[LLVMbugs] [Bug 22709] New: shadow stack not reserved for 64-bit ms_abi function pointer with optimization on
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Feb 26 07:14:40 PST 2015
http://llvm.org/bugs/show_bug.cgi?id=22709
Bug ID: 22709
Summary: shadow stack not reserved for 64-bit ms_abi function
pointer with optimization on
Product: clang
Version: 3.4
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: dlehman at esri.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Created attachment 13948
--> http://llvm.org/bugs/attachment.cgi?id=13948&action=edit
test case with instructions
a shadow stack is not reserved for a function pointer with the ms_abi attribute
on 64-bit when optimization is turned on. the function called then can
overwrite the caller's stack, causing a crash
test case is attached but is very simple:
typedef int (*__attribute__((ms_abi)) callback_t)(int);
int wrapper(callback_t cb, int arg)
{
return (*cb)(arg);
}
when compiled with 'clang case.c -O2 -c' the result is:
0000000000000000 <wrapper>:
0: 89 f1 mov %esi,%ecx <- correct register for ms_abi
2: ff e7 jmpq *%rdi <- but no 32-byte shadow stack
a stack is reserved if optimization is disabled:
0000000000000000 <wrapper>:
0: 55 push %rbp
1: 48 89 e5 mov %rsp,%rbp
4: 48 83 ec 30 sub $0x30,%rsp
8: 48 89 7d f8 mov %rdi,-0x8(%rbp)
c: 89 75 f4 mov %esi,-0xc(%rbp)
f: 48 8b 7d f8 mov -0x8(%rbp),%rdi
13: 8b 4d f4 mov -0xc(%rbp),%ecx
16: ff d7 callq *%rdi
18: 48 83 c4 30 add $0x30,%rsp
1c: 5d pop %rbp
1d: c3 retq
stack space is reserved for straight function calls. seems to be just an issue
for function pointers
found with 3.4.1 but also happens with 3.5.1
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150226/99f1931f/attachment.html>
More information about the llvm-bugs
mailing list