[Valgrind-developers] [valgrind/VALGRIND_3_25_BRANCH] mount syscall param filesystemtype may be NULL

[Mark W. <ma...@so...>]

https://sourceware.org/git/gitweb.cgi?p=valgrind.git;h=5c943affd2012a9f54a82ce98a6e7f6a5830c3d6

commit 5c943affd2012a9f54a82ce98a6e7f6a5830c3d6
Author: Mark Wielaard <ma...@kl...>
Date:   Fri May 9 00:21:25 2025 +0200

    mount syscall param filesystemtype may be NULL
    
    On Linux the mount syscall, depending on flags provided, the source,
    type and data my be ignored.  We already don't check data and allow
    source to be NULL.  Normally when type is ignored an application will
    provide an empty string "".  But sometimes NULL is passed (like for
    source).  So we now also allow type to be NULL to prevent false
    positives.
    
    Adjust the linux/scalar.c tests so the type param is still
    unaddressable.
    
    https://bugs.kde.org/show_bug.cgi?id=503914
    
    (cherry picked from commit ff6e14ab798af0628c54c6a704c1cb8844a79419)

Diff:
---
 NEWS                                | 1 +
 coregrind/m_syswrap/syswrap-linux.c | 6 ++++--
 memcheck/tests/arm64-linux/scalar.c | 2 +-
 memcheck/tests/x86-linux/scalar.c   | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 7cbe6344ac..3f084a52be 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ Branch 3.25
 The following bugs have been fixed or resolved on this branch.
 
 503641  close_range syscalls started failing with 3.25.0
+503914  mount syscall param filesystemtype may be NULL
 
 To see details of a given bug, visit
   https://bugs.kde.org/show_bug.cgi?id=XXXXXX
diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 6f3917830f..afd4a618b1 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -1000,7 +1000,8 @@ PRE(sys_mount)
 {
    // Nb: depending on 'flags', the 'type' and 'data' args may be ignored.
    // We are conservative and check everything, except the memory pointed to
-   // by 'data'.
+   // by 'data'. And since both 'source' and 'type' may be ignored, we allow
+   // them to be NULL.
    *flags |= SfMayBlock;
    PRINT("sys_mount( %#" FMT_REGWORD "x(%s), %#" FMT_REGWORD "x(%s), %#"
          FMT_REGWORD "x(%s), %#" FMT_REGWORD "x, %#" FMT_REGWORD "x )",
@@ -1012,7 +1013,8 @@ PRE(sys_mount)
    if (ARG1)
       PRE_MEM_RASCIIZ( "mount(source)", ARG1);
    PRE_MEM_RASCIIZ( "mount(target)", ARG2);
-   PRE_MEM_RASCIIZ( "mount(type)", ARG3);
+   if (ARG3)
+      PRE_MEM_RASCIIZ( "mount(type)", ARG3);
 }
 
 PRE(sys_oldumount)
diff --git a/memcheck/tests/arm64-linux/scalar.c b/memcheck/tests/arm64-linux/scalar.c
index 622ea1c47c..49e0ca6a70 100644
--- a/memcheck/tests/arm64-linux/scalar.c
+++ b/memcheck/tests/arm64-linux/scalar.c
@@ -128,7 +128,7 @@ int main(void)
 
    // __NR_mount 21
    GO(__NR_mount, "5s 3m");
-   SY(__NR_mount, x0, x0, x0, x0, x0); FAIL;
+   SY(__NR_mount, x0, x0, x0-1, x0, x0); FAIL;
    
    // __NR_umount arm64 only has umount2
    //GO(__NR_umount, "1s 1m");
diff --git a/memcheck/tests/x86-linux/scalar.c b/memcheck/tests/x86-linux/scalar.c
index 83ed38c4d9..fe36a47ef0 100644
--- a/memcheck/tests/x86-linux/scalar.c
+++ b/memcheck/tests/x86-linux/scalar.c
@@ -137,7 +137,7 @@ int main(void)
 
    // __NR_mount 21
    GO(__NR_mount, "5s 3m");
-   SY(__NR_mount, x0, x0, x0, x0, x0); FAIL;
+   SY(__NR_mount, x0, x0, x0-1, x0, x0); FAIL;
    
    // __NR_umount 22
    GO(__NR_umount, "1s 1m");