fix: stack frame corruption

ThePedroo · ThePedroo · commit 64dbaa23f0a9 · 2026-01-16T23:35:47.000-03:00
This commit fixes the issue where passing more than 6 args would lead to being duplication, leading to stack frame corruption.
diff --git a/loader/src/ptracer/utils.c b/loader/src/ptracer/utils.c
@@ -410,7 +410,7 @@ uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_add
       long remain = (args_size - 6L) * sizeof(long);
       align_stack(regs, remain);
 
-      if (!write_proc(pid, (uintptr_t) regs->REG_SP, args, remain)) LOGE("failed to push arguments");
+      if (!write_proc(pid, (uintptr_t) regs->REG_SP, &args[6], remain)) LOGE("failed to push arguments");
     }
 
     regs->REG_SP -= sizeof(long);
@@ -440,7 +440,7 @@ uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_add
       long remain = (args_size - 8) * sizeof(long);
       align_stack(regs, remain);
 
-      write_proc(pid, (uintptr_t)regs->REG_SP, args, remain);
+      write_proc(pid, (uintptr_t)regs->REG_SP, &args[8], remain);
     }
 
     regs->regs[30] = return_addr;
@@ -454,7 +454,7 @@ uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_add
       long remain = (args_size - 4) * sizeof(long);
       align_stack(regs, remain);
 
-      write_proc(pid, (uintptr_t)regs->REG_SP, args, remain);
+      write_proc(pid, (uintptr_t)regs->REG_SP, &args[4], remain);
     }
 
     regs->uregs[14] = return_addr;

Original file line number	Diff line number	Diff line change
`@@ -410,7 +410,7 @@ uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_add`
`410`	`410`	`long remain = (args_size - 6L) * sizeof(long);`
`411`	`411`	`align_stack(regs, remain);`
`412`	`412`
`413`		`- if (!write_proc(pid, (uintptr_t) regs->REG_SP, args, remain)) LOGE("failed to push arguments");`
	`413`	`+ if (!write_proc(pid, (uintptr_t) regs->REG_SP, &args[6], remain)) LOGE("failed to push arguments");`
`414`	`414`	`}`
`415`	`415`
`416`	`416`	`regs->REG_SP -= sizeof(long);`
`@@ -440,7 +440,7 @@ uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_add`
`440`	`440`	`long remain = (args_size - 8) * sizeof(long);`
`441`	`441`	`align_stack(regs, remain);`
`442`	`442`
`443`		`- write_proc(pid, (uintptr_t)regs->REG_SP, args, remain);`
	`443`	`+ write_proc(pid, (uintptr_t)regs->REG_SP, &args[8], remain);`
`444`	`444`	`}`
`445`	`445`
`446`	`446`	`regs->regs[30] = return_addr;`
`@@ -454,7 +454,7 @@ uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_add`
`454`	`454`	`long remain = (args_size - 4) * sizeof(long);`
`455`	`455`	`align_stack(regs, remain);`
`456`	`456`
`457`		`- write_proc(pid, (uintptr_t)regs->REG_SP, args, remain);`
	`457`	`+ write_proc(pid, (uintptr_t)regs->REG_SP, &args[4], remain);`
`458`	`458`	`}`
`459`	`459`
`460`	`460`	`regs->uregs[14] = return_addr;`