BZ#331380 cont. Don't crash if evp->sigev_notify is invalid. Fix scalar test.

We check evp.sigev_notify_thread_id only if evp->sigev_notify has
SIGEV_THREAD_ID set. But before checking we need to make sure accessing
evp->sigev_notify is valid.

Fix memcheck/tests/x86-linux/scalar.stderr.exp output.
We now produce separate warnings for the 3 different fields.

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@13837

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 1a7fa6b78b6da98b734c51cca4ad769cc81d12f1..1b1e65ef7abf56071e00739043ebdcbd5bf8f229 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -2183,7 +2183,8 @@ PRE(sys_timer_create)
                     sizeof(int) );
       PRE_MEM_READ( "timer_create(evp.sigev_notify)", (Addr)&evp->sigev_notify,
                     sizeof(int) );
-      if ((evp->sigev_notify & VKI_SIGEV_THREAD_ID) != 0)
+      if (ML_(safe_to_deref)(&evp->sigev_notify, sizeof(int))
+          && (evp->sigev_notify & VKI_SIGEV_THREAD_ID) != 0)
          PRE_MEM_READ( "timer_create(evp.sigev_notify_thread_id)",
                        (Addr)&evp->vki_sigev_notify_thread_id, sizeof(int) );
    }

diff --git a/memcheck/tests/x86-linux/scalar.stderr.exp b/memcheck/tests/x86-linux/scalar.stderr.exp
index e1a2bf2194936c739669aac412e89f7bbd39bcfe..2114db99b86d2409c87f3c02f60abb0c063a48b5 100644 (file)
--- a/memcheck/tests/x86-linux/scalar.stderr.exp
+++ b/memcheck/tests/x86-linux/scalar.stderr.exp
@@ -3602,7 +3602,17 @@ Syscall param timer_create(timerid) contains uninitialised byte(s)
    ...
    by 0x........: main (scalar.c:1158)
 
-Syscall param timer_create(evp) points to unaddressable byte(s)
+Syscall param timer_create(evp.sigev_value) points to unaddressable byte(s)
+   ...
+   by 0x........: main (scalar.c:1158)
+ Address 0x........ is not stack'd, malloc'd or (recently) free'd
+
+Syscall param timer_create(evp.sigev_signo) points to unaddressable byte(s)
+   ...
+   by 0x........: main (scalar.c:1158)
+ Address 0x........ is not stack'd, malloc'd or (recently) free'd
+
+Syscall param timer_create(evp.sigev_notify) points to unaddressable byte(s)
    ...
    by 0x........: main (scalar.c:1158)
  Address 0x........ is not stack'd, malloc'd or (recently) free'd