Fix sigreturn for x86 (#668)

CvvT · web-flow · commit 35866b94f996 · 2026-02-24T18:53:34.000Z
According to [Linux](https://elixir.bootlin.com/linux/v5.19.17/source/arch/x86/kernel/signal.c#L633), `esp - 8` should point to `SignalFrame` instead of `LegacyContext`. We could also remove the ` - 8` and following `wrapping_add` directly but keep it just to be consistent with Linux. There are some potential overflow issues where we perform some arithmetic operations on user provided input. We should always use `checked_*` or `wrapping_*`. There are likely more similar issues in the codebase, and this PR only fixes the ones related to `sigreturn`.
diff --git a/litebox_shim_linux/src/syscalls/signal/x86.rs b/litebox_shim_linux/src/syscalls/signal/x86.rs
@@ -42,7 +42,8 @@ struct SignalFrameRt {
 impl<FS: crate::ShimFS> Task<FS> {
     /// Legacy signal return syscall implementation for x86.
     pub(crate) fn sys_sigreturn(&self, ctx: &mut PtRegs) -> Result<usize, Errno> {
-        let lctx_addr = ctx.esp.wrapping_sub(8);
+        let sigframe_addr = ctx.esp.wrapping_sub(8);
+        let lctx_addr = sigframe_addr.wrapping_add(offset_of!(SignalFrame, context));
         let lctx_ptr = ConstPtr::<LegacyContext>::from_usize(lctx_addr);
         let Some(lctx) = lctx_ptr.read_at_offset(0) else {
             self.force_signal(Signal::SIGSEGV, false);
@@ -73,14 +74,14 @@ pub(super) fn get_signal_frame(sp: usize, action: &SigAction) -> usize {
 
     // Space for the signal frame.
     if action.flags.contains(SaFlags::SIGINFO) {
-        frame_addr -= core::mem::size_of::<SignalFrameRt>();
+        frame_addr = frame_addr.wrapping_sub(core::mem::size_of::<SignalFrameRt>());
     } else {
-        frame_addr -= core::mem::size_of::<SignalFrame>();
+        frame_addr = frame_addr.wrapping_sub(core::mem::size_of::<SignalFrame>());
     }
 
     // Align the frame (offset by 4 bytes for return address).
     frame_addr &= !15;
-    frame_addr -= 4;
+    frame_addr = frame_addr.wrapping_sub(4);
 
     frame_addr
 }
diff --git a/litebox_shim_linux/src/syscalls/signal/x86_64.rs b/litebox_shim_linux/src/syscalls/signal/x86_64.rs
@@ -32,14 +32,14 @@ pub(super) fn get_signal_frame(sp: usize, _action: &SigAction) -> usize {
     let mut frame_addr = sp;
 
     // Skip the redzone.
-    frame_addr -= 128;
+    frame_addr = frame_addr.wrapping_sub(128);
 
     // Space for the signal frame.
-    frame_addr -= core::mem::size_of::<SignalFrame>();
+    frame_addr = frame_addr.wrapping_sub(core::mem::size_of::<SignalFrame>());
 
     // Align the frame (offset by 8 bytes for return address)
     frame_addr &= !15;
-    frame_addr -= 8;
+    frame_addr = frame_addr.wrapping_sub(8);
 
     frame_addr
 }
