This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[PATCH] AIX: Fix buffer overflow in fill_fprs
- From: Chris January <chris dot january at allinea dot com>
- To: gdb-patches at sourceware dot org
- Date: Thu, 08 Mar 2012 13:15:47 +0000
- Subject: [PATCH] AIX: Fix buffer overflow in fill_fprs
The callers of fill_fprs expect the first floating point register to be
written to vals[0], but it's currently written to
vals[tdep->ppc_fp0_regnum] which can cause GDB to segfault as the
caller's buffer overflows.
2012-03-08 Chris January <chris.january@allinea.com>
* aix-thread.c (fill_sprs): Store the floating point registers at the
correct offsets into vals.
---
diff --git a/gdb/aix-thread.c b/gdb/aix-thread.c
index 0a9fae3..0c697f7 100644
--- a/gdb/aix-thread.c
+++ b/gdb/aix-thread.c
@@ -1356,7 +1356,8 @@ fill_fprs (const struct regcache *regcache, double
*vals)
regno < tdep->ppc_fp0_regnum + ppc_num_fprs;
regno++)
if (REG_VALID == regcache_register_status (regcache, regno))
- regcache_raw_collect (regcache, regno, vals + regno);
+ regcache_raw_collect (regcache, regno,
+ vals + regno - tdep->ppc_fp0_regnum);
}
/* Store the special registers into the specified 64-bit and 32-bit