x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

Fixed an issue where the maximum index allowed (31) goes beyond the
actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
Coverity-ID: 1412966

Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
index bedf13c74dbc6aa399def0f02ce03cf78ac52e50..764195a7d1c1f34ce491e84c2192b9fb3805e2b8 100644 (file)
--- a/xen/arch/x86/monitor.c
+++ b/xen/arch/x86/monitor.c
@@ -132,8 +132,8 @@ int arch_monitor_domctl_event(struct domain *d,
         unsigned int ctrlreg_bitmask;
         bool_t old_status;
 
-        /* sanity check: avoid left-shift undefined behavior */
-        if ( unlikely(mop->u.mov_to_cr.index > 31) )
+        if ( unlikely(mop->u.mov_to_cr.index >=
+                      ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
             return -EINVAL;
 
         if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )