diff -r 3c2e7925bb93 tools/libxc/xc_load_elf.c
--- a/tools/libxc/xc_load_elf.c	Fri May 19 17:50:32 2006 +0100
+++ b/tools/libxc/xc_load_elf.c	Fri May 19 15:13:08 2006 -0400
@@ -211,7 +211,10 @@ loadelfimage(
     int h;
 
     char         *va;
-    unsigned long pa, done, chunksz;
+    unsigned long pa, done, chunksz = 0, nr_pages;
+
+    if ( (nr_pages = get_tot_pages(xch, dom)) < 0 )
+        return -1;
 
     for ( h = 0; h < ehdr->e_phnum; h++ )
     {
@@ -222,6 +225,8 @@ loadelfimage(
         for ( done = 0; done < phdr->p_filesz; done += chunksz )
         {
             pa = (phdr->p_paddr + done) - dsi->elf_paddr_offset;
+            if ( (pa>>PAGE_SHIFT) > (nr_pages-1) ) // Bounds check for parray
+                return -1;
             va = xc_map_foreign_range(
                 xch, dom, PAGE_SIZE, PROT_WRITE, parray[pa>>PAGE_SHIFT]);
             if ( va == NULL )
@@ -237,6 +242,8 @@ loadelfimage(
         for ( ; done < phdr->p_memsz; done += chunksz )
         {
             pa = (phdr->p_paddr + done) - dsi->elf_paddr_offset;
+            if ( (pa>>PAGE_SHIFT) > (nr_pages-1) ) // Bounds check for parray
+                return -1;
             va = xc_map_foreign_range(
                 xch, dom, PAGE_SIZE, PROT_WRITE, parray[pa>>PAGE_SHIFT]);
             if ( va == NULL )
diff -r 3c2e7925bb93 tools/libxc/xg_private.h
--- a/tools/libxc/xg_private.h	Fri May 19 17:50:32 2006 +0100
+++ b/tools/libxc/xg_private.h	Fri May 19 15:13:08 2006 -0400
@@ -23,6 +23,14 @@
 #define DECLARE_DOM0_OP dom0_op_t op = { 0 }
 #else
 #define DECLARE_DOM0_OP dom0_op_t op
+#endif
+
+#ifdef __ia64__
+extern long xc_get_max_pages(int xc_handle, uint32_t domid);
+#define get_tot_pages xc_get_max_pages
+#else
+extern long xc_get_tot_pages(int xc_handle, uint32_t domid);
+#define get_tot_pages xc_get_tot_pages
 #endif