From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Tue, 3 Jul 2012 12:38:19 +0000 (+0100)
Subject: xen: Fix off-by-one error when parsing command line arguments
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~8215
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=97d39c5fbf23ea2c798b814893ffd2b0239ba44b;p=xen.git

xen: Fix off-by-one error when parsing command line arguments

As Xen currently stands, it will attempt to interpret the first few
bytes of the initcall section as a struct kernel_param.

The reason that this not caused problems is because in the overflow
case, param->name is actually a function pointer to the first
initcall, and intepreting it as string is very unlikely to match an
ASCII command line parameter name.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>
---

diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index 91dc32eedf..c915bbcb65 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -90,7 +90,7 @@ void __init cmdline_parse(const char *cmdline)
         if ( !bool_assert )
             optkey += 3;
 
-        for ( param = &__setup_start; param <= &__setup_end; param++ )
+        for ( param = &__setup_start; param < &__setup_end; param++ )
         {
             if ( strcmp(param->name, optkey) )
                 continue;