Fix Overlap Handling in sim_copyfullstate to Prevent Undefined Behavior

PwnVerse · anchao · commit 3e6649856bd3 · 2025-01-06T08:19:04.000+08:00
diff --git a/arch/sim/src/sim/sim_copyfullstate.c b/arch/sim/src/sim/sim_copyfullstate.c
@@ -27,6 +27,7 @@
 #include <nuttx/config.h>
 
 #include <stdint.h>
+#include <string.h>
 #include <arch/irq.h>
 
 #include "sim_internal.h"
@@ -45,18 +46,13 @@
 
 void sim_copyfullstate(xcpt_reg_t *dest, xcpt_reg_t *src)
 {
-  int i;
-
   /* In the sim model, the state is copied from the stack to the TCB,
    * but only a reference is passed to get the state from the TCB.  So the
    * following check avoids copying the TCB save area onto itself:
    */
 
   if (src != dest)
     {
-      for (i = 0; i < XCPTCONTEXT_REGS; i++)
-        {
-          *dest++ = *src++;
-        }
+      memmove(dest, src, XCPTCONTEXT_REGS * sizeof(xcpt_reg_t));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@`
`27`	`27`	`#include <nuttx/config.h>`
`28`	`28`
`29`	`29`	`#include <stdint.h>`
	`30`	`+#include <string.h>`
`30`	`31`	`#include <arch/irq.h>`
`31`	`32`
`32`	`33`	`#include "sim_internal.h"`
`@@ -45,18 +46,13 @@`
`45`	`46`
`46`	`47`	`void sim_copyfullstate(xcpt_reg_t dest, xcpt_reg_t src)`
`47`	`48`	`{`
`48`		`- int i;`
`49`		`-`
`50`	`49`	`/* In the sim model, the state is copied from the stack to the TCB,`
`51`	`50`	`* but only a reference is passed to get the state from the TCB. So the`
`52`	`51`	`* following check avoids copying the TCB save area onto itself:`
`53`	`52`	`*/`
`54`	`53`
`55`	`54`	`if (src != dest)`
`56`	`55`	`{`
`57`		`- for (i = 0; i < XCPTCONTEXT_REGS; i++)`
`58`		`- {`
`59`		`- dest++ = src++;`
`60`		`- }`
	`56`	`+ memmove(dest, src, XCPTCONTEXT_REGS * sizeof(xcpt_reg_t));`
`61`	`57`	`}`
`62`	`58`	`}`