yizhi-js-lib/favicon-trap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fxsave / fxsave64 should store the floating point instruction pointer (fpip) (#1467)

Browse Source 
* fxsave / fxsave64 should store the floating point instruction pointer (fpip)
- fxsave / fxsave64 happen to be used as GetPC code in exploits

* unit tests for the storage of FPIP in fxsave (x86) and fxsave64 (x64)
This commit is contained in:
Dimitris Glynos
2021-12-13 02:40:32 +02:00
committed by GitHub
parent 017c82e561
commit 63a445cbba
3 changed files with 121 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
qemu/target-i386/fpu_helper.c
View File

@ -1127,12 +1127,12 @@ void helper_fxsave(CPUX86State *env, target_ulong ptr, int data64)
cpu_stw_data(env, ptr + 4, fptag ^ 0xff);
#ifdef TARGET_X86_64
if (data64) {
cpu_stq_data(env, ptr + 0x08, 0); /* rip */
cpu_stq_data(env, ptr + 0x08, env->fpip); /* rip */
cpu_stq_data(env, ptr + 0x10, 0); /* rdp */
} else
#endif
{
cpu_stl_data(env, ptr + 0x08, 0); /* eip */
cpu_stl_data(env, ptr + 0x08, (uint32_t) env->fpip); /* eip */
cpu_stl_data(env, ptr + 0x0c, 0); /* sel */
cpu_stl_data(env, ptr + 0x10, 0); /* dp */
cpu_stl_data(env, ptr + 0x14, 0); /* sel */