зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1412480 - Statically check for overly large syscall arguments. r=gcp
See the previous patch for an explanation of the mistake that this is meant to catch. Note that, even for arguments that really are 64-bit on 32-bit platforms (typically off_t), it's generally not safe to pass them directly to syscall(): some architectures, like ARM, use ABIs that require such arguments to be passed in aligned register pairs, and they'll be aligned differently for syscall() vs. the actual system call due to the leading system call number argument. The syscall(2) man page discusses this and documents that such arguments should be split into high/low halves, passed separately, and manually padded. Therefore, this patch rejects any argument types larger than a word. MozReview-Commit-ID: FVhpri4zcWk --HG-- extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
This commit is contained in:
Jed Davis
Родитель
6d4b2907e1
Коммит
a2451f13e5
|
|
@ -15,6 +15,7 @@
|
||||||
#include "SandboxOpenedFiles.h"
|
#include "SandboxOpenedFiles.h"
|
||||||
#endif
|
#endif
|
||||||
#include "mozilla/PodOperations.h"
|
#include "mozilla/PodOperations.h"
|
||||||
|
#include "mozilla/TemplateLib.h"
|
||||||
#include "mozilla/UniquePtr.h"
|
#include "mozilla/UniquePtr.h"
|
||||||
|
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
|
@ -105,6 +106,8 @@ protected:
|
||||||
|
|
||||||
template<typename... Args>
|
template<typename... Args>
|
||||||
static intptr_t DoSyscall(long nr, Args... args) {
|
static intptr_t DoSyscall(long nr, Args... args) {
|
||||||
|
static_assert(tl::And<(sizeof(Args) <= sizeof(void*))...>::value,
|
||||||
|
"each syscall arg is at most one word");
|
||||||
return ConvertError(syscall(nr, args...));
|
return ConvertError(syscall(nr, args...));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче