2013-10-02 22:41:46 +00:00
|
|
|
References: bnc#841766 CVE-2013-4361 XSA-66
|
|
|
|
|
|
2013-10-24 21:00:35 +00:00
|
|
|
# Commit 28b706efb6abb637fabfd74cde70a50935a5640b
|
|
|
|
|
# Date 2013-09-30 14:18:58 +0200
|
|
|
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
|
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
2013-10-02 22:41:46 +00:00
|
|
|
x86: properly set up fbld emulation operand address
|
|
|
|
|
|
|
|
|
|
This is CVE-2013-4361 / XSA-66.
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
|
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
|
|
|
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
|
|
|
@@ -3156,11 +3156,11 @@ x86_emulate(
|
|
|
|
|
break;
|
|
|
|
|
case 4: /* fbld m80dec */
|
|
|
|
|
ea.bytes = 10;
|
|
|
|
|
- dst = ea;
|
|
|
|
|
+ src = ea;
|
|
|
|
|
if ( (rc = ops->read(src.mem.seg, src.mem.off,
|
|
|
|
|
&src.val, src.bytes, ctxt)) != 0 )
|
|
|
|
|
goto done;
|
|
|
|
|
- emulate_fpu_insn_memdst("fbld", src.val);
|
|
|
|
|
+ emulate_fpu_insn_memsrc("fbld", src.val);
|
|
|
|
|
break;
|
|
|
|
|
case 5: /* fild m64i */
|
|
|
|
|
ea.bytes = 8;
|
