xen: Fix off-by-one error when parsing command line arguments

As Xen currently stands, it will attempt to interpret the first few
bytes of the initcall section as a struct kernel_param.

The reason that this not caused problems is because in the overflow
case, param->name is actually a function pointer to the first
initcall, and intepreting it as string is very unlikely to match an
ASCII command line parameter name.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index 91dc32eedf864e445c282261f887c2f32e82a896..c915bbcb65acdbecc85c2d5053928fe9a5abc8f6 100644 (file)
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -90,7 +90,7 @@ void __init cmdline_parse(const char *cmdline)
         if ( !bool_assert )
             optkey += 3;
 
-        for ( param = &__setup_start; param <= &__setup_end; param++ )
+        for ( param = &__setup_start; param < &__setup_end; param++ )
         {
             if ( strcmp(param->name, optkey) )
                 continue;