From: Paul Floyd <pjfloyd@wanadoo.fr>
Date: Wed, 24 Apr 2024 18:14:40 +0000 (+0200)
Subject: FreeBSD syswrap: wrong length for __sysctlbyname(name)
X-Git-Tag: VALGRIND_3_23_0~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac7b5a20cff84c4d13ba0ff4789743e55b24e78f;p=thirdparty%2Fvalgrind.git

FreeBSD syswrap: wrong length for __sysctlbyname(name)

Copied and pasted from syscall where name is a pointer to array of ints
so the size has a '*sizeof(int)'. -byname name is a char* so should not
have the *4 factor.

From
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278566
---

diff --git a/.gitignore b/.gitignore
index 8eadfd76c..5b60c5b7e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1408,6 +1408,7 @@
 /memcheck/tests/freebsd/eventfd1
 /memcheck/tests/freebsd/eventfd2
 /memcheck/tests/freebsd/extattr
+/memcheck/tests/freebsd/fbsd278566
 /memcheck/tests/freebsd/fexecve
 /memcheck/tests/freebsd/file_locking_wait6
 /memcheck/tests/freebsd/get_set_context
diff --git a/coregrind/m_syswrap/syswrap-freebsd.c b/coregrind/m_syswrap/syswrap-freebsd.c
index 28ea9a7c5..bcd181e9d 100644
--- a/coregrind/m_syswrap/syswrap-freebsd.c
+++ b/coregrind/m_syswrap/syswrap-freebsd.c
@@ -6689,8 +6689,8 @@ PRE(sys___sysctlbyname)
    // makes sense as the pid is variable and using
    // a MIB is easier than generating a string
 
-   // read number of ints specified in ARG2 from mem pointed to by ARG1
-   PRE_MEM_READ("__sysctlbyname(name)", (Addr)ARG1, ARG2 * sizeof(int));
+   // string length specified in ARG2 from mem pointed to by ARG1
+   PRE_MEM_READ("__sysctlbyname(name)", (Addr)ARG1, ARG2);
 
    // if 'newp' is not NULL can read namelen bytes from that addess
    if (ARG5 != (UWord)NULL) {
diff --git a/memcheck/tests/freebsd/Makefile.am b/memcheck/tests/freebsd/Makefile.am
index 16b439b78..621b96471 100644
--- a/memcheck/tests/freebsd/Makefile.am
+++ b/memcheck/tests/freebsd/Makefile.am
@@ -50,6 +50,8 @@ EXTRA_DIST = \
 	eventfd2.stderr.exp \
 	extattr.vgtest \
 	extattr.stderr.exp \
+	fbsd278566.vgtest \
+	fbsd278566.stderr.exp \
 	fexecve.vgtest \
 	fexecve.stderr.exp \
 	file_locking_wait6.vgtest \
@@ -145,7 +147,7 @@ check_PROGRAMS = \
 	capsicum chflags \
 	chmod_chown clock_nanosleep_interrupt \
 	delete_sized_mismatch errno_aligned_allocs \
-	extattr \
+	extattr fbsd278566 \
 	fexecve \
 	file_locking_wait6 \
 	get_set_context get_set_login getfh \
diff --git a/memcheck/tests/freebsd/fbsd278566.c b/memcheck/tests/freebsd/fbsd278566.c
new file mode 100644
index 000000000..26cdf6163
--- /dev/null
+++ b/memcheck/tests/freebsd/fbsd278566.c
@@ -0,0 +1,66 @@
+/*-
+ * Copyright (c) 2024 Rozhuk Ivan <rozhuk.im@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * Author: Rozhuk Ivan <rozhuk.im@gmail.com>
+ *
+ */
+
+/*
+ * From the FreeBSD Bugzilla
+ * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278566
+ */
+
+#include <errno.h>
+#include <inttypes.h>
+#include <stdio.h>  /* snprintf, fprintf */
+#include <string.h> /* memset */
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <sys/types.h>
+
+/* cc sysctlbyname_broken.c -O0 -DDEBUG -o sysctlbyname_broken */
+/* valgrind --tool=memcheck --leak-check=yes --leak-resolution=high
+ * --track-origins=yes --undef-value-errors=yes --show-leak-kinds=all
+ * --track-fds=yes --trace-children=no --vgdb=no --show-reachable=yes --verbose
+ * --error-exitcode=1 ./sysctlbyname_broken */
+
+/* Syntetic exapmle based on libdrm: xf86drm.c code. */
+
+int main(int argc, char** argv)
+{
+   char   sysctl_name[32], sysctl_val[256];
+   size_t sysctl_len;
+
+   snprintf(sysctl_name, sizeof(sysctl_name), "kern.compiler_version");
+   sysctl_len = sizeof(sysctl_val);
+   memset(sysctl_val, 0x00, sizeof(sysctl_val));
+   if (sysctlbyname(sysctl_name, sysctl_val, &sysctl_len, NULL, 0)) {
+      fprintf(stdout, "sysctlbyname() - FAIL!\n");
+   } else if (argc > 1) {
+      fprintf(stdout, "%s\n", sysctl_val);
+   }
+
+   return (0);
+}
diff --git a/memcheck/tests/freebsd/fbsd278566.stderr.exp b/memcheck/tests/freebsd/fbsd278566.stderr.exp
new file mode 100644
index 000000000..e69de29bb
diff --git a/memcheck/tests/freebsd/fbsd278566.vgtest b/memcheck/tests/freebsd/fbsd278566.vgtest
new file mode 100644
index 000000000..891173722
--- /dev/null
+++ b/memcheck/tests/freebsd/fbsd278566.vgtest
@@ -0,0 +1,2 @@
+prog: fbsd278566
+vgopts: -q