[PATCH] D147975: [StackProtector] don't check stack protector before calling nounwind functions
Xiang Zhang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Apr 12 02:25:56 PDT 2023
xiangzhangllvm added a comment.
In D147975#4260253 <https://reviews.llvm.org/D147975#4260253>, @LuoYuanke wrote:
>> We could consider trying to encode more information into the IR, I guess. In a lot of cases, we know a "noreturn nounwind" function is abort()-like, and not longjmp()-like; we just don't bother recording it anywhere because nothing cared before this.
>
> In IR if a function call is within try{} block, front-end should generate invoke instruction, so we may just check if the callsite is invoke instruction.
But the C code do not have try{} block.
And I recheck the longjmp(ptr env, int val), if the attacker re-write the parameter env and prepare the “meticulously prepared” reg data in the flaky env , it is possible to attack.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D147975/new/
https://reviews.llvm.org/D147975
More information about the llvm-commits
mailing list