PR504341: Prevent LTP setrlimit05 syscall test from crashing valgrind

Prevent ltp/testcases/kernel/syscalls/setrlimit/setrlimit05 testcase
from crashing valgrind when passing 0xffffffffffff as ARG3 and then
trying to dereference it.

https://bugs.kde.org/show_bug.cgi?id=504341

diff --git a/NEWS b/NEWS
index d6fbbb41b9e998fda5ed967854982e32061b6007..7bb9a79d10d1f8a241afa6d897dead29e7e6b5ac 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,7 @@ are not entered into bugzilla tend to get forgotten about or ignored.
 501741  syscall cachestat not wrapped
 503969  Make test results of make ltpchecks compatible with bunsen
 504265  FreeBSD: missing syscall wrappers for fchroot and setcred
+504341  Valgrind killed by LTP syscall testcase setrlimit05
 
 To see details of a given bug, visit
   https://bugs.kde.org/show_bug.cgi?id=XXXXXX

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index d4653d027396f924af8814a2875d4761d0bd336b..470635f5659f75ac00beff38880d008f2c9fe4e9 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -2300,12 +2300,14 @@ PRE(sys_prlimit64)
    if (ARG4)
       PRE_MEM_WRITE( "rlimit64(old_rlim)", ARG4, sizeof(struct vki_rlimit64) );
 
-   if (ARG3 &&
-       ((struct vki_rlimit64 *)(Addr)ARG3)->rlim_cur
-        > ((struct vki_rlimit64 *)(Addr)ARG3)->rlim_max) {
-      SET_STATUS_Failure( VKI_EINVAL );
-   }
-   else if (ARG1 == 0 || ARG1 == VG_(getpid)()) {
+   if (ARG3) {
+      if (ML_(safe_to_deref)( (void*)(Addr)ARG3, sizeof(struct vki_rlimit64) )) {
+         if (((struct vki_rlimit64 *)(Addr)ARG3)->rlim_cur
+              > ((struct vki_rlimit64 *)(Addr)ARG3)->rlim_max) {
+            SET_STATUS_Failure( VKI_EINVAL );
+         }
+      }
+   } else if (ARG1 == 0 || ARG1 == VG_(getpid)()) {
       switch (ARG2) {
       case VKI_RLIMIT_NOFILE:
          SET_STATUS_Success( 0 );