Re: [Qemu-devel] [PATCH 28/43] windbg: implemented windbg_read_ks

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 28/43] windbg: implemented windbg_read_ks_regs

From:	Ladi Prosek
Subject:	Re: [Qemu-devel] [PATCH 28/43] windbg: implemented windbg_read_ks_regs
Date:	Tue, 3 Oct 2017 14:36:51 +0200

On Tue, Sep 26, 2017 at 1:06 PM, Mihail Abakumov
<address@hidden> wrote:
> Signed-off-by: Mihail Abakumov <address@hidden>
> Signed-off-by: Pavel Dovgalyuk <address@hidden>
> Signed-off-by: Dmitriy Koltunov <address@hidden>
> ---
>  windbgstub-utils.c |   38 ++++++++++++++++++++++++++++++++++++++
>  1 file changed, 38 insertions(+)
>
> diff --git a/windbgstub-utils.c b/windbgstub-utils.c
> index 73ff98dfbc..537ba9e2aa 100755
> --- a/windbgstub-utils.c
> +++ b/windbgstub-utils.c
> @@ -587,6 +587,44 @@ static int windbg_write_context(CPUState *cpu, uint8_t 
> *buf, int len,
>  static int windbg_read_ks_regs(CPUState *cpu, uint8_t *buf, int len,
>                                 int offset)
>  {
> +    CPUArchState *env = cpu->env_ptr;
> +    const bool new_mem = (len != sizeof(CPU_KSPECIAL_REGISTERS)
> +                       || offset != 0);
> +    CPU_KSPECIAL_REGISTERS *ckr;
> +    if (new_mem) {
> +        ckr = g_new(CPU_KSPECIAL_REGISTERS, 1);
> +    } else {
> +        ckr = (CPU_KSPECIAL_REGISTERS *) buf;
> +    }
> +
> +    memset(ckr, 0, len);

Buffer overrun on len > sizeof(CPU_KSPECIAL_REGISTERS).

> +    ckr->Cr0 = ldl_p(&env->cr[0]);
> +    ckr->Cr2 = ldl_p(&env->cr[2]);
> +    ckr->Cr3 = ldl_p(&env->cr[3]);
> +    ckr->Cr4 = ldl_p(&env->cr[4]);
> +
> +    ckr->KernelDr0 = ldtul_p(&env->dr[0]);
> +    ckr->KernelDr1 = ldtul_p(&env->dr[1]);
> +    ckr->KernelDr2 = ldtul_p(&env->dr[2]);
> +    ckr->KernelDr3 = ldtul_p(&env->dr[3]);
> +    ckr->KernelDr6 = ldtul_p(&env->dr[6]);
> +    ckr->KernelDr7 = ldtul_p(&env->dr[7]);
> +
> +    ckr->Gdtr.Pad = lduw_p(&env->gdt.selector);
> +    ckr->Idtr.Pad = lduw_p(&env->idt.selector);
> +
> +    ckr->Gdtr.Limit = lduw_p(&env->gdt.limit);
> +    ckr->Gdtr.Base  = ldtul_p(&env->gdt.base);
> +    ckr->Idtr.Limit = lduw_p(&env->idt.limit);
> +    ckr->Idtr.Base  = ldtul_p(&env->idt.base);
> +    ckr->Tr         = lduw_p(&env->tr.selector);
> +    ckr->Ldtr       = lduw_p(&env->ldt.selector);
> +
> +    if (new_mem) {
> +        memcpy(buf, (uint8_t *) ckr + offset, len);
> +        g_free(ckr);
> +    }
>      return 0;
>  }
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH 28/43] windbg: implemented windbg_read_ks_regs, Ladi Prosek <=

Prev by Date: Re: [Qemu-devel] [PATCH 26/43] windbg: implemented windbg_read_context
Next by Date: [Qemu-devel] [PATCH v4 0/2] virtio: introduce `info virtio' hmp command
Previous by thread: Re: [Qemu-devel] [PATCH 26/43] windbg: implemented windbg_read_context
Next by thread: [Qemu-devel] [PATCH v4 0/2] virtio: introduce `info virtio' hmp command
Index(es):
- Date
- Thread