[OBV] Fix stack buffer overflow in aarch64_extract_return_value
Commit Message
Hi,
I build GDB with -fsanitize=address, and run testsuite. In
gdb.base/callfuncs.exp, I see the following error,
p/c fun1()
Comments
On 15-11-16 10:33 AM, Yao Qi wrote:
> Hi,
> I build GDB with -fsanitize=address, and run testsuite. In
> gdb.base/callfuncs.exp, I see the following error,
>
> p/c fun1()
> =================================================================^M
> ==9601==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffee858530 at pc 0x6df079 bp 0x7fffee8583a0 sp 0x7fffee858398
> WRITE of size 16 at 0x7fffee858530 thread T0
> #0 0x6df078 in regcache_raw_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:673
> #1 0x6dfe1e in regcache_cooked_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:751
> #2 0x4696a3 in aarch64_extract_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1708
> #3 0x46ae57 in aarch64_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1918
>
> We are extracting return value from V registers (128 bit), but only
> allocate X_REGISTER_SIZE-byte array, which isn't sufficient. This
> patch changes the array to V_REGISTER_SIZE.
>
> It's ovbious. I'll push it in.
>
> gdb:
>
> 2015-11-16 Yao Qi <yao.qi@linaro.org>
>
> * aarch64-tdep.c (aarch64_extract_return_value): Change array
> buf's length to V_REGISTER_SIZE.
> ---
> gdb/aarch64-tdep.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
> index 4b82553..4fa555d 100644
> --- a/gdb/aarch64-tdep.c
> +++ b/gdb/aarch64-tdep.c
> @@ -1630,7 +1630,7 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs,
> for (i = 0; i < elements; i++)
> {
> int regno = AARCH64_V0_REGNUM + i;
> - bfd_byte buf[X_REGISTER_SIZE];
> + bfd_byte buf[V_REGISTER_SIZE];
>
> if (aarch64_debug)
> {
>
Hi Yao,
-fsanitize=address is awesome. Do you think we could always run tests with it enabled on buildbot?
Simon
Simon Marchi <simon.marchi@ericsson.com> writes:
> Hi Yao,
>
> -fsanitize=address is awesome. Do you think we could always run tests
> with it enabled on buildbot?
Yes, but we need to fix these existing errors found by
-fsanitize=address first. I built GDB for aarch64-linux with
-fsanitize=address, and run tests. There are still some errors to be
fixed, while most of them are not arch-specific.
=================================================================^M
==9601==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffee858530 at pc 0x6df079 bp 0x7fffee8583a0 sp 0x7fffee858398
WRITE of size 16 at 0x7fffee858530 thread T0
#0 0x6df078 in regcache_raw_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:673
#1 0x6dfe1e in regcache_cooked_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:751
#2 0x4696a3 in aarch64_extract_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1708
#3 0x46ae57 in aarch64_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1918
We are extracting return value from V registers (128 bit), but only
allocate X_REGISTER_SIZE-byte array, which isn't sufficient. This
patch changes the array to V_REGISTER_SIZE.
It's ovbious. I'll push it in.
gdb:
2015-11-16 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (aarch64_extract_return_value): Change array
buf's length to V_REGISTER_SIZE.
---
gdb/aarch64-tdep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
@@ -1630,7 +1630,7 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs,
for (i = 0; i < elements; i++)
{
int regno = AARCH64_V0_REGNUM + i;
- bfd_byte buf[X_REGISTER_SIZE];
+ bfd_byte buf[V_REGISTER_SIZE];
if (aarch64_debug)
{