This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/404] New: x86_64 makecontext use incorrect type to setup arguments


makecontext on x86_64 (sysdeps/unix/sysv/linux/x86_64/makecontext.c) setup of
arguments in the passing registers (type long int/64 bits) uses type int
(32-bits) to extract args, resulting incorrect pointer values (by widening) for
values over max int, ie:

ucp->uc_mcontext.gregs [REG_RDI] = va_arg (ap, int);

Results in corrupt pointers, e.g. the following example will crash:

#include <stdio.h>
#include <stdlib.h>
#include <ucontext.h>
#include <unistd.h>

#define DEFAULT_STKSZ  (128*1024)

static int printRes = -1;

static int getPrintRes() { return printRes; }

static void printArgs(int argc, char **argv)
{
      printf("Passed %d args\n", argc);
   if (argc > 0) {
      int i;

      for (i=0;i<argc;i++)
         printf("%d : [%s]\n", i, argv[i] );
   }
   
   printRes = 0;
}

static int callViaSwapCtx(int argc, char **argv)
{
   ucontext_t orig_uc, new_uc;
   char stk[DEFAULT_STKSZ];
   if ( (getcontext(&new_uc) != 0))
      return -1;

   new_uc.uc_link = &orig_uc;
   new_uc.uc_stack.ss_size = sizeof(stk);
   new_uc.uc_stack.ss_sp = stk;

   makecontext(&new_uc, (void (*)()) printArgs, 2, argc, argv);

   swapcontext(&orig_uc, &new_uc);
   return getPrintRes();
}

int main(int argc, char **argv)
{
   return callViaSwapCtx(argc, argv);
}

-- 
           Summary: x86_64 makecontext use incorrect type to setup arguments
           Product: glibc
           Version: 2.3.2
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: david dot simms at bea dot com
                CC: glibc-bugs at sources dot redhat dot com
GCC target triplet: x86_64


http://sources.redhat.com/bugzilla/show_bug.cgi?id=404

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]