This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/404] New: x86_64 makecontext use incorrect type to setup arguments
- From: "david dot simms at bea dot com" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 24 Sep 2004 10:46:58 -0000
- Subject: [Bug libc/404] New: x86_64 makecontext use incorrect type to setup arguments
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
makecontext on x86_64 (sysdeps/unix/sysv/linux/x86_64/makecontext.c) setup of
arguments in the passing registers (type long int/64 bits) uses type int
(32-bits) to extract args, resulting incorrect pointer values (by widening) for
values over max int, ie:
ucp->uc_mcontext.gregs [REG_RDI] = va_arg (ap, int);
Results in corrupt pointers, e.g. the following example will crash:
#include <stdio.h>
#include <stdlib.h>
#include <ucontext.h>
#include <unistd.h>
#define DEFAULT_STKSZ (128*1024)
static int printRes = -1;
static int getPrintRes() { return printRes; }
static void printArgs(int argc, char **argv)
{
printf("Passed %d args\n", argc);
if (argc > 0) {
int i;
for (i=0;i<argc;i++)
printf("%d : [%s]\n", i, argv[i] );
}
printRes = 0;
}
static int callViaSwapCtx(int argc, char **argv)
{
ucontext_t orig_uc, new_uc;
char stk[DEFAULT_STKSZ];
if ( (getcontext(&new_uc) != 0))
return -1;
new_uc.uc_link = &orig_uc;
new_uc.uc_stack.ss_size = sizeof(stk);
new_uc.uc_stack.ss_sp = stk;
makecontext(&new_uc, (void (*)()) printArgs, 2, argc, argv);
swapcontext(&orig_uc, &new_uc);
return getPrintRes();
}
int main(int argc, char **argv)
{
return callViaSwapCtx(argc, argv);
}
--
Summary: x86_64 makecontext use incorrect type to setup arguments
Product: glibc
Version: 2.3.2
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: david dot simms at bea dot com
CC: glibc-bugs at sources dot redhat dot com
GCC target triplet: x86_64
http://sources.redhat.com/bugzilla/show_bug.cgi?id=404
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.