[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Dec 2015 21:57:34 +0100
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Subject: Patch: Negative stack pointer references
Hi all,
I found a few instances in musl where negative stack pointer offsets
were used in the handwritten assembly. That is problematic, because if a
signal arrives and is handled during the time that scratch space is in
use (unlikely but possible), and sigaltstack() is not used, then that
scratch space will be overwritten.
This was just something I saw while randomly reading the code. Also, I
only searched for the error pattern using a regex, so the problem may
persist with (possibly) negative nonconstant offsets to the stack
pointer, use of the same space with another register as base, or use of
a negative constant offset my regex failed to match. I searched for
-\d\+(%[er]sp)
-0[xX]\x\+(%[er]sp)
in all .s, .c, and .h files.
Also, the problem may exist in architectures other than AMD64 or x32.
I'm not a subscriber, so please CC me in this thread.
Ciao,
Markus
View attachment "0033-Remove-negative-constant-stack-pointer-offsets.patch" of type "text/x-diff" (3847 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
