dtrace: do not overrun the start of the user stack

When scanning user stacks in dtrace_getufpstack(), we iterate from the
current stack pointer back to the start of the stack, getting the
unsigned long at each location and seeing if we can interpret it as a
pointer.

However, since the stack grows down on all platforms supported by
DTrace, the 'start' of the stack is the end of the VMA -- so we should
stop one unsigned long before the beginning, or we'll try to read off
the end (harmlessly, but still.)

Orabug: 22629102
Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Acked-by: Kris Van Hees <kris.van.hees@oracle.com>

diff --git a/dtrace/dtrace_isa.c b/dtrace/dtrace_isa.c
index 1a75be2fbae413e1b4559672b7a0da66280895ce..ae5d5c09082a8c5fd248483c7e0b6f011f1d8cf5 100644 (file)
--- a/dtrace/dtrace_isa.c
+++ b/dtrace/dtrace_isa.c
@@ -21,7 +21,7 @@
  *
  * CDDL HEADER END
  *
- * Copyright 2010, 2011, 2012, 2013, 2014 Oracle, Inc.  All rights reserved.
+ * Copyright 2010 -- 2016 Oracle, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -257,7 +257,7 @@ unsigned long dtrace_getufpstack(uint64_t *pcstack, uint64_t *fpstack,
         * Otherwise, loop until we run out of stack.
         */
        for (sp = (unsigned long *)tos;
-            sp <= (unsigned long *)bos &&
+            sp <= ((unsigned long *)bos - sizeof(unsigned long)) &&
                     ((pcstack && pcstack_limit > 0) ||
                      !pcstack);
             sp++) {