|
From: <sv...@va...> - 2006-06-07 17:47:58
|
Author: tom
Date: 2006-06-07 18:47:51 +0100 (Wed, 07 Jun 2006)
New Revision: 5968
Log:
Validate futex system call arguments more carefully. Fixes bug #117172.
Modified:
trunk/coregrind/m_syswrap/syswrap-linux.c
Modified: trunk/coregrind/m_syswrap/syswrap-linux.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/coregrind/m_syswrap/syswrap-linux.c 2006-06-07 17:46:12 UTC (re=
v 5967)
+++ trunk/coregrind/m_syswrap/syswrap-linux.c 2006-06-07 17:47:51 UTC (re=
v 5968)
@@ -755,9 +755,31 @@
ARG6 - int val3 CMP_REQUEUE
*/
PRINT("sys_futex ( %p, %d, %d, %p, %p )", ARG1,ARG2,ARG3,ARG4,ARG5);
- PRE_REG_READ6(long, "futex",=20
- vki_u32 *, futex, int, op, int, val,
- struct timespec *, utime, vki_u32 *, uaddr2, int, val3)=
;
+ switch(ARG2) {
+ case VKI_FUTEX_CMP_REQUEUE:
+ PRE_REG_READ6(long, "futex",=20
+ vki_u32 *, futex, int, op, int, val,
+ struct timespec *, utime, vki_u32 *, uaddr2, int, va=
l3);
+ break;
+ case VKI_FUTEX_REQUEUE:
+ PRE_REG_READ5(long, "futex",=20
+ vki_u32 *, futex, int, op, int, val,
+ struct timespec *, utime, vki_u32 *, uaddr2);
+ break;
+ case VKI_FUTEX_WAIT:
+ PRE_REG_READ4(long, "futex",=20
+ vki_u32 *, futex, int, op, int, val,
+ struct timespec *, utime);
+ break;
+ case VKI_FUTEX_WAKE:
+ case VKI_FUTEX_FD:
+ PRE_REG_READ3(long, "futex",=20
+ vki_u32 *, futex, int, op, int, val);
+ break;
+ default:
+ PRE_REG_READ2(long, "futex", vki_u32 *, futex, int, op);
+ break;
+ }
=20
PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
=20
|