https://bugs.kde.org/show_bug.cgi?id=359724
Bug ID: 359724
Summary: getsockname syscall might crash - deref_UInt should
check make sure it is safe to deref
Product: valgrind
Version: unspecified
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
This was one of the easy hacks as presented at Fosdem a year ago.
https://archive.fosdem.org/2015/schedule/event/valgrind_easy_hack/attachments/slides/731/export/events/attachments/valgrind_easy_hack/slides/731/valgrind_easy_hacks.html#slide26
The LTP getsockname01 testcase crashes valgrind because it calls deref_UInt
which doesn't check whether it is safe to derefence.
The patch is simply:
diff --git a/coregrind/m_syswrap/syswrap-generic.c
b/coregrind/m_syswrap/syswrap-generic.c
index 061c1e1..2eaf505 100644
--- a/coregrind/m_syswrap/syswrap-generic.c
+++ b/coregrind/m_syswrap/syswrap-generic.c
@@ -1200,7 +1200,7 @@ static UInt deref_UInt ( ThreadId tid, Addr a, const
HChar* s )
{
UInt* a_p = (UInt*)a;
PRE_MEM_READ( s, (Addr)a_p, sizeof(UInt) );
- if (a_p == NULL)
+ if (a_p == NULL || ! ML_(safe_to_deref) (a_p, sizeof(UInt)))
return 0;
else
return *a_p;
--
You are receiving this mail because:
You are watching all bug changes.
