This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[PATCH] Aarch64 SVE: Fix stack smashing when calling functions
- From: Alan Hayward <alan dot hayward at arm dot com>
- To: gdb-patches at sourceware dot org
- Cc: nd at arm dot com, Alan Hayward <alan dot hayward at arm dot com>
- Date: Mon, 17 Sep 2018 15:45:40 +0100
- Subject: [PATCH] Aarch64 SVE: Fix stack smashing when calling functions
Using "call" on a function that passes arguments via float registers can cause
gdb to overflow buffers.
Ensure enough memory is reserved to hold a full FP register.
2018-09-17 Alan Hayward <alan.hayward@arm.com>
* aarch64-tdep.c (pass_in_v): Use register size.
(aarch64_extract_return_value): Likewise.
(aarch64_store_return_value): Likewise.
---
gdb/aarch64-tdep.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
index 6993e9061e..516eb138dc 100644
--- a/gdb/aarch64-tdep.c
+++ b/gdb/aarch64-tdep.c
@@ -1358,7 +1358,10 @@ pass_in_v (struct gdbarch *gdbarch,
if (info->nsrn < 8)
{
int regnum = AARCH64_V0_REGNUM + info->nsrn;
- gdb_byte reg[V_REGISTER_SIZE];
+ /* Enough space for a full vector register. */
+ gdb_byte reg[register_size (gdbarch, regnum)];
+ gdb_static_assert (AARCH64_V0_REGNUM == AARCH64_SVE_Z0_REGNUM);
+ gdb_assert (len <= sizeof (reg));
info->argnum++;
info->nsrn++;
@@ -1929,7 +1932,10 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs,
for (int i = 0; i < elements; i++)
{
int regno = AARCH64_V0_REGNUM + i;
- bfd_byte buf[V_REGISTER_SIZE];
+ /* Enough space for a full vector register. */
+ gdb_byte buf[register_size (gdbarch, regno)];
+ gdb_static_assert (AARCH64_V0_REGNUM == AARCH64_SVE_Z0_REGNUM);
+ gdb_assert (len <= sizeof (buf));
if (aarch64_debug)
{
@@ -2039,7 +2045,10 @@ aarch64_store_return_value (struct type *type, struct regcache *regs,
for (int i = 0; i < elements; i++)
{
int regno = AARCH64_V0_REGNUM + i;
- bfd_byte tmpbuf[V_REGISTER_SIZE];
+ /* Enough space for a full vector register. */
+ gdb_byte tmpbuf[register_size (gdbarch, regno)];
+ gdb_static_assert (AARCH64_V0_REGNUM == AARCH64_SVE_Z0_REGNUM);
+ gdb_assert (len <= sizeof (tmpbuf));
if (aarch64_debug)
{
--
2.15.2 (Apple Git-101.1)