Print this page
10468 __ctype_mask[EOF] has been working by accident
10469 GCC's -faggressive-loop-optimizations is too aggressive
10470 array over-read in has_saved_fp()
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libsaveargs/amd64/saveargs.c
          +++ new/usr/src/lib/libsaveargs/amd64/saveargs.c
↓ open down ↓ 15 lines elided ↑ open up ↑
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22   22   * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  23   23   * Use is subject to license terms.
  24   24   */
  25   25  
       26 +/*
       27 + * Copyright 2019 Joyent, Inc.
       28 + */
  26   29  
  27   30  /*
  28   31   * The Sun Studio and GCC (patched for opensolaris/illumos) compilers
  29   32   * implement a argument saving scheme on amd64 via the -Wu,save-args or
  30   33   * options.  When the option is specified, INTEGER type function arguments
  31   34   * passed via registers will be saved on the stack immediately after %rbp, and
  32   35   * will not be modified through out the life of the routine.
  33   36   *
  34   37   *                              +--------+
  35   38   *              %rbp    -->     |  %rbp  |
↓ open down ↓ 174 lines elided ↑ open up ↑
 210  213          t.data = ins;
 211  214          t.size = size;
 212  215  
 213  216          dis_set_data(dhp, &t);
 214  217          return (dis_instrlen(dhp, i));
 215  218  }
 216  219  
 217  220  static boolean_t
 218  221  has_saved_fp(dis_handle_t *dhp, uint8_t *ins, int size)
 219  222  {
 220      -        int             i, j;
      223 +        int             i, j;
 221  224          uint32_t        n;
 222  225          boolean_t       found_push = B_FALSE;
 223  226          ssize_t         sz = 0;
 224  227  
 225  228          for (i = 0; i < size; i += sz) {
 226  229                  if ((sz = instr_size(dhp, ins, i, size)) < 1)
 227  230                          return (B_FALSE);
 228  231  
 229  232                  if (found_push == B_FALSE) {
 230  233                          if (sz != 1)
 231  234                                  continue;
 232  235  
 233  236                          n = INSTR1(ins, i);
 234      -                        for (j = 0; j <= NUM_FP_PUSHES; j++)
      237 +                        for (j = 0; j < NUM_FP_PUSHES; j++)
 235  238                                  if (save_fp_pushes[j] == n) {
 236  239                                          found_push = B_TRUE;
 237  240                                          break;
 238  241                                  }
 239  242                  } else {
 240  243                          if (sz != 3)
 241  244                                  continue;
 242  245                          n = INSTR3(ins, i);
 243      -                        for (j = 0; j <= NUM_FP_MOVS; j++)
      246 +                        for (j = 0; j < NUM_FP_MOVS; j++)
 244  247                                  if (save_fp_movs[j] == n)
 245  248                                          return (B_TRUE);
 246  249                  }
 247  250          }
 248  251  
 249  252          return (B_FALSE);
 250  253  }
 251  254  
 252  255  int
 253  256  saveargs_has_args(uint8_t *ins, size_t size, uint_t argc, int start_index)
↓ open down ↓ 121 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX