Fix for 377698 - Missing memory check for futex() uaddr arg for FUTEX_WAKE,

and FUTEX_WAKE_BITSET, check only 4 args for FUTEX_WAKE_BITSET,
and 2 args for FUTEX_TRYLOCK_PI.
Fixes BZ#377698.
Patch by: diane.meirowitz@oracle.com

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@16285

diff --git a/NEWS b/NEWS
index 7d529dfb471ced4e7891161fe9761ac33582d0ef..56c7053c7884e2c4d0e37fb56cb0dd62f299125e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -147,6 +147,9 @@ where XXXXXX is the bug number as listed below.
 377376  memcheck/tests/linux/getregset fails with glibc2.24
 377427  PPC64, lxv instruction failing on odd destination register 
 377478  PPC64: ISA 3.0 setup fixes
+377698  Missing memory check for futex() uaddr arg for FUTEX_WAKE
+        and FUTEX_WAKE_BITSET, check only 4 args for FUTEX_WAKE_BITSET,
+        and 2 args for FUTEX_TRYLOCK_PI
 377717  Fix massive space leak when reading compressed debuginfo sections
 
 Release 3.12.0 (20 October 2016)

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 4136f59b4f167f14141eb6093eaae2034459d4b2..c79b98c7ce06ddd9f35df5010bc142f667bbe695 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -1610,9 +1610,11 @@ PRE(sys_futex)
       }
       break;
    case VKI_FUTEX_WAKE_BITSET:
-      PRE_REG_READ6(long, "futex", 
-                    vki_u32 *, futex, int, op, int, val,
-                    int, dummy, int, dummy2, int, val3);
+      PRE_REG_READ3(long, "futex",
+                    vki_u32 *, futex, int, op, int, val);
+      if (VG_(tdict).track_pre_reg_read) {
+         PRA6("futex", int, val3);
+      }
       break;
    case VKI_FUTEX_WAIT:
    case VKI_FUTEX_LOCK_PI:
@@ -1622,10 +1624,10 @@ PRE(sys_futex)
       break;
    case VKI_FUTEX_WAKE:
    case VKI_FUTEX_FD:
-   case VKI_FUTEX_TRYLOCK_PI:
       PRE_REG_READ3(long, "futex", 
                     vki_u32 *, futex, int, op, int, val);
       break;
+   case VKI_FUTEX_TRYLOCK_PI:
    case VKI_FUTEX_UNLOCK_PI:
    default:
       PRE_REG_READ2(long, "futex", vki_u32 *, futex, int, op);
@@ -1655,13 +1657,10 @@ PRE(sys_futex)
    case VKI_FUTEX_FD:
    case VKI_FUTEX_TRYLOCK_PI:
    case VKI_FUTEX_UNLOCK_PI:
-      PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
-     break;
-
    case VKI_FUTEX_WAKE:
    case VKI_FUTEX_WAKE_BITSET:
-      /* no additional pointers */
-      break;
+      PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
+     break;
 
    default:
       SET_STATUS_Failure( VKI_ENOSYS );   // some futex function we don't understand

diff --git a/memcheck/tests/arm64-linux/scalar.c b/memcheck/tests/arm64-linux/scalar.c
index e8f2e431496d020f472841cffa7cccca4558d8c1..cd8cb2af990f9e2a2bc258f4dab7b9728a96c5e7 100644 (file)
--- a/memcheck/tests/arm64-linux/scalar.c
+++ b/memcheck/tests/arm64-linux/scalar.c
@@ -1068,8 +1068,8 @@ int main(void)
    #define FUTEX_WAIT   0
    #endif
    // XXX: again, glibc not doing 6th arg means we have only 5s errors
-   GO(__NR_futex, "5s 2m");
-   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+   GO(__NR_futex, "4s 2m");
+   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;
 
    // __NR_sched_setaffinity 241
    GO(__NR_sched_setaffinity, "3s 1m");

diff --git a/memcheck/tests/arm64-linux/scalar.stderr.exp b/memcheck/tests/arm64-linux/scalar.stderr.exp
index 1dc20352621b0bb97d85508f1e671337c41e4ca6..fdfdb371a2f54c0aad9d9afa9b7a191f15cf83da 100644 (file)
--- a/memcheck/tests/arm64-linux/scalar.stderr.exp
+++ b/memcheck/tests/arm64-linux/scalar.stderr.exp
@@ -1958,7 +1958,7 @@ Syscall param fremovexattr(name) points to unaddressable byte(s)
 130:          __NR_tkill n/a
 -----------------------------------------------------
 -----------------------------------------------------
- 98:          __NR_futex 5s 2m
+ 98:          __NR_futex 4s 2m
 -----------------------------------------------------
 Syscall param futex(futex) contains uninitialised byte(s)
    ...

diff --git a/memcheck/tests/darwin/scalar.c b/memcheck/tests/darwin/scalar.c
index af4def4d32f104678ec606e206ebdacd1b4efe9c..d74996c6572cfc340db457be8d1bd59b9fa4222e 100644 (file)
--- a/memcheck/tests/darwin/scalar.c
+++ b/memcheck/tests/darwin/scalar.c
@@ -1654,8 +1654,8 @@ int main(void)
    #define FUTEX_WAIT   0
    #endif
    // XXX: again, glibc not doing 6th arg means we have only 5s errors
-   GO(__NR_futex, "5s 2m");
-   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+   GO(__NR_futex, "4s 2m");
+   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;
 
    // __NR_sched_setaffinity 241
    GO(__NR_sched_setaffinity, "3s 1m");

diff --git a/memcheck/tests/x86-linux/scalar.c b/memcheck/tests/x86-linux/scalar.c
index c0a318b3dbc10a756cb78cef6160718c3d065a30..6c6089196d556fd41df6ca8cb4abfbe458420428 100644 (file)
--- a/memcheck/tests/x86-linux/scalar.c
+++ b/memcheck/tests/x86-linux/scalar.c
@@ -1068,8 +1068,8 @@ int main(void)
    #define FUTEX_WAIT   0
    #endif
    // XXX: again, glibc not doing 6th arg means we have only 5s errors
-   GO(__NR_futex, "5s 2m");
-   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+   GO(__NR_futex, "4s 2m");
+   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;
 
    // __NR_sched_setaffinity 241
    GO(__NR_sched_setaffinity, "3s 1m");

diff --git a/memcheck/tests/x86-linux/scalar.stderr.exp b/memcheck/tests/x86-linux/scalar.stderr.exp
index d1af3136c32fdd52daaaddd7cd3d553d05b2a75b..ebee0640acfd6b05bb7fe5f08fca1bcd2a57c20c 100644 (file)
--- a/memcheck/tests/x86-linux/scalar.stderr.exp
+++ b/memcheck/tests/x86-linux/scalar.stderr.exp
@@ -3300,7 +3300,7 @@ Syscall param sendfile64(offset) points to unaddressable byte(s)
  Address 0x........ is not stack'd, malloc'd or (recently) free'd
 
 -----------------------------------------------------
-240:          __NR_futex 5s 2m
+240:          __NR_futex 4s 2m
 -----------------------------------------------------
 Syscall param futex(futex) contains uninitialised byte(s)
    ...