This is the mail archive of the gdb-testers@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[binutils-gdb] Fix bug in arm_push_dummy_call by -fsanitize=address


*** TEST RESULTS FOR COMMIT ef9bd0b8d7d0a70f9fa9b239a03099c57eb5ceea ***

Author: Yao Qi <yao.qi@linaro.org>
Branch: master
Commit: ef9bd0b8d7d0a70f9fa9b239a03099c57eb5ceea

Fix bug in arm_push_dummy_call by -fsanitize=address

When I build GDB with -fsanitize=address, and run testsuite,
some gdb.base/*.exp test triggers the ERROR below,

=================================================================
==7646==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000242810 at pc 0x487844 bp 0x7fffe32e84e0 sp 0x7fffe32e84d8
READ of size 4 at 0x603000242810 thread T0
    #0 0x487843 in push_stack_item /home/yao/SourceCode/gnu/gdb/git/gdb/arm-tdep.c:3405
    #1 0x48998a in arm_push_dummy_call /home/yao/SourceCode/gnu/gdb/git/gdb/arm-tdep.c:3960

In that path, GDB passes value on stack, in an INT_REGISTER_SIZE slot,
but the value contents' length can be less than INT_REGISTER_SIZE, so
the contents will be accessed out of the bound.  This patch adds an
array buf[INT_REGISTER_SIZE], and copy val to buf before writing them
to stack.

gdb:

2015-11-16  Yao Qi  <yao.qi@linaro.org>

	* arm-tdep.c (arm_push_dummy_call): New array buf.  Store regval
	to buf.  Pass buf instead of val to push_stack_item.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]