This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/23467] New: x86/CET: A property note parser bug
- From: "hjl.tools at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 30 Jul 2018 12:32:35 +0000
- Subject: [Bug dynamic-link/23467] New: x86/CET: A property note parser bug
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=23467
Bug ID: 23467
Summary: x86/CET: A property note parser bug
Product: glibc
Version: 2.28
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
Target: i386,x86-64
There is a real bug in the note parser. It doesn't check each item. This
test should fail on CET SDV since IBT is on and endbr64 is missing
in foo. But it passed:
[hjl@gnu-cet-1 bad-property-1]$ cat y.S
#include <cet.h>
.text
.globl main
.type main, @function
main:
.cfi_startproc
endbr64
subq $8, %rsp
.cfi_def_cfa_offset 16
movq $foo, %rdi
call *%rdi
xorl %eax, %eax
addq $8, %rsp
.cfi_def_cfa_offset 8
ret
.cfi_endproc
.size main, .-main
.p2align 4,,15
.type foo, @function
foo:
.cfi_startproc
ret
.cfi_endproc
.size foo, .-foo
#if __SIZEOF_PTRDIFF_T__ == 8
# define ALIGN 3
#elif __SIZEOF_PTRDIFF_T__ == 4
# define ALIGN 2
#endif
.section ".note.gnu.property", "a"
.p2align ALIGN
.long 1f - 0f /* name length */
.long 5f - 2f /* data length */
.long 5 /* note type */
0: .asciz "GNU" /* vendor name */
1:
.p2align ALIGN
2:
.long 1 /* pr_type. */
.long 4f - 3f /* pr_datasz. */
3:
.long 0x800
.long 0x800
4:
.p2align ALIGN
5:
.section .note.GNU-stack,"",@progbits
[hjl@gnu-cet-1 bad-property-1]$ make y
gcc -fcf-protection -c -o y.o y.S
gcc -fcf-protection -g -o y y.o
[hjl@gnu-cet-1 build-x86_64-linux]$
../../glibc-cet-O3/build-x86_64-linux/elf/ld.so --library-path .
~/bugs/libc/bad-property-1/y
[hjl@gnu-cet-1 build-x86_64-linux]$
--
You are receiving this mail because:
You are on the CC list for the bug.