projects / qemu / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e8e880a)
target-i386: fix CVE-2007-1322
authoraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>
Sun, 7 Dec 2008 18:15:36 +0000 (18:15 +0000)
committeraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>
Sun, 7 Dec 2008 18:15:36 +0000 (18:15 +0000)
The icebp instruction can be abused to terminate the emulation,
resulting in denial of service.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5921 c046a42c-6fe2-441c-8c8c-71466251a162

target-i386/translate.c patch | blob | history

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 612811b..423fca3 100644 (file)
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -6564,6 +6564,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
         gen_jmp_im(pc_start - s->cs_base);
         gen_helper_into(tcg_const_i32(s->pc - pc_start));
         break;
+#ifdef WANT_ICEBP
     case 0xf1: /* icebp (undocumented, exits to external debugger) */
         gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
 #if 1
@@ -6574,6 +6575,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
         cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
 #endif
         break;
+#endif
     case 0xfa: /* cli */
         if (!s->vm86) {
             if (s->cpl <= s->iopl) {
Unnamed repository; edit this file to name it for gitweb.