From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 111343 invoked by alias); 21 Oct 2018 21:43:10 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 111334 invoked by uid 89); 21 Oct 2018 21:43:09 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 21 Oct 2018 21:43:08 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4B3EC3082AF1; Sun, 21 Oct 2018 21:43:07 +0000 (UTC) Received: from pinnacle.lan (ovpn-116-78.phx2.redhat.com [10.3.116.78]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1E2F762989; Sun, 21 Oct 2018 21:43:07 +0000 (UTC) Date: Sun, 21 Oct 2018 21:43:00 -0000 From: Kevin Buettner To: gdb-patches@sourceware.org Cc: Simon Marchi Subject: Re: [PATCH] Allocate buffer with proper size in amd64_pseudo_register_{read_value,write} Message-ID: <20181021144305.4abb6e16@pinnacle.lan> In-Reply-To: <20181021025948.24787-1-simon.marchi@polymtl.ca> References: <20181021025948.24787-1-simon.marchi@polymtl.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2018-10/txt/msg00468.txt.bz2 On Sat, 20 Oct 2018 22:59:48 -0400 Simon Marchi wrote: > Running "maintenance selftest" on an amd64 build with AddressSanitizer > enabled, I get this: > > ==18126==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffdf72397c1 at pc 0x7fb5f437b011 bp 0x7ffdf7239740 sp 0x7ffdf7238ee8 > WRITE of size 8 at 0x7ffdf72397c1 thread T0 > #0 0x7fb5f437b010 in __interceptor_memcpy /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:737 > #1 0x55a1f899c1b3 in readable_regcache::raw_read(int, unsigned char*) /home/simark/src/binutils-gdb/gdb/regcache.c:530 > #2 0x55a1f7db241b in amd64_pseudo_register_read_value /home/simark/src/binutils-gdb/gdb/amd64-tdep.c:384 > #3 0x55a1f8413a2e in gdbarch_pseudo_register_read_value(gdbarch*, readable_regcache*, int) /home/simark/src/binutils-gdb/gdb/gdbarch.c:1992 > #4 0x55a1f899c9d1 in readable_regcache::cooked_read(int, unsigned char*) /home/simark/src/binutils-gdb/gdb/regcache.c:636 > #5 0x55a1f89a2251 in cooked_read_test /home/simark/src/binutils-gdb/gdb/regcache.c:1649 > > In amd64_pseudo_register_read_value, when we try to read the al > register, for example, we need to read rax and extract al from it. We > allocate a buffer of the size of al (1 byte): > > gdb_byte *raw_buf = (gdb_byte *) alloca (register_size (gdbarch, regnum)); > > but read in it the whole rax value (8 bytes): > > status = regcache->raw_read (gpnum, raw_buf); > > Fix it by allocating a buffer correctly sized for the full register from > which the smaller register is extracted. The > amd64_pseudo_register_write function had the same problem. > > gdb/ChangeLog: > > * amd64-tdep.c (amd64_pseudo_register_read_value): Use > correctly-sized buffer with raw_read. > (amd64_pseudo_register_write): Use correctly-sized buffer for > raw_read/raw_write. Okay. Kevin