From b0c4ae0d959c77409acd218bd1bcc274ebcff9ab Mon Sep 17 00:00:00 2001
From: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>
Date: Fri, 31 Jan 2025 17:07:28 +0530
Subject: [PATCH 1/2] Fix heap-buffer-overflow in op_cksm function

---
 qemu/target/s390x/translate.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/qemu/target/s390x/translate.c b/qemu/target/s390x/translate.c
index b9ef06c6cf..7e8192580c 100644
--- a/qemu/target/s390x/translate.c
+++ b/qemu/target/s390x/translate.c
@@ -2089,6 +2089,12 @@ static DisasJumpType op_cksm(DisasContext *s, DisasOps *o)
     TCGContext *tcg_ctx = s->uc->tcg_ctx;
     int r2 = get_field(s, r2);
     TCGv_i64 len = tcg_temp_new_i64(tcg_ctx);
+    
+    if (r2 < 0 || r2 + 1 >= NUM_REGS) {
+        // Handle invalid r2 index
+        tcg_temp_free_i64(tcg_ctx, len);
+        return DISAS_NORETURN;
+    }
 
     gen_helper_cksm(tcg_ctx, len, tcg_ctx->cpu_env, o->in1, o->in2, tcg_ctx->regs[r2 + 1]);
     set_cc_static(s);

From 349653a0d3e79bea9da09e5274b7709dc46baf95 Mon Sep 17 00:00:00 2001
From: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>
Date: Fri, 31 Jan 2025 21:58:11 +0530
Subject: [PATCH 2/2] Update header

---
 qemu/target/s390x/translate.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/qemu/target/s390x/translate.c b/qemu/target/s390x/translate.c
index 7e8192580c..7c527d0dc2 100644
--- a/qemu/target/s390x/translate.c
+++ b/qemu/target/s390x/translate.c
@@ -28,6 +28,8 @@
 #  define LOG_DISAS(...) do { } while (0)
 #endif
 
+#define NUM_REGS 16
+
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "internal.h"