From c40e24a8ef74f9d0ee59dd9b8ca890be08b0b874 Mon Sep 17 00:00:00 2001
From: Xi Wang <xi@mit.edu>
Date: Mon, 25 Feb 2013 12:44:25 +0100
Subject: x86: fix null pointer dereference in intel_get_extended_msrs()

`memset(&mc_ext, 0, ...)' leads to a buffer overflow and a subsequent
null pointer dereference.  Replace `&mc_ext' with `mc_ext'.

Signed-off-by: Xi Wang <xi@mit.edu>
---
 xen/arch/x86/cpu/mcheck/mce_intel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c
index d80f692496..45dbff88a4 100644
--- a/xen/arch/x86/cpu/mcheck/mce_intel.c
+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c
@@ -200,7 +200,7 @@ intel_get_extended_msrs(struct mcinfo_global *mig, struct mc_info *mi)
     }
 
     /* this function will called when CAP(9).MCG_EXT_P = 1 */
-    memset(&mc_ext, 0, sizeof(struct mcinfo_extended));
+    memset(mc_ext, 0, sizeof(*mc_ext));
     mc_ext->common.type = MC_TYPE_EXTENDED;
     mc_ext->common.size = sizeof(struct mcinfo_extended);
 
-- 
cgit v1.2.3