Xen project Mailing List

[Xen-changelog] Fix an out-of-bounds memory access in xc_ptrace.c.

From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Sun, 14 May 2006 20:56:10 +0000

Delivery-date: Sun, 14 May 2006 13:57:46 -0700

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User kaf24@xxxxxxxxxxxxxxxxxxxx # Node ID 8e6835fa7c4bf262a02fe63418eee1ae3fd16516 # Parent 93379554837c35f1f3767c841992a85aa3bbb0db Fix an out-of-bounds memory access in xc_ptrace.c. Currently, Xen always copies the entire 512 byte extended FPU state (fxsave) even if only the "regular" FPU state was requested. This breaks since the memory buffer allocated in linux-xen-low.c:regsets_fetch_inferior_registers() is only large enough to hold the "plain" FPU registers. Signed-Off-By: Simon Kagstrom <simon.kagstrom@xxxxxx> --- tools/libxc/xc_ptrace.c | 5 +++++ 1 files changed, 5 insertions(+) diff -r 93379554837c -r 8e6835fa7c4b tools/libxc/xc_ptrace.c --- a/tools/libxc/xc_ptrace.c Fri May 12 15:26:39 2006 +0100 +++ b/tools/libxc/xc_ptrace.c Fri May 12 15:47:25 2006 +0100 @@ -520,6 +520,11 @@ xc_ptrace( break; case PTRACE_GETFPREGS: + if (!current_isfile && fetch_regs(xc_handle, cpu, NULL)) + goto out_error; + memcpy(data, &ctxt[cpu].fpu_ctxt, sizeof (elf_fpregset_t)); + break; + case PTRACE_GETFPXREGS: if (!current_isfile && fetch_regs(xc_handle, cpu, NULL)) goto out_error; _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.