diff options
| author | CookedMelon <cc2414635846@163.com> | 2024-04-04 01:42:45 +0800 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-04-05 05:23:42 +0000 |
| commit | 47d9c0edfbe59bff64dc279a63d2dce54552cf12 (patch) | |
| tree | b05382f303f877e6c7beded2f5c517559085faac /pkg | |
| parent | 0ee3535ea8ff21d50e44372bb1cfd147e299ab5b (diff) | |
executor: fix uninitialized variable when generating kvm code
The "avl" fields (variable type is u8) of the kvm_segment structure variables such as
seg_cs16 and seg_ldt are not initialized to zero. During creation, there is a chance that
they are set to values other than 0 or 1, which can cause the "avl" fields to overwrite
other fields when executing the fill_segment_descriptor function, leading to erroneous
results.
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/csource/generated.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index c198c43ba..f603e77d0 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -7677,6 +7677,7 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat uint64* gdt = (uint64*)(host_mem + sregs.gdt.base); struct kvm_segment seg_ldt; + memset(&seg_ldt, 0, sizeof(seg_ldt)); seg_ldt.selector = SEL_LDT; seg_ldt.type = 2; seg_ldt.base = guest_mem + ADDR_LDT; @@ -7691,6 +7692,7 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat uint64* ldt = (uint64*)(host_mem + sregs.ldt.base); struct kvm_segment seg_cs16; + memset(&seg_cs16, 0, sizeof(seg_cs16)); seg_cs16.selector = SEL_CS16; seg_cs16.type = 11; seg_cs16.base = 0; @@ -7746,6 +7748,7 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat seg_ds64_cpl3.dpl = 3; struct kvm_segment seg_tss32; + memset(&seg_tss32, 0, sizeof(seg_tss32)); seg_tss32.selector = SEL_TSS32; seg_tss32.type = 9; seg_tss32.base = ADDR_VAR_TSS32; @@ -7796,6 +7799,7 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat seg_tss64_cpl3.dpl = 3; struct kvm_segment seg_cgate16; + memset(&seg_cgate16, 0, sizeof(seg_cgate16)); seg_cgate16.selector = SEL_CGATE16; seg_cgate16.type = 4; seg_cgate16.base = SEL_CS16 | (2 << 16); |