[libunwind] Fix evaluating DWARF operation DW_OP_pick reg is unsigned type and used here for getting array element from the end by negating it. negation of unsigned can result in large number and array access with that index will result in segmentation fault. Fixes: https://bugs.llvm.org/show_bug.cgi?id=43872 Patched by: kamlesh kumar Differential Revision: https://reviews.llvm.org/D69893 Cr-Mirrored-From: sso://chromium.googlesource.com/_direct/external/github.com/llvm/llvm-project Cr-Mirrored-Commit: 9366397f057d18401e680b2cb28a0ee17c59d4a6

commit: e12b2485b962cd9966a5591a78f06cf2dd41d655 [log] [tgz]
author: Steven Wu <stevenwu@apple.com> Wed Dec 18 12:22:21 2019 -0800
committer: Steven Wu <stevenwu@apple.com> Wed Dec 18 12:22:21 2019 -0800
tree: 960906149925bf910da592f8c43ff8c300608d0e
parent: c3889d97013d3d460d10fd0a5458cd4654e67c0c [diff] [blame]
diff --git a/src/DwarfInstructions.hpp b/src/DwarfInstructions.hpp
index 48ef186..ee98f53 100644
--- a/src/DwarfInstructions.hpp
+++ b/src/DwarfInstructions.hpp

@@ -433,7 +433,7 @@
       // pick from
       reg = addressSpace.get8(p);
       p += 1;
-      value = sp[-reg];
+      value = sp[-(int)reg];
       *(++sp) = value;
       if (log)
         fprintf(stderr, "duplicate %d in stack\n", reg);
commit	e12b2485b962cd9966a5591a78f06cf2dd41d655	[log] [tgz]
author	Steven Wu <stevenwu@apple.com>	Wed Dec 18 12:22:21 2019 -0800
committer	Steven Wu <stevenwu@apple.com>	Wed Dec 18 12:22:21 2019 -0800
tree	960906149925bf910da592f8c43ff8c300608d0e
parent	c3889d97013d3d460d10fd0a5458cd4654e67c0c [diff] [blame]