Repair bounds-checking runtime
On this weekend a thought came to me again that tinycc could be used for scripting. Only its bounds-checking mode turned out to be broken, which is a pity because bounds-checking is sometimes handy especially for quickly written scripts. Since tinycc is one of those small beautiful things, seldomly happening in our times, I couldn't resist trying to fix it. Thanks, Kirill * bcheck: Now btest pass! lib/bcheck: Prevent __bound_local_new / __bound_local_delete from being miscompiled lib/bcheck: Prevent libc_malloc/libc_free etc from being miscompiled
This commit is contained in:
Kirill Smelkov
commit
40a54c4399
2 changed files with 8 additions and 16 deletions
23
lib/bcheck.c
23
lib/bcheck.c
|
|
@ -208,25 +208,11 @@ BOUND_PTR_INDIR(8)
|
|||
BOUND_PTR_INDIR(12)
|
||||
BOUND_PTR_INDIR(16)
|
||||
|
||||
#ifdef __i386__
|
||||
/* return the frame pointer of the caller */
|
||||
#define GET_CALLER_FP(fp)\
|
||||
{\
|
||||
unsigned long *fp1;\
|
||||
__asm__ __volatile__ ("movl %%ebp,%0" :"=g" (fp1));\
|
||||
fp = fp1[0];\
|
||||
fp = (unsigned long)__builtin_frame_address(1);\
|
||||
}
|
||||
#elif defined(__x86_64__)
|
||||
/* TCC always creates %rbp frames also on x86_64, so use them. */
|
||||
#define GET_CALLER_FP(fp)\
|
||||
{\
|
||||
unsigned long *fp1;\
|
||||
__asm__ __volatile__ ("movq %%rbp,%0" :"=g" (fp1));\
|
||||
fp = fp1[0];\
|
||||
}
|
||||
#else
|
||||
#error put code to extract the calling frame pointer
|
||||
#endif
|
||||
|
||||
/* called when entering a function to add all the local regions */
|
||||
void FASTCALL __bound_local_new(void *p1)
|
||||
|
|
@ -638,6 +624,9 @@ static unsigned long get_region_size(void *p)
|
|||
|
||||
/* patched memory functions */
|
||||
|
||||
/* force compiler to perform stores coded up to this point */
|
||||
#define barrier() __asm__ __volatile__ ("": : : "memory")
|
||||
|
||||
static void install_malloc_hooks(void)
|
||||
{
|
||||
#ifdef CONFIG_TCC_MALLOC_HOOKS
|
||||
|
|
@ -649,6 +638,8 @@ static void install_malloc_hooks(void)
|
|||
__free_hook = __bound_free;
|
||||
__realloc_hook = __bound_realloc;
|
||||
__memalign_hook = __bound_memalign;
|
||||
|
||||
barrier();
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
@ -659,6 +650,8 @@ static void restore_malloc_hooks(void)
|
|||
__free_hook = saved_free_hook;
|
||||
__realloc_hook = saved_realloc_hook;
|
||||
__memalign_hook = saved_memalign_hook;
|
||||
|
||||
barrier();
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ TESTS = libtest \
|
|||
|
||||
# some tests do not pass on all platforms, remove them for now
|
||||
ifeq ($(TARGETOS),Linux)
|
||||
TESTS := $(filter-out btest,$(TESTS))
|
||||
TESTS := $(filter-out weaktest,$(TESTS))
|
||||
endif
|
||||
ifeq ($(TARGETOS),Darwin)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue