-3

From Wikipedia:

long: Long signed integer type. Capable of containing at least the [−2,147,483,647, +2,147,483,647] range; thus, it is at least 32 bits in size.

From man ptrace:

long ptrace(enum __ptrace_request request, pid_t pid,
            void *addr, void *data);

Remember that signed overflow is undefined behavior in C. The registers on x86_64 store 64-bit values.

Is it thus unsafe to read the contents of the registers (e.g. ORIG_RAX) with ptrace on x86_64?

marmistrz
  • 5,974
  • 10
  • 42
  • 94
  • 4
    `ptrace()` is platform-specific for Linux and on Linux x86_64, `long` is 64 bit (it uses the LP64 model) –  Jul 07 '17 at 11:16
  • 1
    Note that when reading registers (`PTRACE_GETREGS`), values are returned via `data` arument, not returned as return value ("On success, PTRACE_PEEK* requests return the requested data, while other requests return zero" according to man). – el.pescado - нет войне Jul 07 '17 at 11:20
  • 4
    You missed a very important part of that quote. "at least" – Art Jul 07 '17 at 11:40
  • Why so many downvotes? I did not know that every Linux is guaranteed to have a 64-bit long. – marmistrz Jul 07 '17 at 12:09
  • 2
    Two downvotes is nowhere near a lot ("so many", as you say), and not knowing something does not make a question useful. You are expected to do some research first, before asking. – Cody Gray - on strike Jul 07 '17 at 12:44
  • 1
    This is just the first of many warts you'll encounter while learning ptrace. It might be better if its return value were standardized as `union { intmax_t; void *; }`, but I think any standards committee charged with rationalizing ptrace's interface would run away in horror before they got that far. – Mark Plotnick Jul 08 '17 at 10:53
  • Hmm, if that definition of `ptrace` is used on every platform, I guess that means the ABI used by Linux on any architecture has `long` at least as wide as a pointer. Interesting. I knew that was the case for the x86-64 System V ABI that Linux uses, but didn't know about other architecture ABIs. – Peter Cordes Jul 09 '17 at 14:11

2 Answers2

2

ptrace() is not specified in POSIX. It's available on Linux and some other systems, all of which have in common that they use the LP64 data model on x86_64. With these platforms, you have 64bit long. So, this is safe.

(Windows on the other hand uses LLP64, only long long is 64bit on x86_64)

0

When you something like ptrace you are not talking about the C standard. You have fixed the target/platform/architecture(/compiler). These things fix the implementation.

Under this implementation, the behavior happening is defined and is safe(because it uses 64 bit size for long).

So no, it is not unsafe. But it would be unsafe if you just copied the compiled binaries and used on another target.

Ajay Brahmakshatriya
  • 8,993
  • 3
  • 26
  • 49