[Lldb-commits] [PATCH] D140067: Fix an ASAN bug I introduced in debugserver, accessing off the end of an array intentionally

Jason Molenda via Phabricator via lldb-commits Wed, 14 Dec 2022 16:21:09 -0800

jasonmolenda created this revision.
jasonmolenda added reviewers: aprantl, JDevlieghere.
jasonmolenda added a project: LLDB.
Herald added a subscriber: kristof.beyls.
Herald added a project: All.
jasonmolenda requested review of this revision.
Herald added a subscriber: lldb-commits.


In https://reviews.llvm.org/D136620 I needed to access fp/sp/pc/lr two 
different ways depending on the compile-time environment -- the headers name 
these registers differently, and the types are different so one of them needs 
to be cast.  This was tiresome, so instead I indexed off of the array of 
general purpose registers right before them.  ASAN expresses its displeasure 
with this shortcut.

Before my original patch, this code passed the register context in to the 
arm_thread_state64_get{sp,fp,lr,pc} and those macros handled this detail.

The ASAN CI bot does not build an in-tree debugserver and test with it, but 
when I looked into a bot test failure, I hit this first.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D140067

Files:
  lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp


Index: lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
===================================================================
--- lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
+++ lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
@@ -2022,8 +2022,29 @@
     switch (set) {
     case e_regSetGPR:
       if (reg <= gpr_pc) {
-        if (reg == gpr_pc || reg == gpr_lr || reg == gpr_sp || reg == gpr_fp)
-          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__x[reg]);
+#if __has_feature(ptrauth_calls) && defined(__LP64__)
+        if (reg == gpr_pc)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_pc));
+        else if (reg == gpr_lr)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_lr));
+        else if (reg == gpr_sp)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_sp));
+        else if (reg == gpr_fp)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_fp));
+#else
+        if (reg == gpr_pc)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__pc);
+        else if (reg == gpr_lr)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__lr);
+        else if (reg == gpr_sp)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__sp);
+        else if (reg == gpr_fp)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__fp);
+#endif
         else
           value->value.uint64 = m_state.context.gpr.__x[reg];
         return true;

Index: lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
===================================================================
--- lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
+++ lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
@@ -2022,8 +2022,29 @@
     switch (set) {
     case e_regSetGPR:
       if (reg <= gpr_pc) {
-        if (reg == gpr_pc || reg == gpr_lr || reg == gpr_sp || reg == gpr_fp)
-          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__x[reg]);
+#if __has_feature(ptrauth_calls) && defined(__LP64__)
+        if (reg == gpr_pc)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_pc));
+        else if (reg == gpr_lr)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_lr));
+        else if (reg == gpr_sp)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_sp));
+        else if (reg == gpr_fp)
+          value->value.uint64 = clear_pac_bits(
+              reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_fp));
+#else
+        if (reg == gpr_pc)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__pc);
+        else if (reg == gpr_lr)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__lr);
+        else if (reg == gpr_sp)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__sp);
+        else if (reg == gpr_fp)
+          value->value.uint64 = clear_pac_bits(m_state.context.gpr.__fp);
+#endif
         else
           value->value.uint64 = m_state.context.gpr.__x[reg];
         return true;

_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D140067: Fix an ASAN bug I introduced in debugserver, accessing off the end of an array intentionally

Reply via email to