Fix out of boundary access in pass_in_v
authorYao Qi <yao.qi@linaro.org>
Wed, 18 Nov 2015 11:49:32 +0000 (11:49 +0000)
committerYao Qi <yao.qi@linaro.org>
Wed, 18 Nov 2015 11:49:55 +0000 (11:49 +0000)
commit0735fdddbc086291f6d2357e8fa57e5df6095e89
tree6a3547a34749155d60def0ed0d631ed193619e89
parent4978e369fb75a8b7756bf4201668b2a9d9556286
Fix out of boundary access in pass_in_v

Hi,
I build GDB with -fsanitize=address, and run testsuite.  In
gdb.base/callfuncs.exp, I see the following error,

p t_float_values(0.0,0.0)
=================================================================
==8088==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000cb650 at pc 0x6e195c bp 0x7fff164f9770 sp 0x7fff164f9768
READ of size 16 at 0x6020000cb650 thread T0^
    #0 0x6e195b in regcache_raw_write /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:912
    #1 0x6e1e52 in regcache_cooked_write /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:945
    #2 0x466d69 in pass_in_v /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1101
    #3 0x467512 in pass_in_v_or_stack /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1196
    #4 0x467d7d in aarch64_push_dummy_call /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1335

The code in pass_in_v read contents from V registers (128 bit), but the
data passed through V registers can be less than 128 bit.  In this case,
float is passed.  So writing V registers contents into contents buff
will cause overflow.  In this patch, we add an array reg[V_REGISTER_SIZE],
which is to hold the contents from V registers, and then copy useful
bits to buf.

gdb:

2015-11-18  Yao Qi  <yao.qi@linaro.org>

* aarch64-tdep.c (pass_in_v): Add argument len.  Add local array
reg.  Callers updated.
gdb/ChangeLog
gdb/aarch64-tdep.c