Skip to content

std.debug: remove @frameAddress() "UAF" #25048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 28, 2025
Merged

std.debug: remove @frameAddress() "UAF" #25048

merged 1 commit into from
Aug 28, 2025

Conversation

@mlugg
Copy link
Member

@mlugg mlugg commented Aug 27, 2025

We can't call @frameAddress() and then immediately return! That invalidates the frame. This usually isn't a problem, because the stack walk next call will probably have a stack frame and it will probably be at the exact same address, but neither of those is a guarantee. On powerpc, presumably some unfortunate inlining was going on, so this frame was indeed invalidated when we started walking frames.

We need to explicitly pass @frameAddress into any function which will return before we actually walk the stack. Pretty simple patch.

Resolves: #24970

@mlugg mlugg enabled auto-merge (rebase) August 27, 2025 20:41
@mlugg
std.debug: remove @frameAddress() "UAF"
0fbc520 
We can't call `@frameAddress()` and then immediately `return`! That
invalidates the frame. This *usually* isn't a problem, because the stack
walk `next` call will *probably* have a stack frame and it will
*probably* be at the exact same address, but neither of those is a
guarantee. On powerpc, presumably some unfortunate inlining was going
on, so this frame was indeed invalidated when we started walking frames.

We need to explicitly pass `@frameAddress` into any function which will
return before we actually walk the stack. Pretty simple patch.

Resolves: ziglang#24970
@mlugg mlugg force-pushed the frameaddress-stackiterator-uaf branch from b071f85 to 0fbc520 Compare August 28, 2025 03:01
@alexrp alexrp mentioned this pull request Aug 28, 2025
Merged
@mlugg mlugg merged commit a31950a into ziglang:master Aug 28, 2025
14 checks passed
@mlugg mlugg deleted the frameaddress-stackiterator-uaf branch August 28, 2025 22:15
@rootbeer rootbeer mentioned this pull request Sep 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

stack trace code tries to access invalid memory

1 participant

@mlugg