[Lldb-commits] [PATCH] D140067: Fix an ASAN bug I introduced in debugserver, accessing off the end of an array intentionally

Jason Molenda via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Wed Dec 14 16:21:04 PST 2022 

jasonmolenda created this revision.
jasonmolenda added reviewers: aprantl, JDevlieghere.
jasonmolenda added a project: LLDB.
Herald added a subscriber: kristof.beyls.
Herald added a project: All.
jasonmolenda requested review of this revision.
Herald added a subscriber: lldb-commits.

In https://reviews.llvm.org/D136620 I needed to access fp/sp/pc/lr two different ways depending on the compile-time environment -- the headers name these registers differently, and the types are different so one of them needs to be cast.  This was tiresome, so instead I indexed off of the array of general purpose registers right before them.  ASAN expresses its displeasure with this shortcut.

Before my original patch, this code passed the register context in to the arm_thread_state64_get{sp,fp,lr,pc} and those macros handled this detail.

The ASAN CI bot does not build an in-tree debugserver and test with it, but when I looked into a bot test failure, I hit this first.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D140067

Files:
  lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp


Index: lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
===================================================================
--- lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
+++ lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
@@ -2022,8 +2022,29 @@
     switch (set) {
     case e_regSetGPR:
       if (reg <= gpr_pc) {
-        if (reg == gpr_pc || reg == gpr_lr || reg == gpr_sp || reg == gpr_fp)
-          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__x[reg]);
+#if __has_feature(ptrauth_calls) && defined(__LP64__)
+        if (reg == gpr_pc)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_pc));
+        else if (reg == gpr_lr)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_lr));
+        else if (reg == gpr_sp)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_sp));
+        else if (reg == gpr_fp)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_fp));
+#else
+        if (reg == gpr_pc)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__pc);
+        else if (reg == gpr_lr)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__lr);
+        else if (reg == gpr_sp)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__sp);
+        else if (reg == gpr_fp)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__fp);
+#endif
         else
           value->value.uint64 = m_state.context.gpr.__x[reg];
         return true;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D140067.483025.patch
Type: text/x-patch
Size: 1754 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20221215/6b046e37/attachment.bin>

More information about the lldb-commits mailing list