x86: fix null pointer dereference in intel_get_extended_msrs()

`memset(&mc_ext, 0, ...)' leads to a buffer overflow and a subsequent
null pointer dereference.  Replace `&mc_ext' with `mc_ext'.

Signed-off-by: Xi Wang <xi@mit.edu>

diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c
index d80f69249686ece1fb1431393aa6e37eb731ca13..45dbff88a4b4a8a6049ddf2f608bc8ad751ea8f7 100644 (file)
--- a/xen/arch/x86/cpu/mcheck/mce_intel.c
+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c
@@ -200,7 +200,7 @@ intel_get_extended_msrs(struct mcinfo_global *mig, struct mc_info *mi)
     }
 
     /* this function will called when CAP(9).MCG_EXT_P = 1 */
-    memset(&mc_ext, 0, sizeof(struct mcinfo_extended));
+    memset(mc_ext, 0, sizeof(*mc_ext));
     mc_ext->common.type = MC_TYPE_EXTENDED;
     mc_ext->common.size = sizeof(struct mcinfo_extended);