25902 – Bad LOADARGS_N

Bug 25902 - Bad LOADARGS_N

Summary: Bad LOADARGS_N

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	2.32

Importance:	P2 normal
Target Milestone:	2.32
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-30 22:42 UTC by H.J. Lu
Modified:	2020-07-31 09:13 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:	powerpc
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
A patch (783 bytes, patch) 2020-04-30 22:52 UTC, H.J. Lu	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description H.J. Lu 2020-04-30 22:42:58 UTC

The newly added sysdeps/unix/sysv/linux/prctl.c passes variadic arguments
to INLINE_SYSCALL_CALL.  But it doesn't work on PPC:

../sysdeps/unix/sysv/linux/prctl.c: In function ‘__prctl’:
../sysdeps/unix/sysv/linux/prctl.c:36:21: error: unused variable ‘arg5’ [-Werror=unused-variable]
   36 |   unsigned long int arg5 = va_arg (arg, unsigned long int);
      |                     ^~~~
../sysdeps/unix/sysv/linux/prctl.c:35:21: error: unused variable ‘arg4’ [-Werror=unused-variable]
   35 |   unsigned long int arg4 = va_arg (arg, unsigned long int);
      |                     ^~~~
../sysdeps/unix/sysv/linux/prctl.c:34:21: error: unused variable ‘arg3’ [-Werror=unused-variable]
   34 |   unsigned long int arg3 = va_arg (arg, unsigned long int);
      |                     ^~~~
../sysdeps/unix/sysv/linux/prctl.c:33:21: error: unused variable ‘arg2’ [-Werror=unused-variable]
   33 |   unsigned long int arg2 = va_arg (arg, unsigned long int);
      |                     ^~~~

Comment 1 H.J. Lu 2020-04-30 22:46:06 UTC

#define LOADARGS_5(name, __arg1, __arg2, __arg3, __arg4, __arg5) \
        long int arg5 = (long int) (__arg5); \
        LOADARGS_4(name, __arg1, __arg2, __arg3, __arg4); \
        extern void __illegally_sized_syscall_arg5 (void); \
        if (__builtin_classify_type (__arg5) != 5 \
            && sizeof (__arg5) > SYSCALL_ARG_SIZE) \
          __illegally_sized_syscall_arg5 (); \
        r7 = arg5

uses arg5.  But it is also function argument.

Comment 2 H.J. Lu 2020-04-30 22:52:01 UTC

Created attachment 12497 [details]
A patch

Comment 3 H.J. Lu 2020-05-07 12:32:39 UTC

Fixed for 2.32 and 2.30/2.31 branches.