From fda8f00c97f148317032847639744c42217b02f3 Mon Sep 17 00:00:00 2001
From: Nick Alcock <nick.alcock@oracle.com>
Date: Fri, 29 Jan 2016 14:47:03 +0000
Subject: [PATCH] dtrace: do not overrun the start of the user stack

When scanning user stacks in dtrace_getufpstack(), we iterate from the
current stack pointer back to the start of the stack, getting the
unsigned long at each location and seeing if we can interpret it as a
pointer.

However, since the stack grows down on all platforms supported by
DTrace, the 'start' of the stack is the end of the VMA -- so we should
stop one unsigned long before the beginning, or we'll try to read off
the end (harmlessly, but still.)

Orabug: 22629102
Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Acked-by: Kris Van Hees <kris.van.hees@oracle.com>
---
 dtrace/dtrace_isa.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dtrace/dtrace_isa.c b/dtrace/dtrace_isa.c
index 1a75be2fbae4..ae5d5c09082a 100644
--- a/dtrace/dtrace_isa.c
+++ b/dtrace/dtrace_isa.c
@@ -21,7 +21,7 @@
  *
  * CDDL HEADER END
  *
- * Copyright 2010, 2011, 2012, 2013, 2014 Oracle, Inc.  All rights reserved.
+ * Copyright 2010 -- 2016 Oracle, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -257,7 +257,7 @@ unsigned long dtrace_getufpstack(uint64_t *pcstack, uint64_t *fpstack,
 	 * Otherwise, loop until we run out of stack.
 	 */
 	for (sp = (unsigned long *)tos;
-	     sp <= (unsigned long *)bos &&
+	     sp <= ((unsigned long *)bos - sizeof(unsigned long)) &&
 		     ((pcstack && pcstack_limit > 0) ||
 		      !pcstack);
 	     sp++) {
-- 
2.50.1