c18n: Compare pointers by converting them to integers first

Strictly speaking, using >= to compare pointers to different trusted frames is undefined behaviour.
CTSRD-CHERI · Oct 16, 2024 · 7b227c8 · 7b227c8
1 parent 4c342cb
commit 7b227c8
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/libexec/rtld-elf/rtld_c18n.c b/libexec/rtld-elf/rtld_c18n.c
@@ -945,7 +945,8 @@ unwind_stack(struct jmp_args ret, void *rcsp, struct trusted_frame *target)
 
 	tf = get_trusted_stk();
 
-	if (!cheri_is_subset(tf, target) || tf->previous >= target) {
+	if (!cheri_is_subset(tf, target) ||
+	    (ptraddr_t)tf->previous >= (ptraddr_t)target) {
 		rtld_fdprintf(STDERR_FILENO,
 		    "c18n: Illegal unwind from %#p to %#p\n", tf, target);
 		abort();
@@ -961,7 +962,7 @@ unwind_stack(struct jmp_args ret, void *rcsp, struct trusted_frame *target)
 		cid = index_to_cid(index);
 		ospp = &table->entries[cid].stack;
 
-		if (*ospp > cur->osp) {
+		if ((ptraddr_t)*ospp > (ptraddr_t)cur->osp) {
 			rtld_fdprintf(STDERR_FILENO,
 			    "c18n: Cannot unwind %s from %#p to %#p\n",
 			    comparts.data[cid].name, *ospp, cur->osp);
@@ -970,9 +971,9 @@ unwind_stack(struct jmp_args ret, void *rcsp, struct trusted_frame *target)
 
 		*ospp = cur->osp;
 		cur = cur->previous;
-	} while (cur < target);
+	} while ((ptraddr_t)cur < (ptraddr_t)target);
 
-	if (cur != target) {
+	if ((ptraddr_t)cur != (ptraddr_t)target) {
 		rtld_fdprintf(STDERR_FILENO,
 		    "c18n: Illegal unwind from %#p to %#p\n", cur, target);
 		abort();
@@ -983,7 +984,7 @@ unwind_stack(struct jmp_args ret, void *rcsp, struct trusted_frame *target)
 	 * topmost trusted frame to restore the untrusted stack when it is
 	 * popped.
 	 */
-	if (rcsp > *ospp) {
+	if ((ptraddr_t)rcsp > (ptraddr_t)*ospp) {
 		rtld_fdprintf(STDERR_FILENO,
 		    "c18n: Cannot complete unwind %s from %#p to %#p, ",
 		    "tf: %#p -> %#p\n", comparts.data[cid].name, rcsp, *ospp,