diff options
author | Rich Felker <dalias@aerifal.cx> | 2015-05-06 18:37:19 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2015-05-06 18:37:19 -0400 |
commit | 484194dbf41758eec0ef62fef5fe9350c21b9241 (patch) | |
tree | d0b407880ba1c62f9fd3b551c6e9a9e745bd8cdd /crt/arm | |
parent | d0040e239e8d3048a7fb38f0bacaad4838fac605 (diff) | |
download | musl-484194dbf41758eec0ef62fef5fe9350c21b9241.tar.gz musl-484194dbf41758eec0ef62fef5fe9350c21b9241.tar.xz musl-484194dbf41758eec0ef62fef5fe9350c21b9241.zip |
fix stack protector crashes on x32 & powerpc due to misplaced TLS canary
i386, x86_64, x32, and powerpc all use TLS for stack protector canary values in the default stack protector ABI, but the location only matched the ABI on i386 and x86_64. on x32, the expected location for the canary contained the tid, thus producing spurious mismatches (resulting in process termination) upon fork. on powerpc, the expected location contained the stdio_locks list head, so returning from a function after calling flockfile produced spurious mismatches. in both cases, the random canary was not present, and a predictable value was used instead, making the stack protector hardening much less effective than it should be. in the current fix, the thread structure has been expanded to have canary fields at all three possible locations, and archs that use a non-default location must define a macro in pthread_arch.h to choose which location is used. for most archs (which lack TLS canary ABI) the choice does not matter.
Diffstat (limited to 'crt/arm')
0 files changed, 0 insertions, 0 deletions