Author: jhb Date: Thu Jul 23 21:33:10 2020 New Revision: 363459 URL: https://svnweb.freebsd.org/changeset/base/363459
Log: Pass the right size to memcpy() when copying the array of FP registers. The size of the containing structure was passed instead of the size of the array. This happened to be harmless as the extra word copied is one we copy in the next line anyway. Reported by: CHERI (bounds check violation) Reviewed by: brooks, imp Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D25791 Modified: head/sys/riscv/riscv/machdep.c Modified: head/sys/riscv/riscv/machdep.c ============================================================================== --- head/sys/riscv/riscv/machdep.c Thu Jul 23 20:08:42 2020 (r363458) +++ head/sys/riscv/riscv/machdep.c Thu Jul 23 21:33:10 2020 (r363459) @@ -419,7 +419,7 @@ get_fpcontext(struct thread *td, mcontext_t *mcp) KASSERT((curpcb->pcb_fpflags & ~PCB_FP_USERMASK) == 0, ("Non-userspace FPE flags set in get_fpcontext")); memcpy(mcp->mc_fpregs.fp_x, curpcb->pcb_x, - sizeof(mcp->mc_fpregs)); + sizeof(mcp->mc_fpregs.fp_x)); mcp->mc_fpregs.fp_fcsr = curpcb->pcb_fcsr; mcp->mc_fpregs.fp_flags = curpcb->pcb_fpflags; mcp->mc_flags |= _MC_FP_VALID; @@ -446,7 +446,7 @@ set_fpcontext(struct thread *td, mcontext_t *mcp) curpcb = curthread->td_pcb; /* FPE usage is enabled, override registers. */ memcpy(curpcb->pcb_x, mcp->mc_fpregs.fp_x, - sizeof(mcp->mc_fpregs)); + sizeof(mcp->mc_fpregs.fp_x)); curpcb->pcb_fcsr = mcp->mc_fpregs.fp_fcsr; curpcb->pcb_fpflags = mcp->mc_fpregs.fp_flags & PCB_FP_USERMASK; td->td_frame->tf_sstatus |= SSTATUS_FS_CLEAN; _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
