[PATCH] D69893: libunwind: Evaluating DWARF operation DW_OP_pick is broken
kamlesh kumar via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 6 07:04:04 PST 2019
kamleshbhalui created this revision.
kamleshbhalui added a reviewer: phosek.
Herald added subscribers: libcxx-commits, ldionne, christof.
kamleshbhalui edited the summary of this revision.
reg is unsigned type and used here for getting array element from the end by negating it.
negation of unsigned can result in large number and array access with that index will result in segmentation
fault.
As a Fix we cast reg to int then negate it.
Fixes this.
https://bugs.llvm.org/show_bug.cgi?id=43872
Repository:
rUNW libunwind
https://reviews.llvm.org/D69893
Files:
libunwind/src/DwarfInstructions.hpp
Index: libunwind/src/DwarfInstructions.hpp
===================================================================
--- libunwind/src/DwarfInstructions.hpp
+++ libunwind/src/DwarfInstructions.hpp
@@ -430,7 +430,7 @@
// pick from
reg = addressSpace.get8(p);
p += 1;
- value = sp[-reg];
+ value = sp[-(int)reg];
*(++sp) = value;
if (log)
fprintf(stderr, "duplicate %d in stack\n", reg);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D69893.228057.patch
Type: text/x-patch
Size: 434 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20191106/21a34074/attachment.bin>
More information about the cfe-commits
mailing list