diff options
| author | Alan Hayward <alan.hayward@arm.com> | 2018-09-17 15:28:53 +0100 |
|---|---|---|
| committer | Alan Hayward <alan.hayward@arm.com> | 2018-09-18 16:24:27 +0100 |
| commit | 3ff2c72e14b7f4381c785ee35608c2812ef8610e (patch) | |
| tree | f9f978802847e68cc33764440064e77ffced2d6f | |
| parent | af81c43b51e17c597c8eb5bfaa02fa7f5f6dbe72 (diff) | |
| download | gdb-3ff2c72e14b7f4381c785ee35608c2812ef8610e.zip gdb-3ff2c72e14b7f4381c785ee35608c2812ef8610e.tar.gz gdb-3ff2c72e14b7f4381c785ee35608c2812ef8610e.tar.bz2 | |
Aarch64 SVE: Fix stack smashing when calling functions
Using "call" on a function that passes arguments via float registers can cause
gdb to overflow buffers.
Ensure enough memory is reserved to hold a full FP register.
This fixes gdb.base/callfuncs.exp for Aarch64 SVE.
2018-09-18 Alan Hayward <alan.hayward@arm.com>
* aarch64-tdep.c (pass_in_v): Use register size.
(aarch64_extract_return_value): Likewise.
(aarch64_store_return_value): Likewise.
| -rw-r--r-- | gdb/ChangeLog | 6 | ||||
| -rw-r--r-- | gdb/aarch64-tdep.c | 12 |
2 files changed, 15 insertions, 3 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index ddd2782..790cd3b 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,9 @@ +2018-09-18 Alan Hayward <alan.hayward@arm.com> + + * aarch64-tdep.c (pass_in_v): Use register size. + (aarch64_extract_return_value): Likewise. + (aarch64_store_return_value): Likewise. + 2018-09-18 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE> * utils.c (dump_core) [HAVE_SETRLIMIT]: Cast RLIM_INFINITY to diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c index d2e6ac6..90b6deb 100644 --- a/gdb/aarch64-tdep.c +++ b/gdb/aarch64-tdep.c @@ -1366,7 +1366,9 @@ pass_in_v (struct gdbarch *gdbarch, if (info->nsrn < 8) { int regnum = AARCH64_V0_REGNUM + info->nsrn; - gdb_byte reg[V_REGISTER_SIZE]; + /* Enough space for a full vector register. */ + gdb_byte reg[register_size (gdbarch, regnum)]; + gdb_assert (len <= sizeof (reg)); info->argnum++; info->nsrn++; @@ -1937,7 +1939,9 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs, for (int i = 0; i < elements; i++) { int regno = AARCH64_V0_REGNUM + i; - bfd_byte buf[V_REGISTER_SIZE]; + /* Enough space for a full vector register. */ + gdb_byte buf[register_size (gdbarch, regno)]; + gdb_assert (len <= sizeof (buf)); if (aarch64_debug) { @@ -2047,7 +2051,9 @@ aarch64_store_return_value (struct type *type, struct regcache *regs, for (int i = 0; i < elements; i++) { int regno = AARCH64_V0_REGNUM + i; - bfd_byte tmpbuf[V_REGISTER_SIZE]; + /* Enough space for a full vector register. */ + gdb_byte tmpbuf[register_size (gdbarch, regno)]; + gdb_assert (len <= sizeof (tmpbuf)); if (aarch64_debug) { |