replica
/
hanchenye-llvm-project
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tsan: fix out-of-bounds access in Go runtime 

FuncEntry can resize the shadow stack, while "thr->shadow_stack_pos[0] = pc" writes out-of-bounds.

llvm-svn: 210349
This commit is contained in:
Dmitry Vyukov 2014-06-06 15:56:08 +00:00
parent 32336152af
commit 75f5cf657e
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
compiler-rt/lib/tsan/rtl/tsan_rtl.cc
View File

@ -423,13 +423,11 @@ void ForkChildAfter(ThreadState *thr, uptr pc) {
u32 CurrentStackId(ThreadState *thr, uptr pc) {
if (thr->shadow_stack_pos == 0) // May happen during bootstrap.
return 0;
if (pc) {
thr->shadow_stack_pos[0] = pc;
thr->shadow_stack_pos++;
}
if (pc != 0)
FuncEntry(thr, pc); // can resize the shadow stack
u32 id = StackDepotPut(thr->shadow_stack,
thr->shadow_stack_pos - thr->shadow_stack);
if (pc)
if (pc != 0)
thr->shadow_stack_pos--;
return id;
}