Re: [PATCH v2] Fix stack smashing when handling PR_GET_PDEATHSIG
Le 07/05/2020 à 15:03, Stephen Long a écrit : > The bug was triggered by the following code on aarch64-linux-user: > > #include > #include > > int main(void) > { > int PDeathSig = 0; > if (prctl(PR_GET_PDEATHSIG, ) == 0 && PDeathSig == SIGKILL) > prctl(PR_GET_PDEATHSIG, 0); > return (PDeathSig == SIGKILL); > } > > Signed-off-by: Stephen Long > Signed-off-by: Ana Pazos > --- > > I fixed the incorrect subject line. PR_GETDEATHSIG should be PR_GET_PDEATHSIG. > Is there a test folder where I can include the code that triggered the bug? > Also, I thought "int" can be 2 bytes on some machines. > > linux-user/syscall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 05f03919ff..91f91147ba 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -10256,7 +10256,7 @@ static abi_long do_syscall1(void *cpu_env, int num, > abi_long arg1, > int deathsig; > ret = get_errno(prctl(arg1, , arg3, arg4, arg5)); > if (!is_error(ret) && arg2 > -&& put_user_ual(deathsig, arg2)) { > +&& put_user_s32(deathsig, arg2)) { > return -TARGET_EFAULT; > } > return ret; > Reviewed-by: Laurent Vivier
Re: [PATCH v2] Fix stack smashing when handling PR_GET_PDEATHSIG
Le 07/05/2020 à 15:03, Stephen Long a écrit : > The bug was triggered by the following code on aarch64-linux-user: > > #include > #include > > int main(void) > { > int PDeathSig = 0; > if (prctl(PR_GET_PDEATHSIG, ) == 0 && PDeathSig == SIGKILL) > prctl(PR_GET_PDEATHSIG, 0); > return (PDeathSig == SIGKILL); > } > > Signed-off-by: Stephen Long > Signed-off-by: Ana Pazos > --- > > I fixed the incorrect subject line. PR_GETDEATHSIG should be PR_GET_PDEATHSIG. > Is there a test folder where I can include the code that triggered the bug? Perhaps Alex Bennée knows? > Also, I thought "int" can be 2 bytes on some machines. According to my K, 4th edition, it could be on 16bit systems, like PDP-11, but we don't support them ;) Reviewed-by: Laurent Vivier > > linux-user/syscall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 05f03919ff..91f91147ba 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -10256,7 +10256,7 @@ static abi_long do_syscall1(void *cpu_env, int num, > abi_long arg1, > int deathsig; > ret = get_errno(prctl(arg1, , arg3, arg4, arg5)); > if (!is_error(ret) && arg2 > -&& put_user_ual(deathsig, arg2)) { > +&& put_user_s32(deathsig, arg2)) { > return -TARGET_EFAULT; > } > return ret; >
[PATCH v2] Fix stack smashing when handling PR_GET_PDEATHSIG
The bug was triggered by the following code on aarch64-linux-user: #include #include int main(void) { int PDeathSig = 0; if (prctl(PR_GET_PDEATHSIG, ) == 0 && PDeathSig == SIGKILL) prctl(PR_GET_PDEATHSIG, 0); return (PDeathSig == SIGKILL); } Signed-off-by: Stephen Long Signed-off-by: Ana Pazos --- I fixed the incorrect subject line. PR_GETDEATHSIG should be PR_GET_PDEATHSIG. Is there a test folder where I can include the code that triggered the bug? Also, I thought "int" can be 2 bytes on some machines. linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 05f03919ff..91f91147ba 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10256,7 +10256,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, int deathsig; ret = get_errno(prctl(arg1, , arg3, arg4, arg5)); if (!is_error(ret) && arg2 -&& put_user_ual(deathsig, arg2)) { +&& put_user_s32(deathsig, arg2)) { return -TARGET_EFAULT; } return ret; -- 2.17.1