This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] AIX: Fix buffer overflow in fill_fprs


The callers of fill_fprs expect the first floating point register to be
written to vals[0], but it's currently written to
vals[tdep->ppc_fp0_regnum] which can cause GDB to segfault as the
caller's buffer overflows.

2012-03-08  Chris January  <chris.january@allinea.com>

	* aix-thread.c (fill_sprs): Store the floating point registers at the
correct offsets into vals.
---
diff --git a/gdb/aix-thread.c b/gdb/aix-thread.c
index 0a9fae3..0c697f7 100644
--- a/gdb/aix-thread.c
+++ b/gdb/aix-thread.c
@@ -1356,7 +1356,8 @@ fill_fprs (const struct regcache *regcache, double
*vals)
        regno < tdep->ppc_fp0_regnum + ppc_num_fprs;
        regno++)
     if (REG_VALID == regcache_register_status (regcache, regno))
-      regcache_raw_collect (regcache, regno, vals + regno);
+      regcache_raw_collect (regcache, regno,
+			    vals + regno - tdep->ppc_fp0_regnum);
 }
 
 /* Store the special registers into the specified 64-bit and 32-bit



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]