[m5-dev] [PATCH 3 of 3] The way this code is written, it can allow an out of bounds array reference

Fri, 26 Sep 2008 16:57:05 -0700 

# HG changeset patch
# User Nathan Binkert <[EMAIL PROTECTED]>
# Date 1222446909 25200
# Node ID 41322fd94d32ef64ed1b72f3db5ed7cd02bb4d04
# Parent  996a1882ccc64c4928f81fb3e318c9811bc13240
The way this code is written, it can allow an out of bounds array reference.
Since this code is fundamentally incorrect, add an assertion that
blows up if the out of bounds access occurs.

diff --git a/src/arch/mips/regfile/int_regfile.cc 
b/src/arch/mips/regfile/int_regfile.cc
--- a/src/arch/mips/regfile/int_regfile.cc
+++ b/src/arch/mips/regfile/int_regfile.cc
@@ -54,36 +54,35 @@
 IntReg
 IntRegFile::readReg(int intReg)
 {
-    if (intReg < NumIntRegs) {
-        // Regular GPR Read
-        DPRINTF(MipsPRA, "Reading Reg: %d, CurrShadowSet: %d\n", intReg,
-                currShadowSet);
+    // Previously, this function would just return the value in the
+    // regs array if the index was greater than NumIntRegs.  That
+    // would be incorrect though since it would result in an out of
+    // bounds access to the regs[] array. setReg also had this problem.
+    assert(intReg < NumIntRegs);
 
-        if (intReg >= NumIntArchRegs * NumShadowRegSets) {
-            return regs[intReg + NumIntRegs * currShadowSet];
-        } else {
-            int index = intReg + NumIntArchRegs * currShadowSet;
-            index = index % NumIntArchRegs;
-            return regs[index];
-        }
+    // Regular GPR Read
+    DPRINTF(MipsPRA, "Reading Reg: %d, CurrShadowSet: %d\n", intReg,
+            currShadowSet);
+
+    if (intReg >= NumIntArchRegs * NumShadowRegSets) {
+        return regs[intReg + NumIntRegs * currShadowSet];
     } else {
-        // Read from shadow GPR .. probably called by RDPGPR
-        return regs[intReg];
+        int index = intReg + NumIntArchRegs * currShadowSet;
+        index = index % NumIntArchRegs;
+        return regs[index];
     }
 }
 
 Fault
 IntRegFile::setReg(int intReg, const IntReg &val)
 {
+    assert(intReg < NumIntRegs); // see comment in readReg
+
     if (intReg != ZeroReg) {
-        if (intReg < NumIntRegs) {
-            if (intReg >= NumIntArchRegs * NumShadowRegSets)
-                regs[intReg] = val;
-            else
-                regs[intReg + NumIntRegs * currShadowSet] = val;
-        } else {
+        if (intReg >= NumIntArchRegs * NumShadowRegSets)
             regs[intReg] = val;
-        }
+        else
+            regs[intReg + NumIntRegs * currShadowSet] = val;
     }
 
     return NoFault;
_______________________________________________
m5-dev mailing list
m5-dev@m5sim.org
http://m5sim.org/mailman/listinfo/m5-dev

Reply via email to