From c3d1728583907e23d1a4493e02835622514d1dd0 Mon Sep 17 00:00:00 2001
From: Jiangli Yuan <a6808c@motorola.com>
Date: Tue, 9 Dec 2014 17:02:59 -0800
Subject: [PATCH] Use the stmdb instead of str to save the fn/arg

   Directly save data into stack without properly adjustment
   of stack point is dangous. For example, if a signal comes,
   kernel will put sigframe into userspace's stack, which
   will overwrite the saved data if sp is not adjusted properly.

Bug: 15195265
Change-Id: Iea0cadfd3b94d50cf40252ad52fe5950811b9192
Signed-off-by: Jiangli Yuan <a6808c@motorola.com>
---
 libc/arch-arm/bionic/__bionic_clone.S | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/libc/arch-arm/bionic/__bionic_clone.S b/libc/arch-arm/bionic/__bionic_clone.S
index f5cf9e0e3..b02a70992 100644
--- a/libc/arch-arm/bionic/__bionic_clone.S
+++ b/libc/arch-arm/bionic/__bionic_clone.S
@@ -43,8 +43,7 @@ ENTRY(__bionic_clone)
     ldmfd   ip, {r4, r5, r6}
 
     # store 'fn' and 'arg' to the child stack
-    str     r5, [r1, #-4]
-    str     r6, [r1, #-8]
+    stmdb   r1!, {r5, r6}
 
     # System call
     ldr     r7, =__NR_clone
@@ -62,8 +61,7 @@ ENTRY(__bionic_clone)
 1:  # The child.
     # Setting lr to 0 will make the unwinder stop at __start_thread
     mov    lr, #0
-    ldr    r0, [sp, #-4]
-    ldr    r1, [sp, #-8]
+    pop    {r0, r1}
     b      __start_thread
 END(__bionic_clone)
 .hidden __bionic_clone