diff options
| author | Michael Brown | 2015-04-07 07:40:34 +0200 |
|---|---|---|
| committer | Michael Brown | 2015-04-07 07:40:34 +0200 |
| commit | 00ff3d8bb3af0831ced99e8b6f226291ca236883 (patch) | |
| tree | 1c65ea27c4a641eb229386365ecffd7210d0fba7 /src/core/errno.c | |
| parent | [xhci] Support USB1 devices attached via transaction translators (diff) | |
| download | ipxe-00ff3d8bb3af0831ced99e8b6f226291ca236883.tar.gz ipxe-00ff3d8bb3af0831ced99e8b6f226291ca236883.tar.xz ipxe-00ff3d8bb3af0831ced99e8b6f226291ca236883.zip | |
[libc] Fix typo in longjmp()
Commit 8ab4b00 ("[libc] Rewrite setjmp() and longjmp()") introduced a
regression in which the saved values of %ebx, %esi, and %edi were all
accidentally restored into %esp. The result is that the second and
subsequent returns from setjmp() would effectively corrupt %ebx, %esi,
%edi, and the stack pointer %esp.
Use of setjmp() and longjmp() is generally discouraged: our only use
occurs as part of the implementation of PXENV_RESTART_TFTP, since the
PXE API effectively mandates its use here. The call to setjmp()
occurs at the start of pxe_start_nbp(), where there are almost
certainly no values held in %ebx, %esi, or %edi. The corruption of
these registers therefore had no visible effect on program execution.
The corruption of %esp would have been visible on return from
pxe_start_nbp(), but there are no known PXE NBPs which first call
PXENV_RESTART_TFTP and subsequently attempt to return to the PXE base
code. The effect on program execution was therefore similar to that
of moving the stack to a pseudo-random location in the 32-bit address
space; this will often allow execution to complete successfully since
there is a high chance that the pseudo-random location will be unused.
The regression therefore went undetected for around one month.
Fix by restoring the correct registers from the saved jmp_buf
structure.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/core/errno.c')
0 files changed, 0 insertions, 0 deletions