Make sure space handed to C/C++ ABI is padded large enough

PythonTest_pyuno_pytests_testcollections had failed with -fsanitize=address: > ==6341==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffe5cf77048 at pc 0x7f6be12e51ba bp 0x7ffe5cf76810 sp 0x7ffe5cf76808 > WRITE of size 8 at 0x7ffe5cf77048 thread T0 > #0 0x7f6be12e51b9 in x86_64::fill_struct(_typelib_TypeDescriptionReference*, unsigned long const*, double const*, void*) bridges/source/cpp_uno/gcc3_linux_x86-64/abi.cxx > #1 0x7f6be1307f03 in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:171:17 > #2 0x7f6be130346d in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13 > #3 0x7f6be1301c56 in bridges::cpp_uno::shared::unoInterfaceProxyDispatch(_uno_Interface*, _typelib_TypeDescription const*, void*, void**, _uno_Any**) bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:420:13 > #4 0x7f6be0be09ff in stoc_corefl::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&) stoc/source/corereflection/criface.cxx:679:9 > #5 0x7f6be0be304c in non-virtual thunk to stoc_corefl::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&) stoc/source/corereflection/criface.cxx > #6 0x7f6be0375ef9 in (anonymous namespace)::IntrospectionAccessStatic_Impl::getPropertyValueByIndex(com::sun::star::uno::Any const&, int) const stoc/source/inspect/introspection.cxx:609:33 > #7 0x7f6be03753eb in (anonymous namespace)::IntrospectionAccessStatic_Impl::getPropertyValue(com::sun::star::uno::Any const&, rtl::OUString const&) const stoc/source/inspect/introspection.cxx:519:16 > #8 0x7f6be036bd75 in (anonymous namespace)::ImplIntrospectionAccess::getPropertyValue(rtl::OUString const&) stoc/source/inspect/introspection.cxx:1040:26 > #9 0x7f6be037102c in non-virtual thunk to (anonymous namespace)::ImplIntrospectionAccess::getPropertyValue(rtl::OUString const&) stoc/source/inspect/introspection.cxx > #10 0x7f6be0f95805 in stoc_inv::Invocation_Impl::getValue(rtl::OUString const&) stoc/source/invocation/invocation.cxx:495:35 > #11 0x7f6be0f95fcc in non-virtual thunk to stoc_inv::Invocation_Impl::getValue(rtl::OUString const&) stoc/source/invocation/invocation.cxx > #12 0x7f6be665d69a in pyuno::PyUNO_getattr(_object*, char*) pyuno/source/module/pyuno.cxx:1424:52 > #13 0x7f6bf34b1a5f in PyObject_GetAttr workdir/UnpackedTarball/python3/Objects/object.c:894:16 > #14 0x7f6bf39f10f9 in PyEval_EvalFrameEx workdir/UnpackedTarball/python3/Python/ceval.c:2793:29 ... Change-Id: I7c8aa0f0e153a022c19c981165730725a566a0b2 Reviewed-on: https://gerrit.libreoffice.org/42946Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

