diff options
| author | Sergei Trofimovich <slyfox@gentoo.org> | 2017-12-18 17:23:02 +0000 |
|---|---|---|
| committer | Joseph Myers <joseph@codesourcery.com> | 2017-12-18 17:23:02 +0000 |
| commit | 368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995 (patch) | |
| tree | 906e5f509e6c322750bbec6942fbfeac6ac09e3d /ChangeLog | |
| parent | c8e939f12a4fce3bb09a8c4818629ccf76c8658c (diff) | |
| download | glibc-368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995.zip glibc-368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995.tar.gz glibc-368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995.tar.bz2 | |
mips64: fix clobbering s0 in setjmp() [BZ #22624]
When configured as --enable-stack-protector=all glibc
inserts stack checking canary into every function
including __sigsetjmp_aux(). Stack checking code
ends up using s0 register to temporary hold address
of global canary value.
Unfortunately __sigsetjmp_aux assumes no caller' caller-save
registers should be clobbered as it stores them as-is.
The fix is to disable stack protection of __sigsetjmp_aux.
Tested on the following test:
#include <setjmp.h>
#include <stdio.h>
int main() {
jmp_buf jb;
volatile register long s0 asm ("$s0");
s0 = 1234;
if (setjmp(jb) == 0)
longjmp(jb, 1);
printf ("$s0 = %lu\n", s0);
}
Without the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1082346228
With the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1234
[BZ #22624]
* sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use
inhibit_stack_protector.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1,3 +1,9 @@ +2017-12-18 Sergei Trofimovich <slyfox@gentoo.org> + + [BZ #22624] + * sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use + inhibit_stack_protector. + 2017-12-18 Dmitry V. Levin <ldv@altlinux.org> [BZ #22627] |