Check ppoll ufds array is safe to deref before checking fd members

LTP ppoll01 provides a bad fds array to ppoll as a testcase.
memcheck should warn (through PRE_MEM_READ) this array is bad.
But it shouldn't try to derefence anything if is isn't safe.

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index a5e1f9d65680122f17b7b0b51facb95e4fe655a7..51a47a16fbc5a3667ff9a436e81895f0ea6b0d06 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -2041,6 +2041,8 @@ static void ppoll_pre_helper ( ThreadId tid, SyscallArgLayout* layout,
    for (i = 0; i < ARG2; i++) {
       PRE_MEM_READ( "ppoll(ufds.fd)",
                     (Addr)(&ufds[i].fd), sizeof(ufds[i].fd) );
+      if (!ML_(safe_to_deref)(&ufds[i].fd, sizeof(ufds[i].fd)))
+         break;
       if (ufds[i].fd >= 0) {
          PRE_MEM_READ( "ppoll(ufds.events)",
                        (Addr)(&ufds[i].events), sizeof(ufds[i].events) );