On Thu, Feb 22, 2018 at 01:34:00PM -0800, John Reiser wrote:
> Looking at the code:
> ===== gcc/libgcc/unwind.inc
> _Unwind_ForcedUnwind_Phase2 (struct _Unwind_Exception *exc,
> struct _Unwind_Context *context,
> unsigned long *frames_p)
> {
> _Unwind_Stop_Fn stop = (_Unwind_Stop_Fn) (_Unwind_Ptr) exc->private_1;
> <<skip to line 170:>>
> stop_code = (*stop) (1, action, exc->exception_class, exc,
> context, stop_argument);
> =====
> we see that function pointer 'stop' is cast from an untyped word 'private_1'
> with no checking at all, not even for NULL or < PAGE_SIZE, etc.
> This is a giant red flag for unreliable code.
Wrong. Just look at what the callers do:
if (exc->private_1 == 0)
code = _Unwind_RaiseException_Phase2 (exc, &cur_context, &frames);
else
code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context, &frames);
and
if (exc->private_1 == 0)
return _Unwind_RaiseException (exc);
uw_init_context (&this_context);
cur_context = this_context;
code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context, &frames);
So, _Unwind_ForcedUnwind_Phase2 is not called if private_1 is NULL.
Can I get detailed info on how to reproduce this (most importantly, which
src.rpm you are trying to build)?
Jakub
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
