From ffe51b4d28f4de048b7be442f7fa8b3527b3e609 Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Wed, 20 Aug 2025 23:36:45 -0400
Subject: kernel/amd64: Do not run off callstack in trace

Previously, if RBP becomes NULL (indicating that the END of the
callstack has been reached), we still had a chance of dereferencing a
NULL pointer when attempting to grab the next value for 'rip'. This
commit checks if RBP is NULL before we get the next instruction pointer
value.

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 sys/arch/amd64/amd64/machdep.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'sys')

diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
index 76c1a5f..1a07cb5 100644
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@@ -404,7 +404,7 @@ cpu_shootdown_tlb(vaddr_t va)
 void
 md_backtrace(void)
 {
-    uintptr_t *rbp;
+    uintptr_t *rbp = NULL;
     uintptr_t rip, tmp;
     off_t off;
     const char *name;
@@ -417,6 +417,11 @@ md_backtrace(void)
             break;
         }
 
+        /* End of callstack */
+        if (rbp == NULL) {
+            break;
+        }
+
         rip = rbp[1];
         rbp = (uintptr_t *)rbp[0];
 
@@ -434,7 +439,7 @@ md_backtrace(void)
          * This is not a valid value, get out
          * of this loop!!
          */
-        if (rbp == NULL || rip == 0) {
+        if (rip == 0) {
             break;
         }
 
-- 
cgit v1.2.3