VBox

Timestamp:

Dec 24, 2008 11:15:29 AM (16 years ago)

Author:

vboxsync

Message:

Deal with invalid IO bitmap offset values in the TSS.

File:

trunk/src/VBox/VMM/SELM.cpp

-              r13840
+              r15742
                 if (CPUMGetGuestCR4(pVM) & X86_CR4_VME)
+                {
+                    uint32_t offRedirBitmap = tss.offIoBitmap - sizeof(tss.IntRedirBitmap);
+                    uint32_t offRedirBitmap;
+                    /* Make sure the io bitmap offset is valid; anything less than sizeof(VBOXTSS) means there's none. */
+                    if (tss.offIoBitmap < RT_OFFSETOF(VBOXTSS, IntRedirBitmap) + sizeof(tss.IntRedirBitmap))
+                    {
+                        Log(("Invalid io bitmap offset detected (%x)!\n", tss.offIoBitmap));
+                        tss.offIoBitmap = RT_OFFSETOF(VBOXTSS, IntRedirBitmap) + sizeof(tss.IntRedirBitmap);
+                    }
+                    offRedirBitmap = tss.offIoBitmap - sizeof(tss.IntRedirBitmap);
                     /** @todo not sure how the partial case is handled; probably not allowed */

Note: See TracChangeset for help on using the changeset viewer.