|
From: <sv...@va...> - 2011-02-14 11:13:30
|
Author: sewardj
Date: 2011-02-14 11:13:22 +0000 (Mon, 14 Feb 2011)
New Revision: 11555
Log:
Merge from trunk, r11533 (helgrind, drd: _pre_mem_asciiz handlers:
don't segfault if passed an obviously invalid address.)
Modified:
branches/VALGRIND_3_6_BRANCH/drd/drd_main.c
branches/VALGRIND_3_6_BRANCH/helgrind/hg_main.c
Modified: branches/VALGRIND_3_6_BRANCH/drd/drd_main.c
===================================================================
--- branches/VALGRIND_3_6_BRANCH/drd/drd_main.c 2011-02-14 11:10:53 UTC (rev 11554)
+++ branches/VALGRIND_3_6_BRANCH/drd/drd_main.c 2011-02-14 11:13:22 UTC (rev 11555)
@@ -51,6 +51,7 @@
#include "pub_tool_replacemalloc.h"
#include "pub_tool_threadstate.h" // VG_(get_running_tid)()
#include "pub_tool_tooliface.h"
+#include "pub_tool_aspacemgr.h" // VG_(am_is_valid_for_client)
/* Local variables. */
@@ -259,6 +260,13 @@
const char* p = (void*)a;
SizeT size = 0;
+ // Don't segfault if the string starts in an obviously stupid
+ // place. Actually we should check the whole string, not just
+ // the start address, but that's too much trouble. At least
+ // checking the first byte is better than nothing. See #255009.
+ if (!VG_(am_is_valid_for_client) (a, 1, VKI_PROT_READ))
+ return;
+
/* Note: the expression '*p' reads client memory and may crash if the */
/* client provided an invalid pointer ! */
while (*p)
Modified: branches/VALGRIND_3_6_BRANCH/helgrind/hg_main.c
===================================================================
--- branches/VALGRIND_3_6_BRANCH/helgrind/hg_main.c 2011-02-14 11:10:53 UTC (rev 11554)
+++ branches/VALGRIND_3_6_BRANCH/helgrind/hg_main.c 2011-02-14 11:13:22 UTC (rev 11555)
@@ -53,6 +53,7 @@
#include "pub_tool_redir.h" // sonames for the dynamic linkers
#include "pub_tool_vki.h" // VKI_PAGE_SIZE
#include "pub_tool_libcproc.h" // VG_(atfork)
+#include "pub_tool_aspacemgr.h" // VG_(am_is_valid_for_client)
#include "hg_basics.h"
#include "hg_wordset.h"
@@ -1797,7 +1798,12 @@
if (SHOW_EVENTS >= 1)
VG_(printf)("evh__pre_mem_asciiz(ctid=%d, \"%s\", %p)\n",
(Int)tid, s, (void*)a );
- // FIXME: think of a less ugly hack
+ // Don't segfault if the string starts in an obviously stupid
+ // place. Actually we should check the whole string, not just
+ // the start address, but that's too much trouble. At least
+ // checking the first byte is better than nothing. See #255009.
+ if (!VG_(am_is_valid_for_client) (a, 1, VKI_PROT_READ))
+ return;
len = VG_(strlen)( (Char*) a );
shadow_mem_cread_range( map_threads_lookup(tid), a, len+1 );
if (len >= SCE_BIGRANGE_T && (HG_(clo_sanity_flags) & SCE_BIGRANGE))
|