You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The JIT compiler does not emit check instructions for the target PC during code generation. Hence, any invalid jump target can be triggered without validation:
emit1(state, 0xe8); // e8 is the opcode for a CALL
emit_jump_target_address(state, target_pc);
Execute the following PoC program can result in the invalid behavior:
mov %r0, 0
call 0x0
exit
We get the unexpected error:
==222454==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a4c2167e84 (pc 0x55a4c2167e84 bp 0x7fffc1588ab0 sp 0x7fffc15888a8 T222454)
==222454==The signal is caused by a READ memory access.
==222454==Hint: PC is at a non-executable region. Maybe a wild jump?
#0 0x55a4c2167e84 ([heap]+0x1ae84)
and
==224895==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x7ffd7a20f5d0 sp 0x7ffd7a20f3c8 T224895)
==224895==Hint: pc points to the zero page.
==224895==The signal is caused by a READ memory access.
==224895==Hint: address points to the zero page.
The text was updated successfully, but these errors were encountered:
The JIT compiler does not emit check instructions for the target PC during code generation. Hence, any invalid jump target can be triggered without validation:
ubpf/vm/ubpf_jit_x86_64.c
Lines 102 to 118 in 7d6da19
Execute the following PoC program can result in the invalid behavior:
We get the unexpected error:
and
The text was updated successfully, but these errors were encountered: