[PATCH OBV] Fix stack buffer overflow in aarch64_extract_return

public inbox for gdb-patches@sourceware.org
 help / color / mirror / Atom feed

* [PATCH OBV] Fix stack buffer overflow in aarch64_extract_return_value
@ 2015-11-16 15:33 Yao Qi
  2015-11-16 15:42 ` Simon Marchi
  0 siblings, 1 reply; 3+ messages in thread
From: Yao Qi @ 2015-11-16 15:33 UTC (permalink / raw)
  To: gdb-patches

Hi,
I build GDB with -fsanitize=address, and run testsuite.  In
gdb.base/callfuncs.exp, I see the following error,

p/c fun1()
=================================================================^M
==9601==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffee858530 at pc 0x6df079 bp 0x7fffee8583a0 sp 0x7fffee858398
WRITE of size 16 at 0x7fffee858530 thread T0
    #0 0x6df078 in regcache_raw_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:673
    #1 0x6dfe1e in regcache_cooked_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:751
    #2 0x4696a3 in aarch64_extract_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1708
    #3 0x46ae57 in aarch64_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1918

We are extracting return value from V registers (128 bit), but only
allocate X_REGISTER_SIZE-byte array, which isn't sufficient.  This
patch changes the array to V_REGISTER_SIZE.

It's ovbious.  I'll push it in.

gdb:

2015-11-16  Yao Qi  <yao.qi@linaro.org>

	* aarch64-tdep.c (aarch64_extract_return_value):  Change array
	buf's length to V_REGISTER_SIZE.
---
 gdb/aarch64-tdep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
index 4b82553..4fa555d 100644
--- a/gdb/aarch64-tdep.c
+++ b/gdb/aarch64-tdep.c
@@ -1630,7 +1630,7 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs,
       for (i = 0; i < elements; i++)
 	{
 	  int regno = AARCH64_V0_REGNUM + i;
-	  bfd_byte buf[X_REGISTER_SIZE];
+	  bfd_byte buf[V_REGISTER_SIZE];
 
 	  if (aarch64_debug)
 	    {
-- 
1.9.1

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH OBV] Fix stack buffer overflow in aarch64_extract_return_value
  2015-11-16 15:33 [PATCH OBV] Fix stack buffer overflow in aarch64_extract_return_value Yao Qi
@ 2015-11-16 15:42 ` Simon Marchi
  2015-11-16 16:44   ` Yao Qi
  0 siblings, 1 reply; 3+ messages in thread
From: Simon Marchi @ 2015-11-16 15:42 UTC (permalink / raw)
  To: Yao Qi, gdb-patches

On 15-11-16 10:33 AM, Yao Qi wrote:
> Hi,
> I build GDB with -fsanitize=address, and run testsuite.  In
> gdb.base/callfuncs.exp, I see the following error,
> 
> p/c fun1()
> =================================================================^M
> ==9601==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffee858530 at pc 0x6df079 bp 0x7fffee8583a0 sp 0x7fffee858398
> WRITE of size 16 at 0x7fffee858530 thread T0
>     #0 0x6df078 in regcache_raw_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:673
>     #1 0x6dfe1e in regcache_cooked_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:751
>     #2 0x4696a3 in aarch64_extract_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1708
>     #3 0x46ae57 in aarch64_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1918
> 
> We are extracting return value from V registers (128 bit), but only
> allocate X_REGISTER_SIZE-byte array, which isn't sufficient.  This
> patch changes the array to V_REGISTER_SIZE.
> 
> It's ovbious.  I'll push it in.
> 
> gdb:
> 
> 2015-11-16  Yao Qi  <yao.qi@linaro.org>
> 
> 	* aarch64-tdep.c (aarch64_extract_return_value):  Change array
> 	buf's length to V_REGISTER_SIZE.
> ---
>  gdb/aarch64-tdep.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
> index 4b82553..4fa555d 100644
> --- a/gdb/aarch64-tdep.c
> +++ b/gdb/aarch64-tdep.c
> @@ -1630,7 +1630,7 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs,
>        for (i = 0; i < elements; i++)
>  	{
>  	  int regno = AARCH64_V0_REGNUM + i;
> -	  bfd_byte buf[X_REGISTER_SIZE];
> +	  bfd_byte buf[V_REGISTER_SIZE];
>  
>  	  if (aarch64_debug)
>  	    {
> 

Hi Yao,

-fsanitize=address is awesome.  Do you think we could always run tests with it enabled on buildbot?

Simon

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH OBV] Fix stack buffer overflow in aarch64_extract_return_value
  2015-11-16 15:42 ` Simon Marchi
@ 2015-11-16 16:44   ` Yao Qi
  0 siblings, 0 replies; 3+ messages in thread
From: Yao Qi @ 2015-11-16 16:44 UTC (permalink / raw)
  To: Simon Marchi; +Cc: Yao Qi, gdb-patches

Simon Marchi <simon.marchi@ericsson.com> writes:

> Hi Yao,
>
> -fsanitize=address is awesome.  Do you think we could always run tests
> with it enabled on buildbot?

Yes, but we need to fix these existing errors found by
-fsanitize=address first.  I built GDB for aarch64-linux with
-fsanitize=address, and run tests.  There are still some errors to be
fixed, while most of them are not arch-specific.

-- 
Yao (齐尧)

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-11-16 16:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-16 15:33 [PATCH OBV] Fix stack buffer overflow in aarch64_extract_return_value Yao Qi
2015-11-16 15:42 ` Simon Marchi
2015-11-16 16:44   ` Yao Qi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).