This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/21269] i386 sigaction sa_restorer handling is wrong
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 20 Mar 2017 16:05:03 +0000
- Subject: [Bug dynamic-link/21269] i386 sigaction sa_restorer handling is wrong
- Auto-submitted: auto-generated
- References: <bug-21269-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=21269
--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Andy Lutomirski from comment #2)
> (In reply to Florian Weimer from comment #1)
> > I think I'll take your word for this. This seems an
>
> ?
Sorry, meant to write: This seems an actual problem we should fix.
> The most straightforward reproducer I can think of is to set up a struct
> user_desc that's all zeros except entry_number = -1, limit = 0xfffff,
> seg_32bit = 1, and limit_in_pages = 1. Call set_thread_area(2) on it. Set
> up a handler for SIGTRAP -- details don't really matter.
>
> Then do (intentionally not valid C so you can't copy it):
>
> mov [(entry_number << 3) | 3], %ss
> int3
>
> A successful test will run the signal handler. A failed test will segfault.
Okay, I'll try to turn this into an actual test case.
Any suggestions how to block the vDSO mapping? I assume that's needed as well
before the bug can trigger.
--
You are receiving this mail because:
You are on the CC list for the bug.