23 lines
810 B
Diff
23 lines
810 B
Diff
|
# Commit c40e24a8ef74f9d0ee59dd9b8ca890be08b0b874
|
||
|
|
# Date 2013-02-25 12:44:25 +0100
|
||
|
|
# Author Xi Wang <xi@mit.edu>
|
||
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
||
|
|
x86: fix null pointer dereference in intel_get_extended_msrs()
|
||
|
|
|
||
|
|
`memset(&mc_ext, 0, ...)' leads to a buffer overflow and a subsequent
|
||
|
|
null pointer dereference. Replace `&mc_ext' with `mc_ext'.
|
||
|
|
|
||
|
|
Signed-off-by: Xi Wang <xi@mit.edu>
|
||
|
|
|
||
|
|
--- a/xen/arch/x86/cpu/mcheck/mce_intel.c
|
||
|
|
+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c
|
||
|
|
@@ -534,7 +534,7 @@ intel_get_extended_msrs(struct mcinfo_gl
|
||
|
|
}
|
||
|
|
|
||
|
|
/* this function will called when CAP(9).MCG_EXT_P = 1 */
|
||
|
|
- memset(&mc_ext, 0, sizeof(struct mcinfo_extended));
|
||
|
|
+ memset(mc_ext, 0, sizeof(*mc_ext));
|
||
|
|
mc_ext->common.type = MC_TYPE_EXTENDED;
|
||
|
|
mc_ext->common.size = sizeof(struct mcinfo_extended);
|
||
|
|
|