| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Sep 2013 10:53:36 +0530 From: Anurag Aggarwal <anurag19aggarwal@...il.com> To: linux-kernel@...r.kernel.org Subject: [Query] Stack Overflow in "arch/arm/kernel/unwind.c" while unwinding frame Hi All, While executing unwind backtrace instructions in ARM, in the function unwind_exec_insn() there are chances that SP overflows from stack. For example while executing instruction with opcode 0xAE, vsp can go beyond stack to area that has not been allocated till now. unsigned long *vsp = (unsigned long *)ctrl->vrs[SP]; int reg; /* pop R4-R[4+bbb] */ for (reg = 4; reg <= 4 + (insn & 7); reg++) ctrl->vrs[reg] = *vsp++; The above scenario can happen while executing any of the unwind instruction. One of the ways to fix the problem is to check for vsp with stack limits before we increment it, but doing it for all the instructions seems a little bad. I just want to know that if anyone has faced the problem before I am working on Linux kernel for Android phones and I saw one case when this happened. I am new to Linux Kernel so not sure if this is the right place to ask the question. -- Anurag Aggarwal -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists