| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1559045040-23659-1-git-send-email-92siuyang@gmail.com>
Date: Tue, 28 May 2019 20:04:00 +0800
From: Young Xiao <92siuyang@...il.com>
To: gxt@....edu.cn, peterz@...radead.org, tglx@...utronix.de,
linux-kernel@...r.kernel.org
Cc: Young Xiao <92siuyang@...il.com>
Subject: [PATCH] unicore32: fix framepointer check in unwind_frame
This patch fixes corner case when (fp + 4) overflows unsigned long,
for example: fp = 0xFFFFFFFF -> fp + 4 == 3.
Copy from commit 3abb6671a9c0 ("ARM: 7913/1: fix framepointer check in
unwind_frame").
Signed-off-by: Young Xiao <92siuyang@...il.com>
---
arch/unicore32/kernel/stacktrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/unicore32/kernel/stacktrace.c b/arch/unicore32/kernel/stacktrace.c
index e37da8c..8e5d12e 100644
--- a/arch/unicore32/kernel/stacktrace.c
+++ b/arch/unicore32/kernel/stacktrace.c
@@ -43,7 +43,7 @@ int notrace unwind_frame(struct stackframe *frame)
high = ALIGN(low, THREAD_SIZE);
/* check current frame pointer is within bounds */
- if (fp < (low + 12) || fp + 4 >= high)
+ if (fp < low + 12 || fp > high - 4)
return -EINVAL;
/* restore the registers from the stack frame */
--
2.7.4
Powered by blists - more mailing lists