diff options
| author | Andreas Schwab <schwab@suse.de> | 2020-01-20 17:01:50 +0100 |
|---|---|---|
| committer | Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> | 2020-03-20 15:23:11 -0300 |
| commit | 0478174d1e2c2a894a35b1cdffc573dca310b438 (patch) | |
| tree | c0337a0bb54ac37cb28bf85df7fdef3b600fe19a /sysdeps/powerpc/powerpc32 | |
| parent | 9ff61e9159ce6a78fad28514d1e45cb7cc734ed9 (diff) | |
| download | glibc-0478174d1e2c2a894a35b1cdffc573dca310b438.tar.gz glibc-0478174d1e2c2a894a35b1cdffc573dca310b438.tar.xz glibc-0478174d1e2c2a894a35b1cdffc573dca310b438.zip | |
Fix array overflow in backtrace on PowerPC (bug 25423)
When unwinding through a signal frame the backtrace function on PowerPC
didn't check array bounds when storing the frame address. Fixes commit
d400dcac5e ("PowerPC: fix backtrace to handle signal trampolines").
(cherry picked from commit d93769405996dfc11d216ddbe415946617b5a494)
Diffstat (limited to 'sysdeps/powerpc/powerpc32')
| -rw-r--r-- | sysdeps/powerpc/powerpc32/backtrace.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sysdeps/powerpc/powerpc32/backtrace.c b/sysdeps/powerpc/powerpc32/backtrace.c index 5422fdd50d..c7b64f9e9b 100644 --- a/sysdeps/powerpc/powerpc32/backtrace.c +++ b/sysdeps/powerpc/powerpc32/backtrace.c @@ -114,6 +114,8 @@ __backtrace (void **array, int size) } if (gregset) { + if (count + 1 == size) + break; array[++count] = (void*)((*gregset)[PT_NIP]); current = (void*)((*gregset)[PT_R1]); } |