summaryrefslogtreecommitdiff
path: root/arch/x32/syscall_arch.h
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-05-01 21:22:27 -0400
committerRich Felker <dalias@aerifal.cx>2015-05-01 21:22:27 -0400
commit4f69594689992d76088f2b0af79cd91c40579f64 (patch)
treef502b2a7aa12aa160747d02cff76f44e5b762945 /arch/x32/syscall_arch.h
parent7561ac45ed94743c259c636cd15c048f492ffec1 (diff)
downloadmusl-4f69594689992d76088f2b0af79cd91c40579f64.tar.gz
fix dangling pointers in x32 syscall timespec fixup code
the lifetime of compound literals is the block in which they appear. the temporary struct __timespec_kernel objects created as compound literals no longer existed at the time their addresses were passed to the kernel.
Diffstat (limited to 'arch/x32/syscall_arch.h')
-rw-r--r--arch/x32/syscall_arch.h23
1 files changed, 16 insertions, 7 deletions
diff --git a/arch/x32/syscall_arch.h b/arch/x32/syscall_arch.h
index af67fe3f..344da03c 100644
--- a/arch/x32/syscall_arch.h
+++ b/arch/x32/syscall_arch.h
@@ -6,8 +6,10 @@ typedef long long syscall_arg_t;
struct __timespec { long long tv_sec; long tv_nsec; };
struct __timespec_kernel { long long tv_sec; long long tv_nsec; };
#define __tsc(X) ((struct __timespec*)(unsigned long)(X))
-#define __fixup(X) do { if(X) X = (unsigned long) (&(struct __timespec_kernel) \
- { .tv_sec = __tsc(X)->tv_sec, .tv_nsec = __tsc(X)->tv_nsec}); } while(0)
+#define __fixup(X) do { if(X) { \
+ ts->tv_sec = __tsc(X)->tv_sec; \
+ ts->tv_nsec = __tsc(X)->tv_nsec; \
+ (X) = (unsigned long)ts; } } while(0)
#define __fixup_case_2 \
case SYS_nanosleep: \
__fixup(a1); break; \
@@ -17,10 +19,13 @@ struct __timespec_kernel { long long tv_sec; long long tv_nsec; };
case SYS_clock_nanosleep: case SYS_rt_sigtimedwait: case SYS_ppoll: \
__fixup(a3); break; \
case SYS_utimensat: \
- if(a3) a3 = (unsigned long) ((struct __timespec_kernel[2]) { \
- [0] = {.tv_sec = __tsc(a3)[0].tv_sec, .tv_nsec = __tsc(a3)[0].tv_nsec}, \
- [1] = {.tv_sec = __tsc(a3)[1].tv_sec, .tv_nsec = __tsc(a3)[1].tv_nsec}, \
- }); break;
+ if(a3) { \
+ ts[0].tv_sec = __tsc(a3)[0].tv_sec; \
+ ts[0].tv_nsec = __tsc(a3)[0].tv_nsec; \
+ ts[1].tv_sec = __tsc(a3)[1].tv_sec; \
+ ts[1].tv_nsec = __tsc(a3)[1].tv_nsec; \
+ a3 = (unsigned long)ts; \
+ } break;
#define __fixup_case_4 \
case SYS_futex: \
if((a2 & (~128 /* FUTEX_PRIVATE_FLAG */)) == 0 /* FUTEX_WAIT */) __fixup(a4); break;
@@ -45,7 +50,7 @@ static __inline long __syscall1(long long n, long long a1)
static __inline long __syscall2(long long n, long long a1, long long a2)
{
unsigned long ret;
- struct __timespec *ts2 = 0;
+ struct __timespec_kernel ts[1];
switch (n) {
__fixup_case_2;
}
@@ -57,6 +62,7 @@ static __inline long __syscall2(long long n, long long a1, long long a2)
static __inline long __syscall3(long long n, long long a1, long long a2, long long a3)
{
unsigned long ret;
+ struct __timespec_kernel ts[2];
switch (n) {
__fixup_case_2;
__fixup_case_3;
@@ -71,6 +77,7 @@ static __inline long __syscall4(long long n, long long a1, long long a2, long lo
{
unsigned long ret;
register long long a4 __asm__("r10") = a4_;
+ struct __timespec_kernel ts[2];
switch (n) {
__fixup_case_2;
__fixup_case_3;
@@ -87,6 +94,7 @@ static __inline long __syscall5(long long n, long long a1, long long a2, long lo
unsigned long ret;
register long long a4 __asm__("r10") = a4_;
register long long a5 __asm__("r8") = a5_;
+ struct __timespec_kernel ts[2];
switch (n) {
__fixup_case_2;
__fixup_case_3;
@@ -105,6 +113,7 @@ static __inline long __syscall6(long long n, long long a1, long long a2, long lo
register long long a4 __asm__("r10") = a4_;
register long long a5 __asm__("r8") = a5_;
register long long a6 __asm__("r9") = a6_;
+ struct __timespec_kernel ts[2];
switch (n) {
__fixup_case_2;
__fixup_case_3;