diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2017-07-11 07:44:01 -0700 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2017-07-11 07:44:14 -0700 |
| commit | ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 (patch) | |
| tree | f1131793bd3340ada62e6d31434e1d8003eec2fd /malloc | |
| parent | 94070f86c0c849c71ed2e7e2189bb4d1f7411a17 (diff) | |
| download | glibc-ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0.tar.gz glibc-ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0.tar.xz glibc-ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0.zip | |
Avoid backtrace from __stack_chk_fail [BZ #12189]
__stack_chk_fail is called on corrupted stack. Stack backtrace is very unreliable against corrupted stack. __libc_message is changed to accept enum __libc_message_action and call BEFORE_ABORT only if action includes do_backtrace. __fortify_fail_abort is added to avoid backtrace from __stack_chk_fail. [BZ #12189] * debug/Makefile (CFLAGS-tst-ssp-1.c): New. (tests): Add tst-ssp-1 if -fstack-protector works. * debug/fortify_fail.c: Include <stdbool.h>. (_fortify_fail_abort): New function. (__fortify_fail): Call _fortify_fail_abort. (__fortify_fail_abort): Add a hidden definition. * debug/stack_chk_fail.c: Include <stdbool.h>. (__stack_chk_fail): Call __fortify_fail_abort, instead of __fortify_fail. * debug/tst-ssp-1.c: New file. * include/stdio.h (__libc_message_action): New enum. (__libc_message): Replace int with enum __libc_message_action. (__fortify_fail_abort): New hidden prototype. * malloc/malloc.c (malloc_printerr): Update __libc_message calls. * sysdeps/posix/libc_fatal.c (__libc_message): Replace int with enum __libc_message_action. Call BEFORE_ABORT only if action includes do_backtrace. (__libc_fatal): Update __libc_message call.
Diffstat (limited to 'malloc')
| -rw-r--r-- | malloc/malloc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c index 2527e25047..54e406bcb6 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -5397,7 +5397,8 @@ malloc_printerr (int action, const char *str, void *ptr, mstate ar_ptr) set_arena_corrupt (ar_ptr); if ((action & 5) == 5) - __libc_message (action & 2, "%s\n", str); + __libc_message ((action & 2) ? (do_abort | do_backtrace) : do_message, + "%s\n", str); else if (action & 1) { char buf[2 * sizeof (uintptr_t) + 1]; @@ -5407,7 +5408,8 @@ malloc_printerr (int action, const char *str, void *ptr, mstate ar_ptr) while (cp > buf) *--cp = '0'; - __libc_message (action & 2, "*** Error in `%s': %s: 0x%s ***\n", + __libc_message ((action & 2) ? (do_abort | do_backtrace) : do_message, + "*** Error in `%s': %s: 0x%s ***\n", __libc_argv[0] ? : "<unknown>", str, cp); } else if (action & 2) |