|
From: <sv...@va...> - 2014-02-24 15:09:35
|
Author: mjw
Date: Mon Feb 24 15:09:21 2014
New Revision: 13837
Log:
BZ#331380 cont. Don't crash if evp->sigev_notify is invalid. Fix scalar test.
We check evp.sigev_notify_thread_id only if evp->sigev_notify has
SIGEV_THREAD_ID set. But before checking we need to make sure accessing
evp->sigev_notify is valid.
Fix memcheck/tests/x86-linux/scalar.stderr.exp output.
We now produce separate warnings for the 3 different fields.
Modified:
trunk/coregrind/m_syswrap/syswrap-linux.c
trunk/memcheck/tests/x86-linux/scalar.stderr.exp
Modified: trunk/coregrind/m_syswrap/syswrap-linux.c
==============================================================================
--- trunk/coregrind/m_syswrap/syswrap-linux.c (original)
+++ trunk/coregrind/m_syswrap/syswrap-linux.c Mon Feb 24 15:09:21 2014
@@ -2183,7 +2183,8 @@
sizeof(int) );
PRE_MEM_READ( "timer_create(evp.sigev_notify)", (Addr)&evp->sigev_notify,
sizeof(int) );
- if ((evp->sigev_notify & VKI_SIGEV_THREAD_ID) != 0)
+ if (ML_(safe_to_deref)(&evp->sigev_notify, sizeof(int))
+ && (evp->sigev_notify & VKI_SIGEV_THREAD_ID) != 0)
PRE_MEM_READ( "timer_create(evp.sigev_notify_thread_id)",
(Addr)&evp->vki_sigev_notify_thread_id, sizeof(int) );
}
Modified: trunk/memcheck/tests/x86-linux/scalar.stderr.exp
==============================================================================
--- trunk/memcheck/tests/x86-linux/scalar.stderr.exp (original)
+++ trunk/memcheck/tests/x86-linux/scalar.stderr.exp Mon Feb 24 15:09:21 2014
@@ -3602,7 +3602,17 @@
...
by 0x........: main (scalar.c:1158)
-Syscall param timer_create(evp) points to unaddressable byte(s)
+Syscall param timer_create(evp.sigev_value) points to unaddressable byte(s)
+ ...
+ by 0x........: main (scalar.c:1158)
+ Address 0x........ is not stack'd, malloc'd or (recently) free'd
+
+Syscall param timer_create(evp.sigev_signo) points to unaddressable byte(s)
+ ...
+ by 0x........: main (scalar.c:1158)
+ Address 0x........ is not stack'd, malloc'd or (recently) free'd
+
+Syscall param timer_create(evp.sigev_notify) points to unaddressable byte(s)
...
by 0x........: main (scalar.c:1158)
Address 0x........ is not stack'd, malloc'd or (recently) free'd
|