Xen devel - Aug 2010 - [PATCH]: xc: fix segfault in pv domain create if kernel is an invalid image

If libelf calls elf_err() or elf_msg() before elf_set_log() has been
called then it could potentially read an uninitialised log handling
callback function pointer from struct elf_binary. Fix this in libxc by
zeroing the structure before calling elf_init().

Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>

diff -r ac93a1ec290c tools/libxc/xc_hvm_build.c
--- a/tools/libxc/xc_hvm_build.c	Mon Aug 09 16:10:41 2010 +0100
+++ b/tools/libxc/xc_hvm_build.c	Mon Aug 09 17:04:28 2010 +0100
@@ -141,6 +141,7 @@ static int setup_guest(xc_interface *xch
     if ( memsize > target )
         pod_mode = 1;
 
+    memset(&elf, 0, sizeof(elf));
     if ( elf_init(&elf, image, image_size) != 0 )
         goto error_out;
     elf_parse_binary(&elf);



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Mon, 9 Aug 2010, Gianni Tedesco wrote:
> If libelf calls elf_err() or elf_msg() before elf_set_log() has been
> called then it could potentially read an uninitialised log handling
> callback function pointer from struct elf_binary. Fix this in libxc by
> zeroing the structure before calling elf_init().
> 
> Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
> 
> diff -r ac93a1ec290c tools/libxc/xc_hvm_build.c
> --- a/tools/libxc/xc_hvm_build.c	Mon Aug 09 16:10:41 2010 +0100
> +++ b/tools/libxc/xc_hvm_build.c	Mon Aug 09 17:04:28 2010 +0100
> @@ -141,6 +141,7 @@ static int setup_guest(xc_interface *xch
>      if ( memsize > target )
>          pod_mode = 1;
>  
> +    memset(&elf, 0, sizeof(elf));
>      if ( elf_init(&elf, image, image_size) != 0 )
>          goto error_out;
>      elf_parse_binary(&elf);
> 
applied, thanks

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel