[klibc] another bugfix
Thorsten Glaser
tg at mirbsd.de
Mon Mar 28 13:27:34 PDT 2011
maximilian attems dixit:
>I'm totaly confused how this could be an issue on m68k?
It’s not just an issue on m68k but all platforms, although
on m68k it ends up corrupting the stack. Please excuse me
for using i386 assembly commands in my explanation below,
that’s all I (really) know.
assumption for the code below: sizeof(mode_t) == 2
(since that helps me explain the stack corruption)
int open(const char *pathname, int flags, mode_t mode) {
return __open(pathname, flags | O_LARGEFILE, mode);
}
int main(void) {
return open("/dev/zero", O_RDONLY);
}
open:
xor eax,eax
mov ax,word ptr [esp+12]
mov dword ptr [esp+12],eax // this corrupts
or dword ptr [esp+8],O_LARGEFILE
jmp __open
.L1: .asciz "/dev/zero"
main:
push ebp
mov ebp,esp
mov eax,O_RDONLY
push eax
mov eax,offset .L1
push eax
call open
mov esp,ebp
pop ebp // corrupted!
ret
bye,
//mirabilos
--
22:20⎜<asarch> The crazy that persists in his craziness becomes a master
22:21⎜<asarch> And the distance between the craziness and geniality is
only measured by the success 18:35⎜<asarch> "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent
More information about the klibc
mailing list