From 29137c6fa9303eedc310a467e508716813174414 Mon Sep 17 00:00:00 2001 From: Michael Munday Date: Fri, 24 Nov 2017 11:37:11 -0500 Subject: [PATCH] dwarf: Fix size of state to avoid corrupting rs_stack DW_CFA_remember_state used memcpy to overwrite state with the value of rs_current. Unfortunately rs_current was slightly larger than state, possibly resulting in rs_stack->next being overwritten. Fix this by making the type of state match the type of rs_current and using an assigment to perform the copy rather than memcpy. This should ensure that the types match in future. --- include/dwarf.h | 2 +- src/dwarf/Gparser.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/dwarf.h b/include/dwarf.h index f45d0e4a..48831e30 100644 --- a/include/dwarf.h +++ b/include/dwarf.h @@ -260,7 +260,7 @@ dwarf_reg_state_t; typedef struct dwarf_stackable_reg_state { struct dwarf_stackable_reg_state *next; /* for rs_stack */ - dwarf_reg_only_state_t state; + dwarf_reg_state_t state; } dwarf_stackable_reg_state_t; diff --git a/src/dwarf/Gparser.c b/src/dwarf/Gparser.c index 5973a986..d95d5338 100644 --- a/src/dwarf/Gparser.c +++ b/src/dwarf/Gparser.c @@ -275,7 +275,7 @@ run_cfi_program (struct dwarf_cursor *c, dwarf_state_record_t *sr, ret = -UNW_ENOMEM; break; } - memcpy (&(*rs_stack)->state, &sr->rs_current, sizeof (sr->rs_current)); + (*rs_stack)->state = sr->rs_current; Debug (15, "CFA_remember_state\n"); break; @@ -286,7 +286,7 @@ run_cfi_program (struct dwarf_cursor *c, dwarf_state_record_t *sr, ret = -UNW_EINVAL; break; } - memcpy (&sr->rs_current, &(*rs_stack)->state, sizeof (sr->rs_current)); + sr->rs_current = (*rs_stack)->state; pop_rstate_stack(rs_stack); Debug (15, "CFA_restore_state\n"); break;