Date: Tue, 21 Apr 2020 17:40:23 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360169 - head/lib/libc/riscv/gen Message-ID: <202004211740.03LHeNTX013338@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Tue Apr 21 17:40:23 2020 New Revision: 360169 URL: https://svnweb.freebsd.org/changeset/base/360169 Log: Check the magic value in longjmp() before calling sigprocmask(). This avoids passing garbage to sigprocmask() if the jump buffer is invalid. Reviewed by: mhorne Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D24483 Modified: head/lib/libc/riscv/gen/setjmp.S Modified: head/lib/libc/riscv/gen/setjmp.S ============================================================================== --- head/lib/libc/riscv/gen/setjmp.S Tue Apr 21 17:38:07 2020 (r360168) +++ head/lib/libc/riscv/gen/setjmp.S Tue Apr 21 17:40:23 2020 (r360169) @@ -100,6 +100,11 @@ ENTRY(setjmp) END(setjmp) ENTRY(longjmp) + /* Check the magic value */ + ld t0, 0(a0) + ld t1, .Lmagic + bne t0, t1, botch + addi sp, sp, -(4 * 8) sd a0, (0 * 8)(sp) sd ra, (1 * 8)(sp) @@ -115,11 +120,6 @@ ENTRY(longjmp) ld ra, (1 * 8)(sp) ld a0, (0 * 8)(sp) addi sp, sp, (4 * 8) - - /* Check the magic value */ - ld t0, 0(a0) - ld t1, .Lmagic - bne t0, t1, botch /* Restore the stack pointer */ ld t0, 8(a0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004211740.03LHeNTX013338>