Module Name: src Committed By: chs Date: Mon Nov 14 01:27:42 UTC 2011
Modified Files: src/lib/libpuffs: puffs.c Log Message: fix crashes caused by using the results of getcontext() after the caller returns. To generate a diff of this commit: cvs rdiff -u -r1.116 -r1.117 src/lib/libpuffs/puffs.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libpuffs/puffs.c diff -u src/lib/libpuffs/puffs.c:1.116 src/lib/libpuffs/puffs.c:1.117 --- src/lib/libpuffs/puffs.c:1.116 Tue May 3 13:16:47 2011 +++ src/lib/libpuffs/puffs.c Mon Nov 14 01:27:42 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: puffs.c,v 1.116 2011/05/03 13:16:47 manu Exp $ */ +/* $NetBSD: puffs.c,v 1.117 2011/11/14 01:27:42 chs Exp $ */ /* * Copyright (c) 2005, 2006, 2007 Antti Kantee. All Rights Reserved. @@ -31,7 +31,7 @@ #include <sys/cdefs.h> #if !defined(lint) -__RCSID("$NetBSD: puffs.c,v 1.116 2011/05/03 13:16:47 manu Exp $"); +__RCSID("$NetBSD: puffs.c,v 1.117 2011/11/14 01:27:42 chs Exp $"); #endif /* !lint */ #include <sys/param.h> @@ -993,9 +993,30 @@ puffs_mainloop(struct puffs_usermount *p if (puffs__cc_create(pu, puffs__theloop, &pcc) == -1) { goto out; } + +#if 0 if (puffs__cc_savemain(pu) == -1) { goto out; } +#else + /* + * XXX + * puffs__cc_savemain() uses getcontext() and then returns. + * the caller (this function) may overwrite the stack frame + * of puffs__cc_savemain(), so when we call setcontext() later and + * return from puffs__cc_savemain() again, the return address or + * saved stack pointer can be garbage. + * avoid this by calling getcontext() directly here. + */ + extern int puffs_fakecc; + if (!puffs_fakecc) { + PU_CLRSFLAG(pu, PU_MAINRESTORE); + if (getcontext(&pu->pu_mainctx) == -1) { + goto out; + } + } +#endif + if ((pu->pu_state & PU_MAINRESTORE) == 0) puffs_cc_continue(pcc);