|
From: <sv...@va...> - 2016-02-23 21:27:25
|
Author: mjw
Date: Tue Feb 23 21:27:19 2016
New Revision: 15809
Log:
Bug 359724 getsockname might crash - deref_UInt should call safe_to_deref
Modified:
trunk/NEWS
trunk/coregrind/m_syswrap/syswrap-generic.c
Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS (original)
+++ trunk/NEWS Tue Feb 23 21:27:19 2016
@@ -75,6 +75,7 @@
359289 s390x: popcnt (B9E1) not implemented
359472 The Power PC vsubuqm instruction doesn't always give the correct result
359703 s390: wire up separate socketcalls system calls
+359724 getsockname might crash - deref_UInt should call safe_to_deref
n-i-bz Fix incorrect (or infinite loop) unwind on RHEL7 x86 and amd64
n-i-bz massif --pages-as-heap=yes does not report peak caused by mmap+munmap
Modified: trunk/coregrind/m_syswrap/syswrap-generic.c
==============================================================================
--- trunk/coregrind/m_syswrap/syswrap-generic.c (original)
+++ trunk/coregrind/m_syswrap/syswrap-generic.c Tue Feb 23 21:27:19 2016
@@ -1200,7 +1200,7 @@
{
UInt* a_p = (UInt*)a;
PRE_MEM_READ( s, (Addr)a_p, sizeof(UInt) );
- if (a_p == NULL)
+ if (a_p == NULL || ! ML_(safe_to_deref) (a_p, sizeof(UInt)))
return 0;
else
return *a_p;
|