| glibc-2.24: Fix CVE-2016-6323 |
| |
| [No upstream tracking] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20435 |
| |
| arm: mark __startcontext as .cantunwind, GNU |
| |
| Glibc bug where the makecontext function would create |
| an execution context which is incompatible with the unwinder, |
| causing it to hang when the generation of a backtrace is attempted. |
| |
| Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617] |
| CVE: CVE-2016-6323 |
| Signed-off-by: Andrej Valek <andrej.valek@siemens.com> |
| Signed-off-by: Pascal Bach <pascal.bach@siemens.com> |
| |
| diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S |
| index 603e508..d1f168f 100644 |
| --- a/sysdeps/unix/sysv/linux/arm/setcontext.S |
| +++ b/sysdeps/unix/sysv/linux/arm/setcontext.S |
| @@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext) |
| |
| /* Called when a makecontext() context returns. Start the |
| context in R4 or fall through to exit(). */ |
| + /* Unwind descriptors are looked up based on PC - 2, so we have to |
| + make sure to mark the instruction preceding the __startcontext |
| + label as .cantunwind. */ |
| + .fnstart |
| + .cantunwind |
| + nop |
| ENTRY(__startcontext) |
| movs r0, r4 |
| bne PLTJMP(__setcontext) |
| |
| @ New context was 0 - exit |
| b PLTJMP(HIDDEN_JUMPTARGET(exit)) |
| + .fnend |
| END(__startcontext) |
| |
| #ifdef PIC |