lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 24 Sep 2013 10:53:36 +0530
From:	Anurag Aggarwal <>
Subject: [Query] Stack Overflow in "arch/arm/kernel/unwind.c" while unwinding frame

Hi All,

While executing unwind backtrace instructions in ARM, in the function
there are chances that SP overflows from stack.

For example while executing instruction with opcode 0xAE, vsp can go
beyond stack to area that has not been allocated till now.

unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
int reg;

/* pop R4-R[4+bbb] */
for (reg = 4; reg <= 4 + (insn & 7); reg++)
ctrl->vrs[reg] = *vsp++;

The above scenario can happen while executing any of the unwind instruction.

One of the ways to fix the problem is to check for vsp with stack
limits before we increment it, but doing it for all the instructions
seems a little bad.

I just want to know that if anyone has faced the problem before

I am working on Linux kernel for Android phones and I saw one case
when this happened.

I am new to Linux Kernel so not sure if this is the right place to ask
the question.

Anurag Aggarwal
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists