Fix crash in cpuid_riscv64.c
The crash is reproducible when building OpenBLAS without forcing a target in a riscv64 container running on an X86_64 machine with an older version of QEMU, e.g., 7.0.0, registered with binfmt_misc to run riscv64 binaries. With this setup, cat /proc/cpuinfo in the container returns the cpu information for the host, which contains a "model name" string, and we execute the buggy code. The code in question is searching in an uninitialised buffer for the ':' character and doesn't check to see whether it was found or not. This can result in pmodel containing the pointer value 1 and a crash when pmodel is defererenced. The algorithm to detect the C910V CPU has not been modified, merely fixed to prevent the crash. A few additional checks for NULL pointers are added to improve the robustness of the code and a whitespace error is corrected.
This commit is contained in:
Mark Ryan
parent
d6a5174e9c
commit
ec2aa32eb0
|
|
@ -86,23 +86,29 @@ int detect(void){
|
|||
char *pmodel = NULL, *pisa = NULL;
|
||||
|
||||
infile = fopen("/proc/cpuinfo", "r");
|
||||
if (!infile)
|
||||
return CPU_GENERIC;
|
||||
while (fgets(buffer, sizeof(buffer), infile)){
|
||||
if(!strncmp(buffer, "model name", 10)){
|
||||
strcpy(model_buffer, buffer);
|
||||
pmodel = strchr(isa_buffer, ':') + 1;
|
||||
pmodel = strchr(model_buffer, ':');
|
||||
if (pmodel)
|
||||
pmodel++;
|
||||
}
|
||||
|
||||
if(!strncmp(buffer, "isa", 3)){
|
||||
strcpy(isa_buffer, buffer);
|
||||
pisa = strchr(isa_buffer, '4') + 1;
|
||||
pisa = strchr(isa_buffer, '4');
|
||||
if (pisa)
|
||||
pisa++;
|
||||
}
|
||||
}
|
||||
|
||||
fclose(infile);
|
||||
|
||||
if (!pmodel)
|
||||
if (!pmodel || !pisa)
|
||||
return(CPU_GENERIC);
|
||||
|
||||
|
||||
if (strstr(pmodel, check_c910_str) && strchr(pisa, 'v'))
|
||||
return CPU_C910V;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue