Fix an out-of-bounds memory access in xc_ptrace.c.

Currently, Xen always copies the entire 512 byte extended
FPU state (fxsave) even if only the "regular" FPU state was
requested.

This breaks since the memory buffer allocated in
linux-xen-low.c:regsets_fetch_inferior_registers() is only large
enough to hold the "plain" FPU registers.

Signed-Off-By: Simon Kagstrom <simon.kagstrom@bth.se>

diff --git a/tools/libxc/xc_ptrace.c b/tools/libxc/xc_ptrace.c
index 981abe0b7c790ec97e29c19f3c7845a4bd484c11..d1a6525af30719d3afed03072a4047a694d39e26 100644 (file)
--- a/tools/libxc/xc_ptrace.c
+++ b/tools/libxc/xc_ptrace.c
@@ -520,6 +520,11 @@ xc_ptrace(
         break;
 
     case PTRACE_GETFPREGS:
+        if (!current_isfile && fetch_regs(xc_handle, cpu, NULL)) 
+                goto out_error;
+        memcpy(data, &ctxt[cpu].fpu_ctxt, sizeof (elf_fpregset_t));
+        break;
+
     case PTRACE_GETFPXREGS:
         if (!current_isfile && fetch_regs(xc_handle, cpu, NULL))
                 goto out_error;