ia64/xen-unstable
changeset 10055:8e6835fa7c4b
Fix an out-of-bounds memory access in xc_ptrace.c.
Currently, Xen always copies the entire 512 byte extended
FPU state (fxsave) even if only the "regular" FPU state was
requested.
This breaks since the memory buffer allocated in
linux-xen-low.c:regsets_fetch_inferior_registers() is only large
enough to hold the "plain" FPU registers.
Signed-Off-By: Simon Kagstrom <simon.kagstrom@bth.se>
Currently, Xen always copies the entire 512 byte extended
FPU state (fxsave) even if only the "regular" FPU state was
requested.
This breaks since the memory buffer allocated in
linux-xen-low.c:regsets_fetch_inferior_registers() is only large
enough to hold the "plain" FPU registers.
Signed-Off-By: Simon Kagstrom <simon.kagstrom@bth.se>
| author | kaf24@firebug.cl.cam.ac.uk |
|---|---|
| date | Fri May 12 15:47:25 2006 +0100 (2006-05-12) |
| parents | 93379554837c |
| children | d056f91cfd95 |
| files | tools/libxc/xc_ptrace.c |
line diff
1.1 --- a/tools/libxc/xc_ptrace.c Fri May 12 15:26:39 2006 +0100 1.2 +++ b/tools/libxc/xc_ptrace.c Fri May 12 15:47:25 2006 +0100 1.3 @@ -520,6 +520,11 @@ xc_ptrace( 1.4 break; 1.5 1.6 case PTRACE_GETFPREGS: 1.7 + if (!current_isfile && fetch_regs(xc_handle, cpu, NULL)) 1.8 + goto out_error; 1.9 + memcpy(data, &ctxt[cpu].fpu_ctxt, sizeof (elf_fpregset_t)); 1.10 + break; 1.11 + 1.12 case PTRACE_GETFPXREGS: 1.13 if (!current_isfile && fetch_regs(xc_handle, cpu, NULL)) 1.14 goto out_error;