From: Colin Ian King <colin.k...@canonical.com>
The check for the maximum code is off-by-one; the current
comparison of a code that is INTEL_PT_ERR_MAX will cause the
strlcpy to perform an out of bounds array access on the
intel_pt_err_msgs array. Fix this with a >= comparison.
Signed-off-by: Colin Ian King <colin.k...@canonical.com>
---
tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
index 9409d01..9c8f15d 100644
--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -356,7 +356,7 @@ static const char *intel_pt_err_msgs[] = {
int intel_pt__strerror(int code, char *buf, size_t buflen)
{
- if (code < 1 || code > INTEL_PT_ERR_MAX)
+ if (code < 1 || code >= INTEL_PT_ERR_MAX)
code = INTEL_PT_ERR_UNK;
strlcpy(buf, intel_pt_err_msgs[code], buflen);
return 0;
--
2.7.4
