[Lldb-commits] [PATCH] D131658: [LLDB] Fix out-of-bounds memory access in EmulationStateArm

[Slava Gurevich via Phabricator via lldb-commits]

fixathon created this revision.
fixathon added reviewers: clayborg, JDevlieghere, DavidSpickett, jasonmolenda.
Herald added a subscriber: kristof.beyls.
Herald added a project: All.
fixathon requested review of this revision.
Herald added a project: LLDB.
Herald added a subscriber: lldb-commits.

Functionally broken code for reading and writing registers, likely due to 
typos, 
and could cause out-of-bounds memory access.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D131658

Files:
  lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp


Index: lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp
===================================================================
--- lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp
+++ lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp
@@ -51,7 +51,7 @@
     if (reg_ctx->ReadRegister(reg_info, reg_value)) {
       uint64_t value = reg_value.GetAsUInt64();
       uint32_t idx = i - dwarf_d0;
-      if (i < 16) {
+      if (idx < 16) {
         m_vfp_regs.s_regs[idx * 2] = (uint32_t)value;
         m_vfp_regs.s_regs[idx * 2 + 1] = (uint32_t)(value >> 32);
       } else
@@ -92,7 +92,7 @@
     value = m_gpr[reg_num - dwarf_r0];
   else if ((dwarf_s0 <= reg_num) && (reg_num <= dwarf_s31)) {
     uint32_t idx = reg_num - dwarf_s0;
-    value = m_vfp_regs.d_regs[idx];
+    value = m_vfp_regs.s_regs[idx];
   } else if ((dwarf_d0 <= reg_num) && (reg_num <= dwarf_d31)) {
     uint32_t idx = reg_num - dwarf_d0;
     if (idx < 16)



Index: lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp
===================================================================
--- lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp
+++ lldb/source/Plugins/Instruction/ARM/EmulationStateARM.cpp
@@ -51,7 +51,7 @@
     if (reg_ctx->ReadRegister(reg_info, reg_value)) {
       uint64_t value = reg_value.GetAsUInt64();
       uint32_t idx = i - dwarf_d0;
-      if (i < 16) {
+      if (idx < 16) {
         m_vfp_regs.s_regs[idx * 2] = (uint32_t)value;
         m_vfp_regs.s_regs[idx * 2 + 1] = (uint32_t)(value >> 32);
       } else
@@ -92,7 +92,7 @@
     value = m_gpr[reg_num - dwarf_r0];
   else if ((dwarf_s0 <= reg_num) && (reg_num <= dwarf_s31)) {
     uint32_t idx = reg_num - dwarf_s0;
-    value = m_vfp_regs.d_regs[idx];
+    value = m_vfp_regs.s_regs[idx];
   } else if ((dwarf_d0 <= reg_num) && (reg_num <= dwarf_d31)) {
     uint32_t idx = reg_num - dwarf_d0;
     if (idx < 16)

_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits