Skip to content

Commit a430c91

Browse files
committed
KVM: emulate: avoid accessing NULL ctxt->memopp
A failure to decode the instruction can cause a NULL pointer access. This is fixed simply by moving the "done" label as close as possible to the return. This fixes CVE-2014-8481. Reported-by: Andy Lutomirski <luto@amacapital.net> Cc: stable@vger.kernel.org Fixes: 41061cd Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 08da44a commit a430c91

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: arch/x86/kvm/emulate.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -4580,10 +4580,10 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
45804580
/* Decode and fetch the destination operand: register or memory. */
45814581
rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
45824582

4583-
done:
45844583
if (ctxt->rip_relative)
45854584
ctxt->memopp->addr.mem.ea += ctxt->_eip;
45864585

4586+
done:
45874587
return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
45884588
}
45894589

0 commit comments

Comments
 (0)