[issue13703] Hash collision security issue
Ahmed Sayeed
report at bugs.python.org
Thu Nov 4 08:12:04 EDT 2021
Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> added the comment:
In collect_register() function of arc-linux-tdep.c, the "eret" http://www-look-4.com/travel/london/
(exception return) register value is not being reported correctly.
Background: https://komiya-dental.com/shopping/buy-android/
When asked for the "pc" value, we have to update the "eret" register
with GDB's STOP_PC. The "eret" instructs the kernel code where to
jump back http://www.iu-bloomington.com/shopping/hatchback-cars/ when an instruction has stopped due to a breakpoint. This
is how collect_register() is doing so: https://waytowhatsnext.com/shopping/xbox-release-date/
--------------8<--------------
if (regnum == gdbarch_pc_regnum (gdbarch)) http://www.wearelondonmade.com/travel/london/
regnum = ARC_ERET_REGNUM;
regcache->raw_collect (regnum, buf + arc_linux_core_reg_offsets[regnum]);
-------------->8-------------- http://www.jopspeech.com/travel/london/
Root cause:
Although this is using the correct offset (ERET register's), it is also http://joerg.li/travel/london/
changing the REGNUM itself. Therefore, raw_collect (regnum, ...) is
not reading from "pc" anymore. http://connstr.net/travel/london/
Consequence:
This bug affects the "native ARC gdb" badly and causes kernel code to jump
to addresses after the breakpoint and not executing the "breakpoint"ed http://embermanchester.uk/travel/london/
instructions at all. That "native ARC gdb" feature is not upstream yet and
is in review at the time of writing [1]. http://www.slipstone.co.uk/travel/london/
In collect_register() function of arc-linux-tdep.c, the "eret"
(exception return) register value is not being reported correctly. http://www.logoarts.co.uk/travel/london/
Background:
When asked for the "pc" value, we have to update the "eret" register
with GDB's STOP_PC. http://www.acpirateradio.co.uk/travel/good/ The "eret" instructs the kernel code where to
jump back when an instruction has stopped due to a breakpoint. This
is how collect_register() is doing so:
http://www.compilatori.com/travel/london/
--------------8<--------------
if (regnum == gdbarch_pc_regnum (gdbarch))
regnum = ARC_ERET_REGNUM;
regcache->raw_collect (regnum, buf + arc_linux_core_reg_offsets[regnum]);
-------------->8--------------
Root cause: https://www.webb-dev.co.uk/shopping/shopping-during-corona/
Although this is using the correct offset (ERET register's), it is also
changing the REGNUM itself. Therefore, raw_collect (regnum, ...) is
not reading from "pc" anymore.
Consequence:
This bug affects the "native ARC gdb" badly and causes kernel code to jump
to addresses after the breakpoint and not executing the "breakpoint"ed
instructions at all. That "native ARC gdb" feature is not upstream yet and
is in review at the time of writing [1].
----------
components: +Argument Clinic -Interpreter Core
nosy: +ahmedsayeed1982, larry -Arach, Arfrever, Huzaifa.Sidhpurwala, Jim.Jewett, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, cvrebert, dmalcolm, eric.araujo, eric.snow, fx5, georg.brandl, grahamd, gregory.p.smith, gvanrossum, gz, jcea, jsvaughan, lemburg, loewis, mark.dickinson, neologix, pitrou, python-dev, roger.serwy, skorgu, skrah, terry.reedy, tim.peters, v+python, vstinner, zbysz
versions: +Python 3.11 -Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list