s390/disassembler: prevent endless loop in print_fn_code()

If the size of the opcode to be printed is larger than "len" we'll see an overflow of an unsigned long value, which means that the while loop within print_fn_code() will loop quite a long time until there is the next chance for an exit. So add an early exit check. Reported-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
author: Heiko Carstens <heiko.carstens@de.ibm.com> 2013-05-06 16:26:01 +0200
committer: Martin Schwidefsky <schwidefsky@de.ibm.com> 2013-05-07 14:11:55 +0200
commit: 7678dcfb310a190aea9bee8cdeb1e14987600737 (patch)
tree: 9039d04a93259d37e821d6249dbeaa0bddf03cfc
parent: 9673217c71b433d62d56cfb56c487e31af6f5574 (diff)
download: op-kernel-dev-7678dcfb310a190aea9bee8cdeb1e14987600737.zip
op-kernel-dev-7678dcfb310a190aea9bee8cdeb1e14987600737.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/s390/kernel/dis.c b/arch/s390/kernel/dis.c
index 7f4a4a8..be87d3e 100644
--- a/arch/s390/kernel/dis.c
+++ b/arch/s390/kernel/dis.c
@@ -1862,6 +1862,8 @@ void print_fn_code(unsigned char *code, unsigned long len)
 	while (len) {
 		ptr = buffer;
 		opsize = insn_length(*code);
+		if (opsize > len)
+			break;
 		ptr += sprintf(ptr, "%p: ", code);
 		for (i = 0; i < opsize; i++)
 			ptr += sprintf(ptr, "%02x", code[i]);
author	Heiko Carstens <heiko.carstens@de.ibm.com>	2013-05-06 16:26:01 +0200
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>	2013-05-07 14:11:55 +0200
commit	7678dcfb310a190aea9bee8cdeb1e14987600737 (patch)
tree	9039d04a93259d37e821d6249dbeaa0bddf03cfc
parent	9673217c71b433d62d56cfb56c487e31af6f5574 (diff)
download	op-kernel-dev-7678dcfb310a190aea9bee8cdeb1e14987600737.zip op-kernel-dev-7678dcfb310a190aea9bee8cdeb1e14987600737.tar.gz