public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug backtrace/28721] New: Stack buffer overrun in i386_unwind_pc
@ 2021-12-24 13:35 jinoh.kang.kr at gmail dot com
2022-03-01 23:11 ` [Bug backtrace/28721] " tromey at sourceware dot org
2022-03-02 4:14 ` jinoh.kang.kr at gmail dot com
0 siblings, 2 replies; 3+ messages in thread
From: jinoh.kang.kr at gmail dot com @ 2021-12-24 13:35 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=28721
Bug ID: 28721
Summary: Stack buffer overrun in i386_unwind_pc
Product: gdb
Version: HEAD
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: backtrace
Assignee: unassigned at sourceware dot org
Reporter: jinoh.kang.kr at gmail dot com
Target Milestone: ---
Flags: security?
Created attachment 13876
--> https://sourceware.org/bugzilla/attachment.cgi?id=13876&action=edit
Sample program that triggers crash
i386_unwind_pc calls frame_unwind_register with a 8-byte buffer, which can
overrun if a wider register (e.g. [XYZ]MM registers) is specified as the return
address register.
An example debugging session that reproduces the crash:
$ gcc -o test gdb-unwind-pc-overrun.S # from attachment
$ gdb -q ./test
Reading symbols from ./test...
(No debugging symbols found in ./test)
(gdb) start
Temporary breakpoint 1 at 0x401106
Starting program: /home/user/trxu/test
Temporary breakpoint 1, 0x0000000000401106 in main ()
(gdb) stepi # (or bt)
*** stack smashing detected ***: terminated
Aborted (core dumped)
This bug should be trivial to fix: use frame_unwind_register_unsigned instead
(unless there are semantic differences between frame_unwind_register and
frame_unwind_register_unsigned that I missed).
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-02 4:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-24 13:35 [Bug backtrace/28721] New: Stack buffer overrun in i386_unwind_pc jinoh.kang.kr at gmail dot com
2022-03-01 23:11 ` [Bug backtrace/28721] " tromey at sourceware dot org
2022-03-02 4:14 ` jinoh.kang.kr at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).