[CRIU] [PATCH] x86, tls: read no more than saved TLS entries

[Dmitry Safonov]

  While writing this, I somehow managed to miss the check of
how many entries were saved in core image.
So it may dereference here bs.

Fixes: #228
Fixes: commit 6fde3b8c27db ("x86: restore TLS")

Cc: Andrei Vagin <avagin at virtuozzo.com>
Cc: Cyrill Gorcunov <gorcunov at openvz.org>
Reported-by: Andrei Vagin <avagin at virtuozzo.com>
Signed-off-by: Dmitry Safonov <dsafonov at virtuozzo.com>
---
 criu/arch/x86/include/asm/restore.h | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/criu/arch/x86/include/asm/restore.h b/criu/arch/x86/include/asm/restore.h
index c5aa7cdebf03..7959e686b552 100644
--- a/criu/arch/x86/include/asm/restore.h
+++ b/criu/arch/x86/include/asm/restore.h
@@ -31,12 +31,22 @@
 static inline void core_get_tls(CoreEntry *pcore, tls_t *ptls)
 {
 	ThreadInfoX86 *ti = pcore->thread_info;
-	int i;
+	size_t i;
 
 	for (i = 0; i < GDT_ENTRY_TLS_NUM; i++) {
 		user_desc_t *to = &ptls->desc[i];
-		UserDescT *from = ti->tls[i];
+		UserDescT *from;
 
+		/*
+		 * If proto image has lesser TLS entries,
+		 * mark them as not present (and thus skip restore).
+		 */
+		if (i >= ti->n_tls) {
+			to->seg_not_present = 1;
+			continue;
+		}
+
+		from = ti->tls[i];
 #define COPY_TLS(field) to->field = from->field
 		COPY_TLS(entry_number);
 		COPY_TLS(base_addr);
-- 
2.10.0