Fix one heap buffer overflow in aarch64_push_dummy_call

Hi,
AddressSanitizer reports an error like this,

(gdb) PASS: gdb.base/call-ar-st.exp: continue to tbreak9
print print_long_arg_list(a, b, c, d, e, f, *struct1, *struct2, *struct3, *struct4, *flags, *flags_combo, *three_char, *five_char, *int_char_combo, *d1, *d2, *d3, *f1, *f2, *f3)
=================================================================
==6236==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200008eb50 at pc 0x89e432 bp 0x7fffa3df9080 sp 0x7fffa3df9078
READ of size 5 at 0x60200008eb50 thread T0
    #0 0x89e431 in memory_xfer_partial gdb/target.c:1264
    #1 0x89e6c7 in target_xfer_partial gdb/target.c:1320
    #2 0x89f267 in target_write_partial gdb/target.c:1595^M
    #3 0x8a014b in target_write_with_progress gdb/target.c:1889^M
    #4 0x8a0262 in target_write gdb/target.c:1914^M
    #5 0x89ee59 in target_write_memory gdb/target.c:1492^M
    #6 0x9a1c74 in write_memory gdb/corefile.c:393^M
    #7 0x467ea5 in aarch64_push_dummy_call gdb/aarch64-tdep.c:1388

The problem is that an instance of stack_item_t is created to adjust
stack for alignment, the item.len is correct, but item.data is buf,
which is wrong, because item.len can be greater than the length of
buf.  This patch sets item.data to NULL, and only update sp (no
inferior memory writes on stack for this item).

gdb:

2015-12-17  Yao Qi  <[email protected]>

	* aarch64-tdep.c (struct stack_item_t): Update comments.
	(pass_on_stack): Set item.data to NULL.
	(aarch64_push_dummy_call): Call write_memory if si->data
	isn't NULL.

Author: Yao Qi

gdb/ChangeLog

@@ -1,3 +1,10 @@
+2015-12-17  Yao Qi  <[email protected]>
+
+	* aarch64-tdep.c (struct stack_item_t): Update comments.
+	(pass_on_stack): Set item.data to NULL.
+	(aarch64_push_dummy_call): Call write_memory if si->data
+	isn't NULL.
+
 2015-12-16  Pedro Alves  <[email protected]>
 
 	* configure.ac (compiler warning flags): When testing a

gdb/aarch64-tdep.c

@@ -855,7 +855,8 @@ aarch64_dwarf2_frame_init_reg (struct gdbarch *gdbarch, int regnum,
 
 typedef struct
 {
-  /* Value to pass on stack.  */
+  /* Value to pass on stack.  It can be NULL if this item is for stack
+     padding.  */
   const gdb_byte *data;
 
   /* Size in bytes of value to pass on stack.  */
@@ -1124,7 +1125,7 @@ pass_on_stack (struct aarch64_call_info *info, struct type *type,
       int pad = align - (info->nsaa & (align - 1));
 
       item.len = pad;
-      item.data = buf;
+      item.data = NULL;
 
       VEC_safe_push (stack_item_t, info->si, &item);
       info->nsaa += pad;
@@ -1382,7 +1383,8 @@ aarch64_push_dummy_call (struct gdbarch *gdbarch, struct value *function,
       stack_item_t *si = VEC_last (stack_item_t, info.si);
 
       sp -= si->len;
-      write_memory (sp, si->data, si->len);
+      if (si->data != NULL)
+	write_memory (sp, si->data, si->len);
       VEC_pop (stack_item_t, info.si);
     }