|
From: Paul F. <pa...@so...> - 2022-04-10 19:02:54
|
https://sourceware.org/git/gitweb.cgi?p=valgrind.git;h=5f83395616befb96af66ec2cc7f4330605271faf commit 5f83395616befb96af66ec2cc7f4330605271faf Author: Paul Floyd <pj...@wa...> Date: Sun Apr 10 20:55:28 2022 +0200 Fix a crash handling fexecve. Found this by testing the Solaris execx (the bits that are Linux-cmpatible) test. That was giving --28286-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --28286-- si_code=2; Faulting address: 0x4A0095A; sp: 0x1002ca9c88 valgrind: the 'impossible' happened: Killed by fatal signal host stacktrace: ==28286== at 0x5803DE54: vgPlain_strcpy (m_libcbase.c:309) ==28286== by 0x5810A9B3: vgSysWrap_linux_sys_execveat_before (syswrap-linux.c:13310) ==28286== by 0x580953C9: vgPlain_client_syscall (syswrap-main.c:2234) It's a mistake to copy the path obtained with VG_(resolve_filename) to the client ARG2, it's unlikely to have space for the path. Instead just copy the pointer. Diff: --- coregrind/m_syswrap/syswrap-linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index 38edccc983..e2fafd4213 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -13307,7 +13307,7 @@ PRE(sys_execveat) if (path[0] == '\0') { if (ARG5 & VKI_AT_EMPTY_PATH) { if (VG_(resolve_filename)(ARG1, &buf)) { - VG_(strcpy)(path, buf); + path = buf; check_pathptr = False; } } |