summaryrefslogtreecommitdiff
path: root/arch/x32/src/syscall_cp_fixup.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-05-01 21:22:27 -0400
committerRich Felker <dalias@aerifal.cx>2015-05-01 21:22:27 -0400
commit4f69594689992d76088f2b0af79cd91c40579f64 (patch)
treef502b2a7aa12aa160747d02cff76f44e5b762945 /arch/x32/src/syscall_cp_fixup.c
parent7561ac45ed94743c259c636cd15c048f492ffec1 (diff)
downloadmusl-4f69594689992d76088f2b0af79cd91c40579f64.tar.gz
musl-4f69594689992d76088f2b0af79cd91c40579f64.tar.bz2
musl-4f69594689992d76088f2b0af79cd91c40579f64.tar.xz
musl-4f69594689992d76088f2b0af79cd91c40579f64.zip
fix dangling pointers in x32 syscall timespec fixup code
the lifetime of compound literals is the block in which they appear. the temporary struct __timespec_kernel objects created as compound literals no longer existed at the time their addresses were passed to the kernel.
Diffstat (limited to 'arch/x32/src/syscall_cp_fixup.c')
-rw-r--r--arch/x32/src/syscall_cp_fixup.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/arch/x32/src/syscall_cp_fixup.c b/arch/x32/src/syscall_cp_fixup.c
index 07d39b52..deb01ee9 100644
--- a/arch/x32/src/syscall_cp_fixup.c
+++ b/arch/x32/src/syscall_cp_fixup.c
@@ -9,14 +9,18 @@ long __syscall_cp_internal(volatile void*, long long, long long, long long, long
struct __timespec { long long tv_sec; long tv_nsec; };
struct __timespec_kernel { long long tv_sec; long long tv_nsec; };
#define __tsc(X) ((struct __timespec*)(unsigned long)(X))
-#define __fixup(X) do { if(X) X = (unsigned long) (&(struct __timespec_kernel) \
- { .tv_sec = __tsc(X)->tv_sec, .tv_nsec = __tsc(X)->tv_nsec}); } while(0)
+#define __fixup(X) do { if(X) { \
+ ts->tv_sec = __tsc(X)->tv_sec; \
+ ts->tv_nsec = __tsc(X)->tv_nsec; \
+ (X) = (unsigned long)ts; } } while(0)
#ifdef SHARED
__attribute__((__visibility__("hidden")))
#endif
long __syscall_cp_asm (volatile void * foo, long long n, long long a1, long long a2, long long a3,
- long long a4, long long a5, long long a6) {
+ long long a4, long long a5, long long a6)
+{
+ struct __timespec_kernel ts[1];
switch (n) {
case SYS_mq_timedsend: case SYS_mq_timedreceive: case SYS_pselect6:
__fixup(a5);