From 422ff87c249ddc06701d096421db63343e4754be Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Mon, 24 Jul 2017 06:06:08 -0700 Subject: Avoid accessing corrupted stack from __stack_chk_fail [BZ #21752] __libc_argv[0] points to address on stack and __libc_secure_getenv accesses environment variables which are on stack. We should avoid accessing stack when stack is corrupted. This patch also renames function argument in __fortify_fail_abort from do_backtrace to need_backtrace to avoid confusion with do_backtrace from enum __libc_message_action. [BZ #21752] * debug/fortify_fail.c (__fortify_fail_abort): Don't pass down __libc_argv[0] if we aren't doing backtrace. Rename do_backtrace to need_backtrace. * sysdeps/posix/libc_fatal.c (__libc_message): Don't call __libc_secure_getenv if we aren't doing backtrace. --- debug/fortify_fail.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'debug') diff --git a/debug/fortify_fail.c b/debug/fortify_fail.c index c90d384daf..a0777ae570 100644 --- a/debug/fortify_fail.c +++ b/debug/fortify_fail.c @@ -24,13 +24,17 @@ extern char **__libc_argv attribute_hidden; void __attribute__ ((noreturn)) internal_function -__fortify_fail_abort (_Bool do_backtrace, const char *msg) +__fortify_fail_abort (_Bool need_backtrace, const char *msg) { - /* The loop is added only to keep gcc happy. */ + /* The loop is added only to keep gcc happy. Don't pass down + __libc_argv[0] if we aren't doing backtrace since __libc_argv[0] + may point to the corrupted stack. */ while (1) - __libc_message (do_backtrace ? (do_abort | do_backtrace) : do_abort, + __libc_message (need_backtrace ? (do_abort | do_backtrace) : do_abort, "*** %s ***: %s terminated\n", - msg, __libc_argv[0] ?: ""); + msg, + (need_backtrace && __libc_argv[0] != NULL + ? __libc_argv[0] : "")); } void -- cgit v1.2.1