On Mon, Dec 19, 2016 at 11:33:46PM +0800, JingPiao Chen wrote:
> sock.c: 150
>
> 150 if (syserror(tcp) || umove(tcp, addr, &ifc) < 0) {
> 151 if (ifc.ifc_buf)
> 152 tprints("}");
> 153 else
> 154 printaddr(addr);
> 155 return RVAL_DECODED | 1;
> 156 }
>
> Second enter function decode_ifconf(), if syserror(tcp) is true,
> variable ifc is garbage value. "if (ifc.ifc_buf)" may be wrong.
Congratulations, you've found a bug. :)
> From 5b2d4f12d61e5a03212de948508e830c9aeeef87 Mon Sep 17 00:00:00 2001
> From: JingPiao Chen <chenjingp...@gmail.com>
> Date: Mon, 19 Dec 2016 23:08:09 +0800
> Subject: [PATCH 1/2] sock: fix bitwise OR operation short circuit
>
> * sock.c (decode_ifconf): Exchange the place of syserror() and umove().
> ---
> sock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sock.c b/sock.c
> index cf13896..0bdb7a9 100644
> --- a/sock.c
> +++ b/sock.c
> @@ -147,7 +147,7 @@ decode_ifconf(struct tcb *tcp, const long addr)
> return 1;
> }
>
> - if (syserror(tcp) || umove(tcp, addr, &ifc) < 0) {
> + if (umove(tcp, addr, &ifc) < 0 || syserror(tcp)) {
> if (ifc.ifc_buf)
> tprints("}");
This cannot be the right fix:
if umove returned an error, ifc.ifc_buf is undefined.
--
ldv
pgp82_zyb0Ye8.pgp
Description: PGP signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel
_______________________________________________ Strace-devel mailing list Strace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/strace-devel
