[compiler-rt] r210349 - tsan: fix out-of-bounds access in Go runtime

Dmitry Vyukov dvyukov at google.com
Fri Jun 6 08:56:09 PDT 2014


Author: dvyukov
Date: Fri Jun  6 10:56:08 2014
New Revision: 210349

URL: http://llvm.org/viewvc/llvm-project?rev=210349&view=rev
Log:
tsan: fix out-of-bounds access in Go runtime
FuncEntry can resize the shadow stack, while "thr->shadow_stack_pos[0] = pc" writes out-of-bounds.


Modified:
    compiler-rt/trunk/lib/tsan/rtl/tsan_rtl.cc

Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_rtl.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_rtl.cc?rev=210349&r1=210348&r2=210349&view=diff
==============================================================================
--- compiler-rt/trunk/lib/tsan/rtl/tsan_rtl.cc (original)
+++ compiler-rt/trunk/lib/tsan/rtl/tsan_rtl.cc Fri Jun  6 10:56:08 2014
@@ -423,13 +423,11 @@ void ForkChildAfter(ThreadState *thr, up
 u32 CurrentStackId(ThreadState *thr, uptr pc) {
   if (thr->shadow_stack_pos == 0)  // May happen during bootstrap.
     return 0;
-  if (pc) {
-    thr->shadow_stack_pos[0] = pc;
-    thr->shadow_stack_pos++;
-  }
+  if (pc != 0)
+    FuncEntry(thr, pc);  // can resize the shadow stack
   u32 id = StackDepotPut(thr->shadow_stack,
                          thr->shadow_stack_pos - thr->shadow_stack);
-  if (pc)
+  if (pc != 0)
     thr->shadow_stack_pos--;
   return id;
 }





More information about the llvm-commits mailing list