Open yifanlu opened 7 years ago
For now a workaround for the user is to set the hook reference to 0 before calling taihen and in the hook function only call TAI_CONTINUE
if the reference is non-zero. Not a perfect solution but should prevent crashes.
Right now, if a function is called in middle of the hook, this series of events could be possible
substitute_hook_functions
is calledold
pointer is savedold
pointer into thetai_hook_t
object stored in user address space.tai_hook_t
It is possible, between 2 and 4 that the function is called. In that case, it jumps to the user function, which tries to call
TAI_CONTINUE
with an uninitialized reference.There are a couple of possible solutions:
NULL
before 1, then we modifyTAI_CONTINUE
to not dereference the hook if NULL and return error. The problem with this is that we cannot call the original function and this may break whatever code depends on it.