This is the mail archive of the libffi-discuss@sourceware.org mailing list for the libffi project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: s390x ffi_closure_helper_SYSV

From: Richard Plangger <planrichi at gmail dot com>
To: libffi-discuss at sourceware dot org
Cc: Ulrich Weigand <uweigand at de dot ibm dot com>
Date: Tue, 22 Dec 2015 18:03:46 +0100
Subject: Re: s390x ffi_closure_helper_SYSV
Authentication-results: sourceware.org; auth=none
References: <20151221183930 dot 372366414 at oc7340732750 dot ibm dot com>

Hi,

>> The program pollutes a fairly large junk of memory below the frame
>> pointer and then calls back to a python function (from c).
>> Because the ret_buffer variable (in ffi_closure_helper_SYSV) is not
>> initialized properly, the returned value is not the same on s390x as it
>> is on e.g. x86.
> 
> The point is that if the user-callback were to fill in a full ffi_arg,
> then ret_buffer would be completely filled.  If ret_buffer isn't fully
> written, then that's a bug in the callback PyPy provides to libffi.

Because the return value (on s390x) contains contents from the stack, it
looked malicious to me.

>> `make` on my laptop (x86) returns without asserting, but
>> it does not on s390x. PPC was recently implemented on PyPy and there we
>> did also not hit this issue.
> 
> Is this on little-endian or big-endian PowerPC?

PyPy implements both.

Cheers,
Richard

References:
- Re: s390x ffi_closure_helper_SYSV
  - From: Ulrich Weigand

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]