[DTrace-devel] [PATCH 03/12] Fix alloca() non-constant size check

Kris Van Hees kris.van.hees at oracle.com
Wed Jul 13 19:17:39 UTC 2022 

Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
---
 libdtrace/dt_cg.c                             |  6 ++---
 .../funcs/alloca/err.alloca-too-large.d       | 27 +++++++++++++++++++
 2 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 test/unittest/funcs/alloca/err.alloca-too-large.d

diff --git a/libdtrace/dt_cg.c b/libdtrace/dt_cg.c
index 23d86dcc..be1db4b1 100644
--- a/libdtrace/dt_cg.c
+++ b/libdtrace/dt_cg.c
@@ -4177,8 +4177,8 @@ dt_cg_subr_alloca(dt_node_t *dnp, dt_irlist_t *dlp, dt_regset_t *drp)
 	emit(dlp,  BPF_ALU64_IMM(BPF_ADD, next, 7));
 	emit(dlp,  BPF_ALU64_IMM(BPF_AND, next, (int) -8));
 
-	emit(dlp,  BPF_BRANCH_IMM(BPF_JGT, next, opt_scratchsize + 8, lbl_err));
-	emit(dlp,  BPF_BRANCH_IMM(BPF_JLE, dnp->dn_reg, opt_scratchsize + 8,
+	emit(dlp,  BPF_BRANCH_IMM(BPF_JGT, next, opt_scratchsize, lbl_err));
+	emit(dlp,  BPF_BRANCH_IMM(BPF_JLE, dnp->dn_reg, opt_scratchsize - 8,
 				  lbl_ok));
 	emitl(dlp, lbl_err,
 		   BPF_NOP());
@@ -4199,7 +4199,7 @@ dt_cg_subr_bcopy(dt_node_t *dnp, dt_irlist_t *dlp, dt_regset_t *drp)
 	dt_node_t	*src = dnp->dn_args;
 	dt_node_t	*dst = src->dn_list;
 	dt_node_t	*size = dst->dn_list;
-	int		maxsize = yypcb->pcb_hdl->dt_options[DTRACEOPT_SCRATCHSIZE];
+	int		maxsize = yypcb->pcb_hdl->dt_options[DTRACEOPT_SCRATCHSIZE] - 8;
 	uint_t		lbl_badsize = dt_irlist_label(dlp);
 	uint_t		lbl_ok = dt_irlist_label(dlp);
 
diff --git a/test/unittest/funcs/alloca/err.alloca-too-large.d b/test/unittest/funcs/alloca/err.alloca-too-large.d
new file mode 100644
index 00000000..6ba87781
--- /dev/null
+++ b/test/unittest/funcs/alloca/err.alloca-too-large.d
@@ -0,0 +1,27 @@
+/*
+ * Oracle Linux DTrace.
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * Licensed under the Universal Permissive License v 1.0 as shown at
+ * http://oss.oracle.com/licenses/upl.
+ */
+
+/*
+ * ASSERTION: Allocation size is checked when passed from a variable.
+ *
+ * SECTION: Actions and Subroutines/alloca()
+ */
+
+#pragma D option quiet
+#pragma D option scratchsize=64
+
+BEGIN
+{
+	sz = 65;
+	alloca(sz);
+	exit(0);
+}
+
+ERROR
+{
+	exit(1);
+}
-- 
2.34.1

More information about the DTrace-devel mailing list