[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20260619062406.233729-1-alex@alexrp.com>
Date: Fri, 19 Jun 2026 08:24:06 +0200
From: Alex Rønne Petersen <alex@...xrp.com>
To: musl@...ts.openwall.com
Cc: Alex Rønne Petersen <alex@...xrp.com>
Subject: [PATCH] x32: clone: fix read of stack slot containing ctid
It's a 32-bit pointer and passed on the stack; the upper 32 bits of the stack
slot are garbage. This works out fine if we're lucky and those bits happen to be
zeroed, but if they're not, we ask the kernel to write to some random 64-bit
location, which it will just silently fail to do (the process is in x32 mode;
nothing can be mapped up there), and consequently, we never learn the new
thread's tid.
---
src/thread/x32/clone.s | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/thread/x32/clone.s b/src/thread/x32/clone.s
index b870880f..d62944ac 100644
--- a/src/thread/x32/clone.s
+++ b/src/thread/x32/clone.s
@@ -8,7 +8,7 @@ __clone:
mov %rdx,%rdi
mov %r8,%rdx
mov %r9,%r8
- mov 8(%rsp),%r10
+ mov 8(%rsp),%r10d
mov %r11,%r9
and $-16,%rsi
sub $8,%rsi
--
2.53.0
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
