Add safety checks to _stp_get_register_by_offset()

This now checks that CONTEXT->regs actually exists, and that the
requested offset is in the correct range.

4 files changed, 41 insertions, 1 deletions

diff --git a/tapset/i686/registers.stp b/tapset/i686/registers.stp
index b9eaba5b..a6e5694e 100644
--- a/tapset/i686/registers.stp
+++ b/tapset/i686/registers.stp
@@ -26,6 +26,16 @@ function _stp_register_regs() {
 
 function _stp_get_register_by_offset:long (offset:long) %{ /* pure */
 	long value;
+	if (!CONTEXT->regs) {
+		CONTEXT->last_error = "No registers available in this context";
+		return;
+	}
+	if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) {
+		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
+				"Bad register offset: %lld", THIS->offset);
+		CONTEXT->last_error = CONTEXT->error_buffer;
+		return;
+	}
 	memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value));
 	THIS->__retvalue = value;
 %}
diff --git a/tapset/ppc64/registers.stp b/tapset/ppc64/registers.stp
index 6a8ae279..e5decd81 100644
--- a/tapset/ppc64/registers.stp
+++ b/tapset/ppc64/registers.stp
@@ -64,6 +64,16 @@ function probing_32bit_app() %{ /* pure */
 
 function _stp_get_register_by_offset:long (offset:long) %{ /* pure */
 	long value;
+	if (!CONTEXT->regs) {
+		CONTEXT->last_error = "No registers available in this context";
+		return;
+	}
+	if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) {
+		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
+				"Bad register offset: %lld", THIS->offset);
+		CONTEXT->last_error = CONTEXT->error_buffer;
+		return;
+	}
 	memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value));
 	THIS->__retvalue = value;
 %}
diff --git a/tapset/s390x/registers.stp b/tapset/s390x/registers.stp
index 84e28348..37218d14 100644
--- a/tapset/s390x/registers.stp
+++ b/tapset/s390x/registers.stp
@@ -56,8 +56,18 @@ function _stp_probing_kernel: long () %{ /* pure */
 
 function _stp_get_register_by_offset:long (offset:long) %{ /* pure */
 	long value;
+	if (!CONTEXT->regs) {
+		CONTEXT->last_error = "No registers available in this context";
+		return;
+	}
+	if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(unsigned short)) {
+		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
+				"Bad register offset: %lld", THIS->offset);
+		CONTEXT->last_error = CONTEXT->error_buffer;
+		return;
+	}
 
-	if (THIS->offset <= 152)
+	if (THIS->offset < sizeof(struct pt_regs) - 2 * sizeof(unsigned short))
 		memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset,
 				sizeof(value));
 	else {
diff --git a/tapset/x86_64/registers.stp b/tapset/x86_64/registers.stp
index dd5eefb0..2e21f3eb 100644
--- a/tapset/x86_64/registers.stp
+++ b/tapset/x86_64/registers.stp
@@ -40,6 +40,16 @@ function _stp_register_regs() {
 
 function _stp_get_register_by_offset:long (offset:long) %{ /* pure */
 	long value;
+	if (!CONTEXT->regs) {
+		CONTEXT->last_error = "No registers available in this context";
+		return;
+	}
+	if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) {
+		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
+				"Bad register offset: %lld", THIS->offset);
+		CONTEXT->last_error = CONTEXT->error_buffer;
+		return;
+	}
 	memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value));
 	THIS->__retvalue = value;
 %}