https://github.com/jroelofs created https://github.com/llvm/llvm-project/pull/205152
The Arm DWARF spec defines UNW_AARCH64_RA_SIGN_STATE as being zeroed until the first .cfi_negate_ra_state / .cfi_set_ra_state [1]. The GPRs struct containing __ra_sign_state is memcpy'd directly from the unw_context_t, which in turn is initialized by __unw_getcontext. Since it is a pseudo register, there is no corresponding state to restore in __unw_resume. https://github.com/ARM-software/abi-aa/blob/main/aadwarf64/aadwarf64.rst#44call-frame-instructions >From 643822ea84f6347d9b662ff4f0cf2bef97da041a Mon Sep 17 00:00:00 2001 From: Jon Roelofs <[email protected]> Date: Thu, 18 Jun 2026 17:44:35 -0700 Subject: [PATCH] [libunwind] Fix an uninitialized read of __ra_sign_state The Arm DWARF spec defines UNW_AARCH64_RA_SIGN_STATE as being zeroed until the first .cfi_negate_ra_state / .cfi_set_ra_state [1]. The GPRs struct containing __ra_sign_state is memcpy'd directly from the unw_context_t, which in turn is initialized by __unw_getcontext. Since it is a pseudo register, there is no corresponding state to restore in __unw_resume. https://github.com/ARM-software/abi-aa/blob/main/aadwarf64/aadwarf64.rst#44call-frame-instructions --- libunwind/src/UnwindRegistersSave.S | 1 + 1 file changed, 1 insertion(+) diff --git a/libunwind/src/UnwindRegistersSave.S b/libunwind/src/UnwindRegistersSave.S index ca9a97b18e764..a82ebd1ead23b 100644 --- a/libunwind/src/UnwindRegistersSave.S +++ b/libunwind/src/UnwindRegistersSave.S @@ -807,6 +807,7 @@ DEFINE_LIBUNWIND_FUNCTION(__unw_getcontext) mov x1,sp str x1, [x0, #0x0F8] str x30, [x0, #0x100] // store return address as pc + str xzr, [x0, #0x108] // zero __ra_sign_state // skip cpsr #if defined(__ARM_FP) && __ARM_FP != 0 stp d0, d1, [x0, #0x110] _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
