|
From: Philippe W. <phi...@sk...> - 2014-09-09 20:31:18
|
On Tue, 2014-09-09 at 17:20 +0200, Florian Krohm wrote:
> I know its kinda late but I only got the results this afternoon...
Never too late to fix bugs : at the worst, it will be in the next
release.
Now, I am not sure how to do changes that could/should go in 3.10.
E.g. rev 14505 looks to be a good candidate to put in 3.10.
So, for such things, do we fix on the trunk, and then (someone?) merge
each such change to the 3.10 branch ?
> 3 things of relevance were found (and a bunch of things identifying
> spots where tidying up is needed - but those can wait):
>
> coregrind/m_deduppoolalloc.c", line 115:
>
> ddpa->curpool_limit = NULL;
> ddpa->curpool_free = ddpa->curpool_limit + 1;
>
> Arithmeric involving NULL is not allowed.
Need to see how to clean that up.
> "coregrind/m_gdbserver/valgrind-low-arm64.c", line 188:
> A break might be missing (above `case 34:').
>
> As always, tools can never be sure...
Real bug in this case.
> "coregrind/m_syswrap/syswrap-generic.c", line 4123:
> invalid operation involving NULL pointer
>
> if (ARG2 && // <--- evidence that ARG2 can be NULL
> ((struct vki_rlimit *)ARG2)->rlim_cur > ((struct vki_rlimit
> *)ARG2)->rlim_max) {
> SET_STATUS_Failure( VKI_EINVAL );
> }
> else if (arg1 == VKI_RLIMIT_NOFILE) {
> if (((struct vki_rlimit *)ARG2)->rlim_cur > VG_(fd_hard_limit) ||
>
> If ARG2 == NULL and arg1 == VKI_RLIMIT_NOFILE then a NULL pointer will
> be dereferenced. This also happens in several places a few lines
> further down... 4133, 4143
setrlimit should return EFAULT if rlim arg is not addressable.
It seems there are very few syscalls wrappers that are properly
checking addressability and then return with EFAULT failure.
Thanks for the BEAM run
Philippe
|