From 9ea6c51f5c86931c2c580ef2710c865946ded568 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 18 Jun 2015 11:42:45 +0200
Subject: [PATCH 2/2] Fix buffer overflow reported by Coverity


Message-id: <1434620565-7304-2-git-send-email-pbonzini@redhat.com>
Patchwork-id: 66324
O-Subject: [RHEL7.2 PATCH libunwind] Fix buffer overflow reported by Coverity
Bugzilla: 1233114
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Jeff Nelson <jenelson@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>

tcmalloc uses it, and Mirek asked me to take a look at the Coverity results
for libunwind and tcmalloc.  Nothing really stood out, except an off-by-one
for which Petr assigned the CVE number CVE-2015-3239.

The fix is trivial, and it was sent upstream already but not applied yet.
Not holding my breath since the upstream is pretty dead anyway.
---
 include/dwarf_i.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/dwarf_i.h b/include/dwarf_i.h
index 0e72845..86dcdb8 100644
--- a/include/dwarf_i.h
+++ b/include/dwarf_i.h
@@ -20,7 +20,7 @@
 extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
 /* REG is evaluated multiple times; it better be side-effects free!  */
 # define dwarf_to_unw_regnum(reg)					  \
-  (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
+  (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
 #endif
 
 #ifdef UNW_LOCAL_ONLY
-- 
2.4.3