On Tuesday, May 15, 2018, Mark Kettenis <[email protected]> wrote:
> There's a subtle bug in the DL_SYSCALL() implementation on arm64. > Upon error we're supposed to return -errno. The code does a negate of > the lower 32-bit bits. This means that syscalls that return a 64-bit > number (i.e. ssize_t) still return a positive number as the upper 32 > bits remain zero. So we should negate the full 64 bits. That's safe > even for system calls that return a 32-bit number since setting the > lower 32 bits zeroes the upper 32 bits on arm64 just like on amd64. > > Fixes a crash I saw during ports building where dl_readlink() > returning EINVAL resulted in an out-of-bounds access. > > ok? Nice catch. Ok guenther@
