On Friday 12 May 2006 17:42, linux-os (Dick Johnson) wrote:
> >>> enter $10008, $0
> >>> # pushl %ebp
> >>> # movl %esp,%ebp
> >>> # subl $10008,%esp
> >>> addl $-12,%esp
> >> ^^^^^^^^^^^^^^____________ WTF
> >> adding a negative number is subtracting that positive value.
> >> You just subtracted 0xfffffff3 (on a 32-bit machine) from
> >> the stack pointer. It damn-well better seg-fault!
> >
> > No. Try it yourself.
> > --
> > vda
>
> It doesn't matter. It means that you still own the space there
> (it's mapped into your process). The code is bogus, broken beyond
> all repair. It has nothing to do with 'enter' it has to do with
> putting the stack pointer (wrapping it) to somewhere it shouldn't
> be. The stack pointer is normally around 0xafff0000. It just got
> wrapped down past zero up to fafff00d, then stuff got pushed
> onto it for the call.
Obviously you
(a) Don't want to actually try to compile and run it.
It will run. For Tomasz, it runs ok with 3-insn instruction sequence
instead of enter. For me, it works just fine with enter. But it works.
Why do you think it is not enough?
(b) can't do 32-bit math. You made two mistakes.
-12 is 0xfffffff4, not 0xfffffff3.
0xafff0000 + 0xfffffff4 = 0xaffefff4, not 0xfafff00d
and
(c) do not realize that 32bit i386+ CPUs check segment limits
AFTER performing 32bit math (i.e. overflow into 33th bit
is truncated instead of triggering limit violation)
--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
