git.ipfire.org Git - thirdparty/valgrind.git/commit

n-i-bz Fix possible stack trashing by semctl syscall wrapping

The modified test none/tests/sem crashes with a SEGV when valgrind is compiled
with lto on various amd64 platforms (debian/gcc 6.3, RHEL7/gcc 6.4,
Ubuntu/gcc 7.2)

The problem is that the vki_semid_ds buf is not what is expected by the kernel:
the kernel expects a bigger structure vki_semid64_ds (at least on
these platforms).
Getting the sem_nsems seems to work by chance, as sem_nsems is at
the same offset in both vki_semid_ds and vki_semid64_ds.
However, e.g. the ctime was not set properly after syscall return,
and 2 words after sem_nsems were set to 0 by the kernel, causing
the SEGV, as a spilled register became 0.

Fix consists in using the 64 bit version for __NR_semctl.
Tested on debian/amd64 and s390x.

author	Philippe Waroquiers <philippe.waroquiers@skynet.be>
	Sun, 1 Apr 2018 12:31:40 +0000 (14:31 +0200)
committer	Philippe Waroquiers <philippe.waroquiers@skynet.be>
	Sun, 1 Apr 2018 12:31:40 +0000 (14:31 +0200)
commit	54145019b045fffde625447b64f3a91f663de718
tree	25d7bbcf6b8edd53cebfd5950d48c9bb8a3f02ff	tree \| snapshot
parent	3b862b1cbb48e657e946dc839ff3d001c1b3c4b6	commit \| diff

NEWS		diff \| blob \| blame \| history
coregrind/m_syswrap/syswrap-generic.c		diff \| blob \| blame \| history
include/vki/vki-linux.h		diff \| blob \| blame \| history
none/tests/sem.c		diff \| blob \| blame \| history