Make sure space handed to C/C++ ABI is padded large enough
PythonTest_pyuno_pytests_testcollections had failed with -fsanitize=address: > ==6341==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffe5cf77048 at pc 0x7f6be12e51ba bp 0x7ffe5cf76810 sp 0x7ffe5cf76808 > WRITE of size 8 at 0x7ffe5cf77048 thread T0 > #0 0x7f6be12e51b9 in x86_64::fill_struct(_typelib_TypeDescriptionReference*, unsigned long const*, double const*, void*) bridges/source/cpp_uno/gcc3_linux_x86-64/abi.cxx > #1 0x7f6be1307f03 in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:171:17 > #2 0x7f6be130346d in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13 > #3 0x7f6be1301c56 in bridges::cpp_uno::shared::unoInterfaceProxyDispatch(_uno_Interface*, _typelib_TypeDescription const*, void*, void**, _uno_Any**) bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:420:13 > #4 0x7f6be0be09ff in stoc_corefl::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&) stoc/source/corereflection/criface.cxx:679:9 > #5 0x7f6be0be304c in non-virtual thunk to stoc_corefl::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&) stoc/source/corereflection/criface.cxx > #6 0x7f6be0375ef9 in (anonymous namespace)::IntrospectionAccessStatic_Impl::getPropertyValueByIndex(com::sun::star::uno::Any const&, int) const stoc/source/inspect/introspection.cxx:609:33 > #7 0x7f6be03753eb in (anonymous namespace)::IntrospectionAccessStatic_Impl::getPropertyValue(com::sun::star::uno::Any const&, rtl::OUString const&) const stoc/source/inspect/introspection.cxx:519:16 > #8 0x7f6be036bd75 in (anonymous namespace)::ImplIntrospectionAccess::getPropertyValue(rtl::OUString const&) stoc/source/inspect/introspection.cxx:1040:26 > #9 0x7f6be037102c in non-virtual thunk to (anonymous namespace)::ImplIntrospectionAccess::getPropertyValue(rtl::OUString const&) stoc/source/inspect/introspection.cxx > #10 0x7f6be0f95805 in stoc_inv::Invocation_Impl::getValue(rtl::OUString const&) stoc/source/invocation/invocation.cxx:495:35 > #11 0x7f6be0f95fcc in non-virtual thunk to stoc_inv::Invocation_Impl::getValue(rtl::OUString const&) stoc/source/invocation/invocation.cxx > #12 0x7f6be665d69a in pyuno::PyUNO_getattr(_object*, char*) pyuno/source/module/pyuno.cxx:1424:52 > #13 0x7f6bf34b1a5f in PyObject_GetAttr workdir/UnpackedTarball/python3/Objects/object.c:894:16 > #14 0x7f6bf39f10f9 in PyEval_EvalFrameEx workdir/UnpackedTarball/python3/Python/ceval.c:2793:29 ... Change-Id: I7c8aa0f0e153a022c19c981165730725a566a0b2 Reviewed-on: https://gerrit.libreoffice.org/42946Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
43b02c45 · Stephan Bergmann · e6e01b50 · 43b02c45
Kaydet (Commit) 43b02c45 authored Eyl 29, 2017 tarafından Stephan Bergmann
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 1 deletion

criface.cxx stoc/source/corereflection/criface.cxx +20 -1

No files found.
--- a/stoc/source/corereflection/criface.cxx
+++ b/stoc/source/corereflection/criface.cxx
@@ -18,6 +18,11 @@
 */

 #include <sal/config.h>
+
+#include <cassert>
+#include <cstddef>
+#include <limits>
+
 #ifdef SAL_UNX
 #include <sal/alloca.h>
 #endif
@@ -40,6 +45,15 @@ using namespace css::lang;
 using namespace css::reflection;
 using namespace css::uno;

+namespace {
+
+std::size_t multipleOf16(std::size_t n) {
+    assert(n <= std::numeric_limits<std::size_t>::max() - 15);
+    return (n + 15) & ~std::size_t(15);
+}
+
+}
+
 namespace stoc_corefl
 {

@@ -586,7 +600,12 @@ Any SAL_CALL IdlInterfaceMethodImpl::invoke( const Any & rObj, Sequence< Any > &
        TYPELIB_DANGER_GET(
            &pReturnType, getMethodTypeDescr()->pReturnTypeRef );

-        void * pUnoReturn = alloca( pReturnType->nSize );
+        // C/C++ ABIs typically assume that structs are padded at the end, and
+        // that those padding bytes may be written to (e.g., to write into the
+        // end of a "short" struct by writing the full contents of a "long"
+        // register); so create enough space here (assuming that no ABI requires
+        // padding larger than 16 byte boundaries):
+        void * pUnoReturn = alloca( multipleOf16(pReturnType->nSize) );
        void ** ppUnoArgs = static_cast<void **>(alloca( sizeof(void *) * nParams *2 ));
        typelib_TypeDescription ** ppParamTypes = reinterpret_cast<typelib_TypeDescription **>(ppUnoArgs + nParams);