From 3ff2c72e14b7f4381c785ee35608c2812ef8610e Mon Sep 17 00:00:00 2001
From: Alan Hayward <alan.hayward@arm.com>
Date: Mon, 17 Sep 2018 15:28:53 +0100
Subject: [PATCH] Aarch64 SVE: Fix stack smashing when calling functions

Using "call" on a function that passes arguments via float registers can cause
gdb to overflow buffers.

Ensure enough memory is reserved to hold a full FP register.

This fixes gdb.base/callfuncs.exp for Aarch64 SVE.

2018-09-18  Alan Hayward  <alan.hayward@arm.com>

	* aarch64-tdep.c (pass_in_v): Use register size.
	(aarch64_extract_return_value): Likewise.
	(aarch64_store_return_value): Likewise.
---
 gdb/ChangeLog      |  6 ++++++
 gdb/aarch64-tdep.c | 12 +++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index ddd2782d99..790cd3b1ee 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,9 @@
+2018-09-18  Alan Hayward  <alan.hayward@arm.com>
+
+	* aarch64-tdep.c (pass_in_v): Use register size.
+	(aarch64_extract_return_value): Likewise.
+	(aarch64_store_return_value): Likewise.
+
 2018-09-18  Rainer Orth  <ro@CeBiTec.Uni-Bielefeld.DE>
 
 	* utils.c (dump_core) [HAVE_SETRLIMIT]: Cast RLIM_INFINITY to
diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
index d2e6ac64d5..90b6deb0ea 100644
--- a/gdb/aarch64-tdep.c
+++ b/gdb/aarch64-tdep.c
@@ -1366,7 +1366,9 @@ pass_in_v (struct gdbarch *gdbarch,
   if (info->nsrn < 8)
     {
       int regnum = AARCH64_V0_REGNUM + info->nsrn;
-      gdb_byte reg[V_REGISTER_SIZE];
+      /* Enough space for a full vector register.  */
+      gdb_byte reg[register_size (gdbarch, regnum)];
+      gdb_assert (len <= sizeof (reg));
 
       info->argnum++;
       info->nsrn++;
@@ -1937,7 +1939,9 @@ aarch64_extract_return_value (struct type *type, struct regcache *regs,
       for (int i = 0; i < elements; i++)
 	{
 	  int regno = AARCH64_V0_REGNUM + i;
-	  bfd_byte buf[V_REGISTER_SIZE];
+	  /* Enough space for a full vector register.  */
+	  gdb_byte buf[register_size (gdbarch, regno)];
+	  gdb_assert (len <= sizeof (buf));
 
 	  if (aarch64_debug)
 	    {
@@ -2047,7 +2051,9 @@ aarch64_store_return_value (struct type *type, struct regcache *regs,
       for (int i = 0; i < elements; i++)
 	{
 	  int regno = AARCH64_V0_REGNUM + i;
-	  bfd_byte tmpbuf[V_REGISTER_SIZE];
+	  /* Enough space for a full vector register.  */
+	  gdb_byte tmpbuf[register_size (gdbarch, regno)];
+	  gdb_assert (len <= sizeof (tmpbuf));
 
 	  if (aarch64_debug)
 	    {
-- 
2.34.1