When configured as --enable-stack-protector=all glibc
inserts stack checking canary into every function
including __sigsetjmp_aux(). Stack checking code
ends up using s0 register to temporary hold address
of global canary value.
Unfortunately __sigsetjmp_aux assumes no caller' caller-save
registers should be clobbered as it stores them as-is.
The fix is to disable stack protection of __sigsetjmp_aux.
Tested on the following test:
#include <setjmp.h>
#include <stdio.h>
int main() {
jmp_buf jb;
volatile register long s0 asm ("$s0");
s0 = 1234;
if (setjmp(jb) == 0)
longjmp(jb, 1);
printf ("$s0 = %lu\n", s0);
}
Without the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 =
1082346228
With the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1234
[BZ #22624]
* sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use
inhibit_stack_protector.
+2017-12-18 Sergei Trofimovich <slyfox@gentoo.org>
+
+ [BZ #22624]
+ * sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use
+ inhibit_stack_protector.
+
2017-12-18 Dmitry V. Levin <ldv@altlinux.org>
[BZ #22627]
pointer. We do things this way because it's difficult to reliably
access them in C. */
+/* Stack protection is disabled to avoid changing s0 (or any other
+ caller-save register) before storing it to environment.
+ See BZ #22624. */
+
int
+inhibit_stack_protector
__sigsetjmp_aux (jmp_buf env, int savemask, long long sp, long long fp,
long long gp)
{
projects / thirdparty / glibc.git / commitdiff
