From 444eacba82f675d4657ad55da67b355536be90ab Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Thu, 22 Sep 2016 02:43:39 +0200
Subject: [PATCH] hurd: Fix stack pointer corruption in syscall

Thanks Justus Winter for the report.

	* sysdeps/mach/i386/syscall.S (syscall): Push back syscall number.
---
 ChangeLog                   | 1 +
 sysdeps/mach/i386/syscall.S | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b2add6a3e3..abd699536b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,7 @@
 	_hurd_malloc_fork_prepare after that. Call _hurd_malloc_fork_parent
 	before __malloc_fork_unlock_parent and _hurd_malloc_fork_child before
 	__malloc_fork_unlock_child.
+	* sysdeps/mach/i386/syscall.S (syscall): Push back syscall number.
 
 2016-09-21  James Greenhalgh  <james.greenhalgh@arm.com>
 
diff --git a/sysdeps/mach/i386/syscall.S b/sysdeps/mach/i386/syscall.S
index adb7716948..643cddc9ba 100644
--- a/sysdeps/mach/i386/syscall.S
+++ b/sysdeps/mach/i386/syscall.S
@@ -22,5 +22,8 @@ ENTRY (syscall)
 	popl %eax		/* Pop syscall number into %eax.  */
 	pushl %ecx		/* Push back return address.  */
 	.byte 0x9a, 0, 0, 0, 0, 7, 0 /* lcall $7, $0 -- gas bug */
+	popl %ecx		/* Pop return address into %ecx.  */
+	pushl $0		/* Push back dumb syscall number.  */
+	pushl %ecx		/* Push back return address.  */
 	ret
 END (syscall)
-- 
2.11.4.GIT