aboutsummaryrefslogtreecommitdiff
path: root/target-i386/translate.c
diff options
context:
space:
mode:
authoraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>2008-12-07 18:15:36 +0000
committeraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>2008-12-07 18:15:36 +0000
commit0b97134b2911d0e5d6789de70a3c70fab4dbde6e (patch)
treed9ee699e78b2befac88239d8becbeec16505c439 /target-i386/translate.c
parente8e880a72e63d0587f03aa670be3de683b881ca8 (diff)
target-i386: fix CVE-2007-1322
The icebp instruction can be abused to terminate the emulation, resulting in denial of service. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5921 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'target-i386/translate.c')
-rw-r--r--target-i386/translate.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 612811b028..423fca380d 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -6564,6 +6564,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
gen_jmp_im(pc_start - s->cs_base);
gen_helper_into(tcg_const_i32(s->pc - pc_start));
break;
+#ifdef WANT_ICEBP
case 0xf1: /* icebp (undocumented, exits to external debugger) */
gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
#if 1
@@ -6574,6 +6575,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
#endif
break;
+#endif
case 0xfa: /* cli */
if (!s->vm86) {
if (s->cpl <= s->iopl) {