ -229,7 +229,7 @@ again:
         printf("string end with %%\n");
         goto error;
       }
-      if (*(p + 1) == '%') { // %%
+      if (p + 1 < end && *(p + 1) == '%') { // %%
         p += 2;
         goto again;
       }

_______________________________________________
Beignet mailing list
Beignet at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/beignet