Bug 359724 getsockname might crash - deref_UInt should call safe_to_deref

author Mark Wielaard <mark@klomp.org>

Tue, 23 Feb 2016 21:27:19 +0000 (21:27 +0000)

committer Mark Wielaard <mark@klomp.org>

Tue, 23 Feb 2016 21:27:19 +0000 (21:27 +0000)
author Mark Wielaard <mark@klomp.org>
Tue, 23 Feb 2016 21:27:19 +0000 (21:27 +0000)
committer Mark Wielaard <mark@klomp.org>
Tue, 23 Feb 2016 21:27:19 +0000 (21:27 +0000)
diff --git a/NEWS b/NEWS

index ad391bc6f2705a8417f67eb3164f73e0ac61e2e0..9d4ed1ace01330f45c12c7ab1d68ba3dd1cc9b5c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -75,6 +75,7 @@ where XXXXXX is the bug number as listed below.
  359289  s390x: popcnt (B9E1) not implemented
  359472  The Power PC vsubuqm instruction doesn't always give the correct result
  359703  s390: wire up separate socketcalls system calls
+359724  getsockname might crash - deref_UInt should call safe_to_deref
  
  n-i-bz Fix incorrect (or infinite loop) unwind on RHEL7 x86 and amd64
  n-i-bz massif --pages-as-heap=yes does not report peak caused by mmap+munmap
diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c

index 061c1e1436b8c2610ed045c04e622abfc524be8f..2eaf505db2700e28f61cf37e76223b84af523446 100644 (file)
--- a/coregrind/m_syswrap/syswrap-generic.c
+++ b/coregrind/m_syswrap/syswrap-generic.c
@@ -1200,7 +1200,7 @@ static UInt deref_UInt ( ThreadId tid, Addr a, const HChar* s )
  {
     UInt* a_p = (UInt*)a;
     PRE_MEM_READ( s, (Addr)a_p, sizeof(UInt) );
-   if (a_p == NULL)
+   if (a_p == NULL || ! ML_(safe_to_deref) (a_p, sizeof(UInt)))
        return 0;
     else
        return *a_p;
author	Mark Wielaard <mark@klomp.org>
	Tue, 23 Feb 2016 21:27:19 +0000 (21:27 +0000)
committer	Mark Wielaard <mark@klomp.org>
	Tue, 23 Feb 2016 21:27:19 +0000 (21:27 +0000)
NEWS		patch \| blob \| blame \| history
coregrind/m_syswrap/syswrap-generic.c		patch \| blob \| blame \| history