public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/404] New: x86_64 makecontext use incorrect type to setup arguments
@ 2004-09-24 10:46 david dot simms at bea dot com
2004-09-24 10:57 ` [Bug libc/404] " roland at gnu dot org
0 siblings, 1 reply; 2+ messages in thread
From: david dot simms at bea dot com @ 2004-09-24 10:46 UTC (permalink / raw)
To: glibc-bugs
makecontext on x86_64 (sysdeps/unix/sysv/linux/x86_64/makecontext.c) setup of
arguments in the passing registers (type long int/64 bits) uses type int
(32-bits) to extract args, resulting incorrect pointer values (by widening) for
values over max int, ie:
ucp->uc_mcontext.gregs [REG_RDI] = va_arg (ap, int);
Results in corrupt pointers, e.g. the following example will crash:
#include <stdio.h>
#include <stdlib.h>
#include <ucontext.h>
#include <unistd.h>
#define DEFAULT_STKSZ (128*1024)
static int printRes = -1;
static int getPrintRes() { return printRes; }
static void printArgs(int argc, char **argv)
{
printf("Passed %d args\n", argc);
if (argc > 0) {
int i;
for (i=0;i<argc;i++)
printf("%d : [%s]\n", i, argv[i] );
}
printRes = 0;
}
static int callViaSwapCtx(int argc, char **argv)
{
ucontext_t orig_uc, new_uc;
char stk[DEFAULT_STKSZ];
if ( (getcontext(&new_uc) != 0))
return -1;
new_uc.uc_link = &orig_uc;
new_uc.uc_stack.ss_size = sizeof(stk);
new_uc.uc_stack.ss_sp = stk;
makecontext(&new_uc, (void (*)()) printArgs, 2, argc, argv);
swapcontext(&orig_uc, &new_uc);
return getPrintRes();
}
int main(int argc, char **argv)
{
return callViaSwapCtx(argc, argv);
}
--
Summary: x86_64 makecontext use incorrect type to setup arguments
Product: glibc
Version: 2.3.2
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: david dot simms at bea dot com
CC: glibc-bugs at sources dot redhat dot com
GCC target triplet: x86_64
http://sources.redhat.com/bugzilla/show_bug.cgi?id=404
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libc/404] x86_64 makecontext use incorrect type to setup arguments
2004-09-24 10:46 [Bug libc/404] New: x86_64 makecontext use incorrect type to setup arguments david dot simms at bea dot com
@ 2004-09-24 10:57 ` roland at gnu dot org
0 siblings, 0 replies; 2+ messages in thread
From: roland at gnu dot org @ 2004-09-24 10:57 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From roland at gnu dot org 2004-09-24 10:57 -------
The specification for makecontext says that the arguments will be of type int.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sources.redhat.com/bugzilla/show_bug.cgi?id=404
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-09-24 10:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-09-24 10:46 [Bug libc/404] New: x86_64 makecontext use incorrect type to setup arguments david dot simms at bea dot com
2004-09-24 10:57 ` [Bug libc/404] " roland at gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).