Check the magic value in longjmp() before calling sigprocmask().
This avoids passing garbage to sigprocmask() if the jump buffer is invalid. Reviewed by: mhorne Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D24483
This commit is contained in:
@@ -100,6 +100,11 @@ ENTRY(setjmp)
|
|||||||
END(setjmp)
|
END(setjmp)
|
||||||
|
|
||||||
ENTRY(longjmp)
|
ENTRY(longjmp)
|
||||||
|
/* Check the magic value */
|
||||||
|
ld t0, 0(a0)
|
||||||
|
ld t1, .Lmagic
|
||||||
|
bne t0, t1, botch
|
||||||
|
|
||||||
addi sp, sp, -(4 * 8)
|
addi sp, sp, -(4 * 8)
|
||||||
sd a0, (0 * 8)(sp)
|
sd a0, (0 * 8)(sp)
|
||||||
sd ra, (1 * 8)(sp)
|
sd ra, (1 * 8)(sp)
|
||||||
@@ -116,11 +121,6 @@ ENTRY(longjmp)
|
|||||||
ld a0, (0 * 8)(sp)
|
ld a0, (0 * 8)(sp)
|
||||||
addi sp, sp, (4 * 8)
|
addi sp, sp, (4 * 8)
|
||||||
|
|
||||||
/* Check the magic value */
|
|
||||||
ld t0, 0(a0)
|
|
||||||
ld t1, .Lmagic
|
|
||||||
bne t0, t1, botch
|
|
||||||
|
|
||||||
/* Restore the stack pointer */
|
/* Restore the stack pointer */
|
||||||
ld t0, 8(a0)
|
ld t0, 8(a0)
|
||||||
mv sp, t0
|
mv sp, t0
|
||||||
|
|||||||
Reference in New Issue
Block a user