[DTrace-devel] [PATCH 3/6] fixup! alloca: load and store

[Nick Alcock]

This fixes some verifier failures in Eugene's recent test cases.
---
 libdtrace/dt_cg.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libdtrace/dt_cg.c b/libdtrace/dt_cg.c
index 0084798bcde6..995e6ed86466 100644
--- a/libdtrace/dt_cg.c
+++ b/libdtrace/dt_cg.c
@@ -2203,7 +2203,7 @@ dt_cg_check_bounds(dt_irlist_t *dlp, dt_regset_t *drp, int regptr, int basereg,
 	 * the size is in a register, the other for the case when it is not.  In
 	 * both caes we first do a runtime check of the read/write actually
 	 * carried out (which the verifier will ignore, because it's a reg/reg
-	 * test not using EQ or NE), then do a test against the axtual size of
+	 * test not using EQ or NE), then do a test against the actual size of
 	 * scratch space, including a max-size buffer at the end specifically to
 	 * allow dynamically-sized writes to succeed without exceeding the
 	 * bound.
@@ -2231,6 +2231,12 @@ dt_cg_check_bounds(dt_irlist_t *dlp, dt_regset_t *drp, int regptr, int basereg,
 		emit(dlp, BPF_BRANCH_IMM(BPF_JGE, reg, lenmax, lbl_size_err));
 		emit(dlp, BPF_ALU64_IMM(BPF_SUB, reg, sizemax));
 	}
+	/*
+	 * Yet more placation.  The above has forced the minimum value to be
+	 * negative, which is of course impossible; re-prove that it is
+	 * positive.
+	 */
+	emit(dlp,  BPF_BRANCH_IMM(BPF_JSLT, reg, 0, lbl_err));
 	emit(dlp,  BPF_JUMP(lbl_ok));
 
 	dt_cg_probe_error_regval(yypcb, lbl_err, -1, DTRACEFLT_BADADDR, reg);
-- 
2.35.1.261.g8402f930ba.dirty