From: Martin Cermak Date: Mon, 19 May 2025 09:45:04 +0000 (+0200) Subject: PR504341: Prevent LTP setrlimit05 syscall test from crashing valgrind X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=859d267a456c;p=thirdparty%2Fvalgrind.git PR504341: Prevent LTP setrlimit05 syscall test from crashing valgrind Prevent ltp/testcases/kernel/syscalls/setrlimit/setrlimit05 testcase from crashing valgrind when passing 0xffffffffffff as ARG3 and then trying to dereference it. https://bugs.kde.org/show_bug.cgi?id=504341 --- diff --git a/NEWS b/NEWS index d6fbbb41b..7bb9a79d1 100644 --- a/NEWS +++ b/NEWS @@ -33,6 +33,7 @@ are not entered into bugzilla tend to get forgotten about or ignored. 501741 syscall cachestat not wrapped 503969 Make test results of make ltpchecks compatible with bunsen 504265 FreeBSD: missing syscall wrappers for fchroot and setcred +504341 Valgrind killed by LTP syscall testcase setrlimit05 To see details of a given bug, visit https://bugs.kde.org/show_bug.cgi?id=XXXXXX diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index d4653d027..470635f56 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -2300,12 +2300,14 @@ PRE(sys_prlimit64) if (ARG4) PRE_MEM_WRITE( "rlimit64(old_rlim)", ARG4, sizeof(struct vki_rlimit64) ); - if (ARG3 && - ((struct vki_rlimit64 *)(Addr)ARG3)->rlim_cur - > ((struct vki_rlimit64 *)(Addr)ARG3)->rlim_max) { - SET_STATUS_Failure( VKI_EINVAL ); - } - else if (ARG1 == 0 || ARG1 == VG_(getpid)()) { + if (ARG3) { + if (ML_(safe_to_deref)( (void*)(Addr)ARG3, sizeof(struct vki_rlimit64) )) { + if (((struct vki_rlimit64 *)(Addr)ARG3)->rlim_cur + > ((struct vki_rlimit64 *)(Addr)ARG3)->rlim_max) { + SET_STATUS_Failure( VKI_EINVAL ); + } + } + } else if (ARG1 == 0 || ARG1 == VG_(getpid)()) { switch (ARG2) { case VKI_RLIMIT_NOFILE: SET_STATUS_Success( 0 );