x86: properly set up fbld emulation operand address

This is CVE-2013-4361 / XSA-66. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> master commit: 28b706efb6abb637fabfd74cde70a50935a5640b master date: 2013-09-30 14:18:58 +0200
author: Jan Beulich <jbeulich@suse.com> 2013-09-30 14:24:25 +0200
committer: Jan Beulich <jbeulich@suse.com> 2013-09-30 14:24:25 +0200
commit: ec8cda7355419ef4131bafb77212bd983322dacb (patch)
tree: 981ad51c87e6b57bfc768909ad38837ef23e2616
parent: 0155524aa6bf4ea4947c865dee4b13dd3dec6427 (diff)
download: xen-ec8cda7355419ef4131bafb77212bd983322dacb.tar.gz
xen-ec8cda7355419ef4131bafb77212bd983322dacb.tar.bz2
xen-ec8cda7355419ef4131bafb77212bd983322dacb.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 8794b8219f..e390c2a6ce 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -3156,11 +3156,11 @@ x86_emulate(
                 break;
             case 4: /* fbld m80dec */
                 ea.bytes = 10;
-                dst = ea;
+                src = ea;
                 if ( (rc = ops->read(src.mem.seg, src.mem.off,
                                      &src.val, src.bytes, ctxt)) != 0 )
                     goto done;
-                emulate_fpu_insn_memdst("fbld", src.val);
+                emulate_fpu_insn_memsrc("fbld", src.val);
                 break;
             case 5: /* fild m64i */
                 ea.bytes = 8;
author	Jan Beulich <jbeulich@suse.com>	2013-09-30 14:24:25 +0200
committer	Jan Beulich <jbeulich@suse.com>	2013-09-30 14:24:25 +0200
commit	ec8cda7355419ef4131bafb77212bd983322dacb (patch)
tree	981ad51c87e6b57bfc768909ad38837ef23e2616
parent	0155524aa6bf4ea4947c865dee4b13dd3dec6427 (diff)
download	xen-ec8cda7355419ef4131bafb77212bd983322dacb.tar.gz xen-ec8cda7355419ef4131bafb77212bd983322dacb.tar.bz2 xen-ec8cda7355419ef4131bafb77212bd983322dacb.zip