KVM: emulate: avoid accessing NULL ctxt->memopp

A failure to decode the instruction can cause a NULL pointer access. This is fixed simply by moving the "done" label as close as possible to the return. This fixes CVE-2014-8481. Reported-by: Andy Lutomirski <luto@amacapital.net> Cc: stable@vger.kernel.org Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

KVM: emulate: avoid accessing NULL ctxt->memopp
A failure to decode the instruction can cause a NULL pointer access. This is fixed simply by moving the "done" label as close as possible to the return. This fixes CVE-2014-8481. Reported-by: Andy Lutomirski <luto@amacapital.net> Cc: stable@vger.kernel.org Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini
1 parent 08da44aedb
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
arch/x86/kvm/emulate.c
@@ -4580,10 +4580,10 @@
 	/* Decode and fetch the destination operand: register or memory. */
 	rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
  
-done:
 	if (ctxt->rip_relative)
 		ctxt->memopp->addr.mem.ea += ctxt->_eip;
  
+done:
 	return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
 }
...	...	@@ -4580,10 +4580,10 @@
4580	4580	/* Decode and fetch the destination operand: register or memory. */
4581	4581	rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
4582	4582
4583		-done:
4584	4583	if (ctxt->rip_relative)
4585	4584	ctxt->memopp->addr.mem.ea += ctxt->_eip;
4586	4585
	4586	+done:
4587	4587	return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
4588	4588	}
4589	4589