From 6ca3eb330819ef5e86e45171f255700aee5ffac1 Mon Sep 17 00:00:00 2001
From: "kaf24@firebug.cl.cam.ac.uk" <kaf24@firebug.cl.cam.ac.uk>
Date: Fri, 12 May 2006 15:47:25 +0100
Subject: [PATCH] Fix an out-of-bounds memory access in xc_ptrace.c.

Currently, Xen always copies the entire 512 byte extended
FPU state (fxsave) even if only the "regular" FPU state was
requested.

This breaks since the memory buffer allocated in
linux-xen-low.c:regsets_fetch_inferior_registers() is only large
enough to hold the "plain" FPU registers.

Signed-Off-By: Simon Kagstrom <simon.kagstrom@bth.se>
---
 tools/libxc/xc_ptrace.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/libxc/xc_ptrace.c b/tools/libxc/xc_ptrace.c
index 981abe0b7c..d1a6525af3 100644
--- a/tools/libxc/xc_ptrace.c
+++ b/tools/libxc/xc_ptrace.c
@@ -520,6 +520,11 @@ xc_ptrace(
         break;
 
     case PTRACE_GETFPREGS:
+        if (!current_isfile && fetch_regs(xc_handle, cpu, NULL)) 
+                goto out_error;
+        memcpy(data, &ctxt[cpu].fpu_ctxt, sizeof (elf_fpregset_t));
+        break;
+
     case PTRACE_GETFPXREGS:
         if (!current_isfile && fetch_regs(xc_handle, cpu, NULL))
                 goto out_error;
-- 
2.30.2