diff options
author | Eric Andersen <andersen@codepoet.org> | 2001-10-05 11:31:48 +0000 |
---|---|---|
committer | Eric Andersen <andersen@codepoet.org> | 2001-10-05 11:31:48 +0000 |
commit | 8a309c2fde98f9fcba538fcada54248eafdd34ad (patch) | |
tree | 7edbb9f5153b509f0e1604abc266ac83f738d85f /libc/pwd_grp/initgroups.c | |
parent | ab79ee6808a768bc72cd1158f93ba8a50a0615e5 (diff) |
Wohoo! David McCullough found the bug! His comments follow:
I had a look at it and you won't believe it was always broken.
I'll try and explain it, let me know if it doesn't make sense.
* ash calls setjmp, which messes with the stack to look like it has
two args instead of one and then jmps (actually falls) into
sigsetjmp.
BUG
* sigsetjmp then saves the registers and "jumps" to __sigset_save, a C
function.
BUG1 - because the caller pops its args off the stack, a program that
changes it's number of args is broken because the caller will
not
pop the correct number of args.
I think that jumping from the sigsetjmp asm to the 'C' code is unsafe
but I can't think of an example. Anyway, I have attached what I think
is
a working fix.
The reason this worked without -fomit-frame-pointer is that the
_sigset_save 'C' code would restore the stack pointer from %ebp (the
frame
pointer) and because none of the asm had moded it, when we returned
from
__sigset_save the stack was back to it's correct position for 1
argument
despite our best attempts to stuff it up ;-)
Diffstat (limited to 'libc/pwd_grp/initgroups.c')
0 files changed, 0 insertions, 0 deletions