FreeBSD syswrap: wrong length for __sysctlbyname(name)

Copied and pasted from syscall where name is a pointer to array of ints
so the size has a '*sizeof(int)'. -byname name is a char* so should not
have the *4 factor.

From
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278566

diff --git a/.gitignore b/.gitignore
index 8eadfd76ca59e9ab96c66de11d2d0d48458fab71..5b60c5b7e9510f166160ed3c3decebbb42901349 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1408,6 +1408,7 @@
 /memcheck/tests/freebsd/eventfd1
 /memcheck/tests/freebsd/eventfd2
 /memcheck/tests/freebsd/extattr
+/memcheck/tests/freebsd/fbsd278566
 /memcheck/tests/freebsd/fexecve
 /memcheck/tests/freebsd/file_locking_wait6
 /memcheck/tests/freebsd/get_set_context

diff --git a/coregrind/m_syswrap/syswrap-freebsd.c b/coregrind/m_syswrap/syswrap-freebsd.c
index 28ea9a7c526e4e28d4cdbb72c8f78eba14831f9c..bcd181e9dd7b342af8e7e5f6d58761c051f2c251 100644 (file)
--- a/coregrind/m_syswrap/syswrap-freebsd.c
+++ b/coregrind/m_syswrap/syswrap-freebsd.c
@@ -6689,8 +6689,8 @@ PRE(sys___sysctlbyname)
    // makes sense as the pid is variable and using
    // a MIB is easier than generating a string
 
-   // read number of ints specified in ARG2 from mem pointed to by ARG1
-   PRE_MEM_READ("__sysctlbyname(name)", (Addr)ARG1, ARG2 * sizeof(int));
+   // string length specified in ARG2 from mem pointed to by ARG1
+   PRE_MEM_READ("__sysctlbyname(name)", (Addr)ARG1, ARG2);
 
    // if 'newp' is not NULL can read namelen bytes from that addess
    if (ARG5 != (UWord)NULL) {

diff --git a/memcheck/tests/freebsd/Makefile.am b/memcheck/tests/freebsd/Makefile.am
index 16b439b7803235aa01cca08fc202b656193b2b54..621b9647184d4294f687b3c4b3fa7706f1d2c484 100644 (file)
--- a/memcheck/tests/freebsd/Makefile.am
+++ b/memcheck/tests/freebsd/Makefile.am
@@ -50,6 +50,8 @@ EXTRA_DIST = \
        eventfd2.stderr.exp \
        extattr.vgtest \
        extattr.stderr.exp \
+       fbsd278566.vgtest \
+       fbsd278566.stderr.exp \
        fexecve.vgtest \
        fexecve.stderr.exp \
        file_locking_wait6.vgtest \
@@ -145,7 +147,7 @@ check_PROGRAMS = \
        capsicum chflags \
        chmod_chown clock_nanosleep_interrupt \
        delete_sized_mismatch errno_aligned_allocs \
-       extattr \
+       extattr fbsd278566 \
        fexecve \
        file_locking_wait6 \
        get_set_context get_set_login getfh \

diff --git a/memcheck/tests/freebsd/fbsd278566.c b/memcheck/tests/freebsd/fbsd278566.c
new file mode 100644 (file)
index 0000000..26cdf61
--- /dev/null
+++ b/memcheck/tests/freebsd/fbsd278566.c
@@ -0,0 +1,66 @@
+/*-
+ * Copyright (c) 2024 Rozhuk Ivan <rozhuk.im@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * Author: Rozhuk Ivan <rozhuk.im@gmail.com>
+ *
+ */
+
+/*
+ * From the FreeBSD Bugzilla
+ * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278566
+ */
+
+#include <errno.h>
+#include <inttypes.h>
+#include <stdio.h>  /* snprintf, fprintf */
+#include <string.h> /* memset */
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <sys/types.h>
+
+/* cc sysctlbyname_broken.c -O0 -DDEBUG -o sysctlbyname_broken */
+/* valgrind --tool=memcheck --leak-check=yes --leak-resolution=high
+ * --track-origins=yes --undef-value-errors=yes --show-leak-kinds=all
+ * --track-fds=yes --trace-children=no --vgdb=no --show-reachable=yes --verbose
+ * --error-exitcode=1 ./sysctlbyname_broken */
+
+/* Syntetic exapmle based on libdrm: xf86drm.c code. */
+
+int main(int argc, char** argv)
+{
+   char   sysctl_name[32], sysctl_val[256];
+   size_t sysctl_len;
+
+   snprintf(sysctl_name, sizeof(sysctl_name), "kern.compiler_version");
+   sysctl_len = sizeof(sysctl_val);
+   memset(sysctl_val, 0x00, sizeof(sysctl_val));
+   if (sysctlbyname(sysctl_name, sysctl_val, &sysctl_len, NULL, 0)) {
+      fprintf(stdout, "sysctlbyname() - FAIL!\n");
+   } else if (argc > 1) {
+      fprintf(stdout, "%s\n", sysctl_val);
+   }
+
+   return (0);
+}

diff --git a/memcheck/tests/freebsd/fbsd278566.stderr.exp b/memcheck/tests/freebsd/fbsd278566.stderr.exp
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/memcheck/tests/freebsd/fbsd278566.vgtest b/memcheck/tests/freebsd/fbsd278566.vgtest
new file mode 100644 (file)
index 0000000..8911737
--- /dev/null
+++ b/memcheck/tests/freebsd/fbsd278566.vgtest
@@ -0,0 +1,2 @@
+prog: fbsd278566
+vgopts: -q