sh: Fix bug calculating the end of the FDE instructions

The 'end' member of struct dwarf_fde denotes one byte past the end of the CFA instruction stream for an FDE. The value of 'end' was being calcualted incorrectly, it was being set too high. This resulted in dwarf_cfa_execute_insns() interpreting data past the end of valid instructions, thus causing all sorts of weird crashes. Signed-off-by: Matt Fleming <matt@console-pimps.org>
git-mirror · Aug 21, 2009 · 5480675 · 5480675
1 parent fe98dd3
commit 5480675
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/arch/sh/kernel/dwarf.c b/arch/sh/kernel/dwarf.c
@@ -751,7 +751,8 @@ static int dwarf_parse_cie(void *entry, void *p, unsigned long len,
 }
 
 static int dwarf_parse_fde(void *entry, u32 entry_type,
-			   void *start, unsigned long len)
+			   void *start, unsigned long len,
+			   unsigned char *end)
 {
 	struct dwarf_fde *fde;
 	struct dwarf_cie *cie;
@@ -798,7 +799,7 @@ static int dwarf_parse_fde(void *entry, u32 entry_type,
 
 	/* Call frame instructions. */
 	fde->instructions = p;
-	fde->end = start + len;
+	fde->end = end;
 
 	/* Add to list. */
 	spin_lock_irqsave(&dwarf_fde_lock, flags);
@@ -932,7 +933,7 @@ static int __init dwarf_unwinder_init(void)
 			else
 				c_entries++;
 		} else {
-			err = dwarf_parse_fde(entry, entry_type, p, len);
+			err = dwarf_parse_fde(entry, entry_type, p, len, end);
 			if (err < 0)
 				goto out;
 			else