Re: [PATCH v2] Fix stack smashing when handling PR_GET_PDEATHSIG
Le 07/05/2020 à 15:03, Stephen Long a écrit :
> The bug was triggered by the following code on aarch64-linux-user:
>
> #include
> #include
>
> int main(void)
> {
> int PDeathSig = 0;
> if (prctl(PR_GET_PDEATHSIG, ) == 0 && PDeathSig == SIGKILL)
> prctl(PR_GET_PDEATHSIG, 0);
> return (PDeathSig == SIGKILL);
> }
>
> Signed-off-by: Stephen Long
> Signed-off-by: Ana Pazos
> ---
>
> I fixed the incorrect subject line. PR_GETDEATHSIG should be PR_GET_PDEATHSIG.
> Is there a test folder where I can include the code that triggered the bug?
> Also, I thought "int" can be 2 bytes on some machines.
>
> linux-user/syscall.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 05f03919ff..91f91147ba 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -10256,7 +10256,7 @@ static abi_long do_syscall1(void *cpu_env, int num,
> abi_long arg1,
> int deathsig;
> ret = get_errno(prctl(arg1, , arg3, arg4, arg5));
> if (!is_error(ret) && arg2
> -&& put_user_ual(deathsig, arg2)) {
> +&& put_user_s32(deathsig, arg2)) {
> return -TARGET_EFAULT;
> }
> return ret;
>
Reviewed-by: Laurent Vivier
Re: [PATCH v2] Fix stack smashing when handling PR_GET_PDEATHSIG
Le 07/05/2020 à 15:03, Stephen Long a écrit :
> The bug was triggered by the following code on aarch64-linux-user:
>
> #include
> #include
>
> int main(void)
> {
> int PDeathSig = 0;
> if (prctl(PR_GET_PDEATHSIG, ) == 0 && PDeathSig == SIGKILL)
> prctl(PR_GET_PDEATHSIG, 0);
> return (PDeathSig == SIGKILL);
> }
>
> Signed-off-by: Stephen Long
> Signed-off-by: Ana Pazos
> ---
>
> I fixed the incorrect subject line. PR_GETDEATHSIG should be PR_GET_PDEATHSIG.
> Is there a test folder where I can include the code that triggered the bug?
Perhaps Alex Bennée knows?
> Also, I thought "int" can be 2 bytes on some machines.
According to my K, 4th edition, it could be on 16bit systems, like
PDP-11, but we don't support them ;)
Reviewed-by: Laurent Vivier
>
> linux-user/syscall.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 05f03919ff..91f91147ba 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -10256,7 +10256,7 @@ static abi_long do_syscall1(void *cpu_env, int num,
> abi_long arg1,
> int deathsig;
> ret = get_errno(prctl(arg1, , arg3, arg4, arg5));
> if (!is_error(ret) && arg2
> -&& put_user_ual(deathsig, arg2)) {
> +&& put_user_s32(deathsig, arg2)) {
> return -TARGET_EFAULT;
> }
> return ret;
>
[PATCH v2] Fix stack smashing when handling PR_GET_PDEATHSIG
The bug was triggered by the following code on aarch64-linux-user:
#include
#include
int main(void)
{
int PDeathSig = 0;
if (prctl(PR_GET_PDEATHSIG, ) == 0 && PDeathSig == SIGKILL)
prctl(PR_GET_PDEATHSIG, 0);
return (PDeathSig == SIGKILL);
}
Signed-off-by: Stephen Long
Signed-off-by: Ana Pazos
---
I fixed the incorrect subject line. PR_GETDEATHSIG should be PR_GET_PDEATHSIG.
Is there a test folder where I can include the code that triggered the bug?
Also, I thought "int" can be 2 bytes on some machines.
linux-user/syscall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 05f03919ff..91f91147ba 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -10256,7 +10256,7 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
int deathsig;
ret = get_errno(prctl(arg1, , arg3, arg4, arg5));
if (!is_error(ret) && arg2
-&& put_user_ual(deathsig, arg2)) {
+&& put_user_s32(deathsig, arg2)) {
return -TARGET_EFAULT;
}
return ret;
--
2.17.1
