This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/23467] New: x86/CET: A property note parser bug

From: "hjl.tools at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Mon, 30 Jul 2018 12:32:35 +0000
Subject: [Bug dynamic-link/23467] New: x86/CET: A property note parser bug
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=23467

            Bug ID: 23467
           Summary: x86/CET: A property note parser bug
           Product: glibc
           Version: 2.28
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: hjl.tools at gmail dot com
  Target Milestone: ---
            Target: i386,x86-64

There is a real bug in the note parser.  It doesn't check each item.   This
test should fail on CET SDV since IBT is on and endbr64 is missing
in foo.  But it passed:

[hjl@gnu-cet-1 bad-property-1]$ cat y.S
#include <cet.h>

    .text
    .globl    main
    .type    main, @function
main:
    .cfi_startproc
    endbr64
    subq    $8, %rsp
    .cfi_def_cfa_offset 16
    movq    $foo, %rdi
    call    *%rdi
    xorl    %eax, %eax
    addq    $8, %rsp
    .cfi_def_cfa_offset 8
    ret
    .cfi_endproc
    .size    main, .-main
    .p2align 4,,15
    .type    foo, @function
foo:
    .cfi_startproc
    ret
    .cfi_endproc
    .size    foo, .-foo

#if __SIZEOF_PTRDIFF_T__  == 8
# define ALIGN 3
#elif __SIZEOF_PTRDIFF_T__  == 4
# define ALIGN 2
#endif

    .section ".note.gnu.property", "a"
    .p2align ALIGN

    .long 1f - 0f        /* name length */
    .long 5f - 2f        /* data length */
    .long 5            /* note type */
0:    .asciz "GNU"        /* vendor name */
1:
    .p2align ALIGN
2:
    .long 1            /* pr_type.  */
    .long 4f - 3f    /* pr_datasz.  */
3:
    .long 0x800
    .long 0x800
4:
    .p2align ALIGN
5:

    .section    .note.GNU-stack,"",@progbits
[hjl@gnu-cet-1 bad-property-1]$ make y
gcc -fcf-protection    -c -o y.o y.S
gcc -fcf-protection -g -o y y.o
[hjl@gnu-cet-1 build-x86_64-linux]$
../../glibc-cet-O3/build-x86_64-linux/elf/ld.so --library-path .
~/bugs/libc/bad-property-1/y
[hjl@gnu-cet-1 build-x86_64-linux]$

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug dynamic-link/23467] x86/CET: A property note parser bug
  - From: hjl.tools at gmail dot com
- [Bug dynamic-link/23467] x86/CET: A property note parser bug
  - From: cvs-commit at gcc dot gnu.org
- [Bug dynamic-link/23467] x86/CET: A property note parser bug
  - From: hjl.tools at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]