From 9366397f057d18401e680b2cb28a0ee17c59d4a6 Mon Sep 17 00:00:00 2001
From: Steven Wu <stevenwu@apple.com>
Date: Wed, 18 Dec 2019 12:22:21 -0800
Subject: [libunwind] Fix evaluating DWARF operation DW_OP_pick

reg is unsigned type and used here for getting array element from the end by
negating it. negation of unsigned can result in large number and array access
with that index will result in segmentation fault.

Fixes: https://bugs.llvm.org/show_bug.cgi?id=43872

Patched by: kamlesh kumar

Differential Revision: https://reviews.llvm.org/D69893
---
 libunwind/src/DwarfInstructions.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libunwind')

diff --git a/libunwind/src/DwarfInstructions.hpp b/libunwind/src/DwarfInstructions.hpp
index 48ef1866d6e1..ee98f538d437 100644
--- a/libunwind/src/DwarfInstructions.hpp
+++ b/libunwind/src/DwarfInstructions.hpp
@@ -433,7 +433,7 @@ DwarfInstructions<A, R>::evaluateExpression(pint_t expression, A &addressSpace,
       // pick from
       reg = addressSpace.get8(p);
       p += 1;
-      value = sp[-reg];
+      value = sp[-(int)reg];
       *(++sp) = value;
       if (log)
         fprintf(stderr, "duplicate %d in stack\n", reg);
-- 
cgit v1.2.1