Re: [Qemu-devel] [PATCH 28/43] windbg: implemented windbg_read_ks_regs

2017-10-03 Thread Ladi Prosek 
On Tue, Sep 26, 2017 at 1:06 PM, Mihail Abakumov
 wrote:
> Signed-off-by: Mihail Abakumov 
> Signed-off-by: Pavel Dovgalyuk 
> Signed-off-by: Dmitriy Koltunov 
> ---
>  windbgstub-utils.c |   38 ++
>  1 file changed, 38 insertions(+)
>
> diff --git a/windbgstub-utils.c b/windbgstub-utils.c
> index 73ff98dfbc..537ba9e2aa 100755
> --- a/windbgstub-utils.c
> +++ b/windbgstub-utils.c
> @@ -587,6 +587,44 @@ static int windbg_write_context(CPUState *cpu, uint8_t 
> *buf, int len,
>  static int windbg_read_ks_regs(CPUState *cpu, uint8_t *buf, int len,
> int offset)
>  {
> +CPUArchState *env = cpu->env_ptr;
> +const bool new_mem = (len != sizeof(CPU_KSPECIAL_REGISTERS)
> +   || offset != 0);
> +CPU_KSPECIAL_REGISTERS *ckr;
> +if (new_mem) {
> +ckr = g_new(CPU_KSPECIAL_REGISTERS, 1);
> +} else {
> +ckr = (CPU_KSPECIAL_REGISTERS *) buf;
> +}
> +
> +memset(ckr, 0, len);

Buffer overrun on len > sizeof(CPU_KSPECIAL_REGISTERS).

> +ckr->Cr0 = ldl_p(>cr[0]);
> +ckr->Cr2 = ldl_p(>cr[2]);
> +ckr->Cr3 = ldl_p(>cr[3]);
> +ckr->Cr4 = ldl_p(>cr[4]);
> +
> +ckr->KernelDr0 = ldtul_p(>dr[0]);
> +ckr->KernelDr1 = ldtul_p(>dr[1]);
> +ckr->KernelDr2 = ldtul_p(>dr[2]);
> +ckr->KernelDr3 = ldtul_p(>dr[3]);
> +ckr->KernelDr6 = ldtul_p(>dr[6]);
> +ckr->KernelDr7 = ldtul_p(>dr[7]);
> +
> +ckr->Gdtr.Pad = lduw_p(>gdt.selector);
> +ckr->Idtr.Pad = lduw_p(>idt.selector);
> +
> +ckr->Gdtr.Limit = lduw_p(>gdt.limit);
> +ckr->Gdtr.Base  = ldtul_p(>gdt.base);
> +ckr->Idtr.Limit = lduw_p(>idt.limit);
> +ckr->Idtr.Base  = ldtul_p(>idt.base);
> +ckr->Tr = lduw_p(>tr.selector);
> +ckr->Ldtr   = lduw_p(>ldt.selector);
> +
> +if (new_mem) {
> +memcpy(buf, (uint8_t *) ckr + offset, len);
> +g_free(ckr);
> +}
>  return 0;
>  }
>
>

[Qemu-devel] [PATCH 28/43] windbg: implemented windbg_read_ks_regs

2017-09-26 Thread Mihail Abakumov 
Signed-off-by: Mihail Abakumov 
Signed-off-by: Pavel Dovgalyuk 
Signed-off-by: Dmitriy Koltunov 
---
 windbgstub-utils.c |   38 ++
 1 file changed, 38 insertions(+)

diff --git a/windbgstub-utils.c b/windbgstub-utils.c
index 73ff98dfbc..537ba9e2aa 100755
--- a/windbgstub-utils.c
+++ b/windbgstub-utils.c
@@ -587,6 +587,44 @@ static int windbg_write_context(CPUState *cpu, uint8_t 
*buf, int len,
 static int windbg_read_ks_regs(CPUState *cpu, uint8_t *buf, int len,
int offset)
 {
+CPUArchState *env = cpu->env_ptr;
+const bool new_mem = (len != sizeof(CPU_KSPECIAL_REGISTERS)
+   || offset != 0);
+CPU_KSPECIAL_REGISTERS *ckr;
+if (new_mem) {
+ckr = g_new(CPU_KSPECIAL_REGISTERS, 1);
+} else {
+ckr = (CPU_KSPECIAL_REGISTERS *) buf;
+}
+
+memset(ckr, 0, len);
+
+ckr->Cr0 = ldl_p(>cr[0]);
+ckr->Cr2 = ldl_p(>cr[2]);
+ckr->Cr3 = ldl_p(>cr[3]);
+ckr->Cr4 = ldl_p(>cr[4]);
+
+ckr->KernelDr0 = ldtul_p(>dr[0]);
+ckr->KernelDr1 = ldtul_p(>dr[1]);
+ckr->KernelDr2 = ldtul_p(>dr[2]);
+ckr->KernelDr3 = ldtul_p(>dr[3]);
+ckr->KernelDr6 = ldtul_p(>dr[6]);
+ckr->KernelDr7 = ldtul_p(>dr[7]);
+
+ckr->Gdtr.Pad = lduw_p(>gdt.selector);
+ckr->Idtr.Pad = lduw_p(>idt.selector);
+
+ckr->Gdtr.Limit = lduw_p(>gdt.limit);
+ckr->Gdtr.Base  = ldtul_p(>gdt.base);
+ckr->Idtr.Limit = lduw_p(>idt.limit);
+ckr->Idtr.Base  = ldtul_p(>idt.base);
+ckr->Tr = lduw_p(>tr.selector);
+ckr->Ldtr   = lduw_p(>ldt.selector);
+
+if (new_mem) {
+memcpy(buf, (uint8_t *) ckr + offset, len);
+g_free(ckr);
+}
 return 0;
 }