From patchwork Mon Sep 17 14:45:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Hayward X-Patchwork-Id: 29422 Received: (qmail 47134 invoked by alias); 17 Sep 2018 14:45:58 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 26600 invoked by uid 89); 17 Sep 2018 14:45:53 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.2 spammy=regno X-HELO: EUR03-VE1-obe.outbound.protection.outlook.com Received: from mail-eopbgr50045.outbound.protection.outlook.com (HELO EUR03-VE1-obe.outbound.protection.outlook.com) (40.107.5.45) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 17 Sep 2018 14:45:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q+LAD8PfQU8VUAIOCDgeNuS670IRXwzEEPFas/WjiY4=; b=lzXn8yl/jiMHyypG2ycLHU+PQP7dTLwE8oxoxn/wrf1mo2vvJi368bA3YUsUg99dNpp/gIK2W4r1Kyd3X0bjbia5sB9gYkuVoQ2gp4+MQZF+D7rtBlzvBS/onbOojaESfavxcnca3+n96kaXbsnnQzAVhGo5yLVqL0oE16VHgFY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Alan.Hayward@arm.com; Received: from C02TF0U7HF1T.manchester.arm.com (217.140.106.32) by DB6PR0802MB2133.eurprd08.prod.outlook.com (2603:10a6:4:83::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1143.18; Mon, 17 Sep 2018 14:45:48 +0000 From: Alan Hayward To: gdb-patches@sourceware.org Cc: nd@arm.com, Alan Hayward Subject: [PATCH] Aarch64 SVE: Fix stack smashing when calling functions Date: Mon, 17 Sep 2018 15:45:40 +0100 Message-Id: <20180917144540.78906-1-alan.hayward@arm.com> MIME-Version: 1.0 Return-Path: alan.hayward@arm.com Received-SPF: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-IsSubscribed: yes Using "call" on a function that passes arguments via float registers can cause gdb to overflow buffers. Ensure enough memory is reserved to hold a full FP register. 2018-09-17 Alan Hayward * aarch64-tdep.c (pass_in_v): Use register size. (aarch64_extract_return_value): Likewise. (aarch64_store_return_value): Likewise. --- gdb/aarch64-tdep.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c index 6993e9061e..516eb138dc 100644 --- a/gdb/aarch64-tdep.c +++ b/gdb/aarch64-tdep.c @@ -1358,7 +1358,10 @@ pass_in_v (struct gdbarch *gdbarch, if (info->nsrn < 8) { int regnum = AARCH64_V0_REGNUM + info->nsrn; - gdb_byte reg[V_REGISTER_SIZE]; + /* Enough space for a full vector register. */ + gdb_byte reg[register_size (gdbarch, regnum)]; + gdb_static_assert (AARCH64_V0_REGNUM == AARCH64_SVE_Z0_REGNUM); + gdb_assert (len <= sizeof (reg)); info->argnum++; info->nsrn++; @@ -1929,7 +1932,10 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs, for (int i = 0; i < elements; i++) { int regno = AARCH64_V0_REGNUM + i; - bfd_byte buf[V_REGISTER_SIZE]; + /* Enough space for a full vector register. */ + gdb_byte buf[register_size (gdbarch, regno)]; + gdb_static_assert (AARCH64_V0_REGNUM == AARCH64_SVE_Z0_REGNUM); + gdb_assert (len <= sizeof (buf)); if (aarch64_debug) { @@ -2039,7 +2045,10 @@ aarch64_store_return_value (struct type *type, struct regcache *regs, for (int i = 0; i < elements; i++) { int regno = AARCH64_V0_REGNUM + i; - bfd_byte tmpbuf[V_REGISTER_SIZE]; + /* Enough space for a full vector register. */ + gdb_byte tmpbuf[register_size (gdbarch, regno)]; + gdb_static_assert (AARCH64_V0_REGNUM == AARCH64_SVE_Z0_REGNUM); + gdb_assert (len <= sizeof (tmpbuf)); if (aarch64_debug) {