> From: Sergey Dyasli [mailto:sergey.dya...@citrix.com] > Sent: Wednesday, February 22, 2017 4:38 PM > > > > > > > - for ( idx = 0; idx < *msr_count; idx++ ) > > > + for ( idx = 0; (*msr_area)[idx].index <= msr && idx < *msr_count; > > > idx++ ) > > > > risk of out-of-boundary access. > > How exactly out-of-bounds access is possible? The original condition > > idx < *msr_count > > Is still being checked on each loop iteration. >
Isn't "(*msr_area[idx]).index <= msr" checked before "idx < *msr_count"? So if idx==*msr_count, you first hit an out-of-boundary access... I think we should change the condition order here. Thanks Kevin _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
