debuggers.hg
changeset 21995:1d67dd785ef4
xc: fix segfault in pv domain create if kernel is an invalid image
If libelf calls elf_err() or elf_msg() before elf_set_log() has been
called then it could potentially read an uninitialised log handling
callback function pointer from struct elf_binary. Fix this in libxc by
zeroing the structure before calling elf_init().
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
If libelf calls elf_err() or elf_msg() before elf_set_log() has been
called then it could potentially read an uninitialised log handling
callback function pointer from struct elf_binary. Fix this in libxc by
zeroing the structure before calling elf_init().
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
| author | Gianni Tedesco <gianni.tedesco@citrix.com> |
|---|---|
| date | Mon Aug 09 17:43:18 2010 +0100 (2010-08-09) |
| parents | fdf12cb3e2d1 |
| children | 36c9f6ea9782 |
| files | tools/libxc/xc_hvm_build.c |
line diff
1.1 --- a/tools/libxc/xc_hvm_build.c Mon Aug 09 17:20:39 2010 +0100 1.2 +++ b/tools/libxc/xc_hvm_build.c Mon Aug 09 17:43:18 2010 +0100 1.3 @@ -142,6 +142,7 @@ static int setup_guest(xc_interface *xch 1.4 if ( memsize > target ) 1.5 pod_mode = 1; 1.6 1.7 + memset(&elf, 0, sizeof(elf)); 1.8 if ( elf_init(&elf, image, image_size) != 0 ) 1.9 goto error_out; 1.10 elf_parse_binary(&elf);