From 2145057cb8a50aba1a27a67be19953bee9b164fd Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Sun, 25 Feb 2018 14:44:29 +0100 Subject: pkg/compiler: fix alignment corner case Fix alignemnt calculation for packed structs with alignment and bitfields. Amusingly this affected only a single real struct -- ipv6_fragment_ext_header. --- prog/analysis.go | 6 ++++-- prog/encodingexec_test.go | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) (limited to 'prog') diff --git a/prog/analysis.go b/prog/analysis.go index c93a13e6c..6a5cd03d9 100644 --- a/prog/analysis.go +++ b/prog/analysis.go @@ -120,9 +120,11 @@ func foreachArgImpl(arg Arg, ctx ArgCtx, f func(Arg, *ArgCtx)) { totalSize += size } } - if totalSize > a.Size() { + claimedSize := a.Size() + varlen := a.Type().Varlen() + if varlen && totalSize > claimedSize || !varlen && totalSize != claimedSize { panic(fmt.Sprintf("bad group arg size %v, should be <= %v for %+v", - totalSize, a.Size(), a)) + totalSize, claimedSize, a)) } case *PointerArg: if a.Res != nil { diff --git a/prog/encodingexec_test.go b/prog/encodingexec_test.go index 92c36cad4..2ad19598e 100644 --- a/prog/encodingexec_test.go +++ b/prog/encodingexec_test.go @@ -390,6 +390,21 @@ func TestSerializeForExec(t *testing.T) { }, nil, }, + { + "syz_test$align7(&(0x7f0000000000)={{0x1, 0x2, 0x3, 0x4, 0x5, 0x6}, 0x42})", + []uint64{ + execInstrCopyin, dataOffset + 0, execArgConst, 1 | 0<<16 | 1<<24, 0x1, + execInstrCopyin, dataOffset + 0, execArgConst, 1 | 1<<16 | 1<<24, 0x2, + execInstrCopyin, dataOffset + 0, execArgConst, 1 | 2<<16 | 1<<24, 0x3, + execInstrCopyin, dataOffset + 1, execArgConst, 2 | 0<<16 | 1<<24, 0x4, + execInstrCopyin, dataOffset + 1, execArgConst, 2 | 1<<16 | 1<<24, 0x5, + execInstrCopyin, dataOffset + 1, execArgConst, 2 | 2<<16 | 1<<24, 0x6, + execInstrCopyin, dataOffset + 8, execArgConst, 1, 0x42, + callID("syz_test$align7"), ExecNoCopyout, 1, execArgConst, ptrSize, dataOffset, + execInstrEOF, + }, + nil, + }, } buf := make([]byte, ExecBufferSize) -- cgit mrf-deployment