diff options
| author | Yao Qi <yao.qi@linaro.org> | 2015-11-16 14:44:19 +0000 |
|---|---|---|
| committer | Yao Qi <yao.qi@linaro.org> | 2015-11-16 14:44:19 +0000 |
| commit | ef9bd0b8d7d0a70f9fa9b239a03099c57eb5ceea (patch) | |
| tree | 3fe35ba8638a395976bddeaf7694ec40a1b88a60 /gdb/language.h | |
| parent | 3940d2c36abbf7c4701e312bd76f6bb119898c8a (diff) | |
| download | gdb-ef9bd0b8d7d0a70f9fa9b239a03099c57eb5ceea.zip gdb-ef9bd0b8d7d0a70f9fa9b239a03099c57eb5ceea.tar.gz gdb-ef9bd0b8d7d0a70f9fa9b239a03099c57eb5ceea.tar.bz2 | |
Fix bug in arm_push_dummy_call by -fsanitize=address
When I build GDB with -fsanitize=address, and run testsuite,
some gdb.base/*.exp test triggers the ERROR below,
=================================================================
==7646==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000242810 at pc 0x487844 bp 0x7fffe32e84e0 sp 0x7fffe32e84d8
READ of size 4 at 0x603000242810 thread T0
#0 0x487843 in push_stack_item /home/yao/SourceCode/gnu/gdb/git/gdb/arm-tdep.c:3405
#1 0x48998a in arm_push_dummy_call /home/yao/SourceCode/gnu/gdb/git/gdb/arm-tdep.c:3960
In that path, GDB passes value on stack, in an INT_REGISTER_SIZE slot,
but the value contents' length can be less than INT_REGISTER_SIZE, so
the contents will be accessed out of the bound. This patch adds an
array buf[INT_REGISTER_SIZE], and copy val to buf before writing them
to stack.
gdb:
2015-11-16 Yao Qi <yao.qi@linaro.org>
* arm-tdep.c (arm_push_dummy_call): New array buf. Store regval
to buf. Pass buf instead of val to push_stack_item.
Diffstat (limited to 'gdb/language.h')
0 files changed, 0 insertions, 0 deletions