This is the mail archive of the
libffi-discuss@sourceware.org
mailing list for the libffi project.
Re: s390x ffi_closure_helper_SYSV
- From: Richard Plangger <planrichi at gmail dot com>
- To: libffi-discuss at sourceware dot org
- Cc: Ulrich Weigand <uweigand at de dot ibm dot com>
- Date: Tue, 22 Dec 2015 18:03:46 +0100
- Subject: Re: s390x ffi_closure_helper_SYSV
- Authentication-results: sourceware.org; auth=none
- References: <20151221183930 dot 372366414 at oc7340732750 dot ibm dot com>
Hi,
>> The program pollutes a fairly large junk of memory below the frame
>> pointer and then calls back to a python function (from c).
>> Because the ret_buffer variable (in ffi_closure_helper_SYSV) is not
>> initialized properly, the returned value is not the same on s390x as it
>> is on e.g. x86.
>
> The point is that if the user-callback were to fill in a full ffi_arg,
> then ret_buffer would be completely filled. If ret_buffer isn't fully
> written, then that's a bug in the callback PyPy provides to libffi.
Because the return value (on s390x) contains contents from the stack, it
looked malicious to me.
>> `make` on my laptop (x86) returns without asserting, but
>> it does not on s390x. PPC was recently implemented on PyPy and there we
>> did also not hit this issue.
>
> Is this on little-endian or big-endian PowerPC?
PyPy implements both.
Cheers,
Richard