From: deraadt <deraadt@openbsd.org>
Date: Sat, 10 Feb 2018 22:59:02 +0000 (+0000)
Subject: Shift top-of-stack down so that the random==0 case doesn't leave stack
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3b1a36d13b63d1ba75e94744d20b1a2b8fcec6e9;p=openbsd

Shift top-of-stack down so that the random==0 case doesn't leave stack
pointer beyond the space.
ok stefan, tedu
---

diff --git a/lib/librthread/rthread_stack.c b/lib/librthread/rthread_stack.c
index f40ca006c86..73c13e8478d 100644
--- a/lib/librthread/rthread_stack.c
+++ b/lib/librthread/rthread_stack.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rthread_stack.c,v 1.17 2017/09/05 02:40:54 guenther Exp $ */
+/* $OpenBSD: rthread_stack.c,v 1.18 2018/02/10 22:59:02 deraadt Exp $ */
 
 /* PUBLIC DOMAIN: No Rights Reserved. Marco S Hyman <marc@snafu.org> */
 
@@ -65,7 +65,7 @@ _rthread_alloc_stack(pthread_t thread)
 #ifdef MACHINE_STACK_GROWS_UP
 		stack->sp = base + rnd;
 #else
-		stack->sp = base + thread->attr.stack_size - rnd;
+		stack->sp = base + thread->attr.stack_size - (_STACKALIGNBYTES+1) - rnd;
 #endif
 		/*
 		 * This impossible guardsize marks this stack as
@@ -103,7 +103,7 @@ _rthread_alloc_stack(pthread_t thread)
 	stack->sp = base + rnd;
 #else
 	guard = base;
-	stack->sp = base + size - rnd;
+	stack->sp = base + size - (_STACKALIGNBYTES+1) - rnd;
 #endif
 
 	/* memory protect the guard region */