|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Fix an out-of-bounds memory access in xc_ptrace.c.
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID b54bba73936d4c0c6a279108da05b4221cdf58a9
# Parent be5a6188cd9f00d045328b6b045f85992f2fbe10
Fix an out-of-bounds memory access in xc_ptrace.c.
Currently, Xen always copies the entire 512 byte extended
FPU state (fxsave) even if only the "regular" FPU state was
requested.
This breaks since the memory buffer allocated in
linux-xen-low.c:regsets_fetch_inferior_registers() is only large
enough to hold the "plain" FPU registers.
Signed-Off-By: Simon Kagstrom <simon.kagstrom@xxxxxx>
xen-unstable changeset: 9987:8e6835fa7c4bf262a02fe63418eee1ae3fd16516
xen-unstable date: Fri May 12 15:47:25 2006 +0100
---
tools/libxc/xc_ptrace.c | 5 +++++
1 files changed, 5 insertions(+)
diff -r be5a6188cd9f -r b54bba73936d tools/libxc/xc_ptrace.c
--- a/tools/libxc/xc_ptrace.c Thu May 11 11:34:34 2006 +0100
+++ b/tools/libxc/xc_ptrace.c Fri May 12 15:49:11 2006 +0100
@@ -510,6 +510,11 @@ xc_ptrace(
break;
case PTRACE_GETFPREGS:
+ if (!current_isfile && fetch_regs(xc_handle, cpu, NULL))
+ goto out_error;
+ memcpy(data, &ctxt[cpu].fpu_ctxt, sizeof (elf_fpregset_t));
+ break;
+
case PTRACE_GETFPXREGS:
if (!current_isfile && fetch_regs(xc_handle, cpu, NULL))
goto out_error;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |