|
From: <sv...@va...> - 2012-03-27 10:06:43
|
sewardj 2012-03-27 11:06:31 +0100 (Tue, 27 Mar 2012)
New Revision: 12466
Log:
Add a nasty kludge in the handling of mmap on Darwin. Does not apply
to any other platforms. Prevent mmap(ANON) from returning zero (zero
with success, that is) since (a) some programs are observed to be
spooked by getting zero from a successful call to mmap, and (b) it's
pretty stupid from the point of view of program safety and possibly
security, since it causes page zero to become accessible. So don't.
Modified files:
trunk/coregrind/m_syswrap/syswrap-darwin.c
Modified: trunk/coregrind/m_syswrap/syswrap-darwin.c (+37 -5)
===================================================================
--- trunk/coregrind/m_syswrap/syswrap-darwin.c 2012-03-27 11:03:56 +01:00 (rev 12465)
+++ trunk/coregrind/m_syswrap/syswrap-darwin.c 2012-03-27 11:06:31 +01:00 (rev 12466)
@@ -3547,12 +3547,44 @@
POST(mmap)
{
- if (RES != -1) {
- ML_(notify_core_and_tool_of_mmap)(RES, ARG2, ARG3, ARG4, ARG5, ARG6);
- // Try to load symbols from the region
- VG_(di_notify_mmap)( (Addr)RES, False/*allow_SkFileV*/,
- -1/*don't use_fd*/ );
+ vg_assert(SUCCESS);
+ /* JRS 2012 Mar 26: RES != -1 is surely not the right way to check
+ for success. In any case I think syswrap-main.c won't let us
+ get here if the syscall failed, so the check is irrelevant. See
+ VG_(post_syscall). */
+ if (RES == -1)
+ return;
+ vg_assert(VG_IS_PAGE_ALIGNED(RES));
+
+ /* begin KLUDGE */
+ Bool did_kludge = False;
+ if (ARG1 == 0 && !(ARG4 & MAP_FIXED) && RES == 0) {
+ /* An mmap-anonymous succeeded at address zero. This is pretty
+ stupid (legit, but dangerous); so repeat the mmap call so as
+ to get a non-zero address. Then unmap the area that the
+ original mmap created, and tidy up. Failure to do this is
+ a causative factor in
+ https://bugzilla.mozilla.org/show_bug.cgi?id=738034
+ */
+ SysRes more = VG_(am_do_mmap_NO_NOTIFY)(ARG1,ARG2,ARG3,ARG4,ARG5,ARG6);
+ if (!sr_isError(more)) {
+ Bool need_discard = False;
+ VG_(am_munmap_client)(&need_discard, 0, ARG2);
+ vg_assert(!need_discard);
+ SET_STATUS_from_SysRes(more);
+ did_kludge = True;
+ }
}
+ /* end KLUDGE */
+
+ ML_(notify_core_and_tool_of_mmap)(RES, ARG2, ARG3, ARG4, ARG5, ARG6);
+ // Try to load symbols from the region
+ VG_(di_notify_mmap)( (Addr)RES, False/*allow_SkFileV*/,
+ -1/*don't use_fd*/ );
+ if (did_kludge) {
+ /* Be paranoid if The Kludge happens. */
+ VG_(am_do_sync_check)("(MMAP_ANON_ZERO_ZERO_KLUDGE)",__FILE__,__LINE__);
+ }
}
|