diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-09-30 14:18:58 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-09-30 14:18:58 +0200 |
commit | 28b706efb6abb637fabfd74cde70a50935a5640b (patch) | |
tree | ac287a10a5708abb35456671dbca6fcfe9e6436a /xen | |
parent | f46befdd825c8a459c5eb21adb7d5b0dc6e30ad5 (diff) | |
download | xen-28b706efb6abb637fabfd74cde70a50935a5640b.tar.gz xen-28b706efb6abb637fabfd74cde70a50935a5640b.tar.bz2 xen-28b706efb6abb637fabfd74cde70a50935a5640b.zip |
x86: properly set up fbld emulation operand address
This is CVE-2013-4361 / XSA-66.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'xen')
-rw-r--r-- | xen/arch/x86/x86_emulate/x86_emulate.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index bb40b83b45..e89035b75b 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -3177,11 +3177,11 @@ x86_emulate( break; case 4: /* fbld m80dec */ ea.bytes = 10; - dst = ea; + src = ea; if ( (rc = ops->read(src.mem.seg, src.mem.off, &src.val, src.bytes, ctxt)) != 0 ) goto done; - emulate_fpu_insn_memdst("fbld", src.val); + emulate_fpu_insn_memsrc("fbld", src.val); break; case 5: /* fild m64i */ ea.bytes = 8; |