Use safe_dereference in IPCOP_msgrcv. (Tom Hughes)

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@160

diff --git a/vg_syscall_mem.c b/vg_syscall_mem.c
index 30bf897fb263206808d0e8806a510ed4223ff8f6..444f987e4fcb7ff1bf1a311ff9d6137a0720209c 100644 (file)
--- a/vg_syscall_mem.c
+++ b/vg_syscall_mem.c
@@ -1212,12 +1212,15 @@ void VG_(perform_assumed_nonblocking_syscall) ( ThreadId tid )
                }
             case 12: /* IPCOP_msgrcv */
                {
-                  struct msgbuf *msgp = ((struct ipc_kludge *)arg5)->msgp;
+                  struct msgbuf *msgp;
                   Int msgsz = arg3;
+ 
+                  msgp = (struct msgbuf *)safe_dereference( 
+                            (Addr) (&((struct ipc_kludge *)arg5)->msgp), 0 );
 
-                  must_be_writable ( tst, "msgsnd(msgp->mtype)", 
+                  must_be_writable ( tst, "msgrcv(msgp->mtype)", 
                                      (UInt)&msgp->mtype, sizeof(msgp->mtype) );
-                  must_be_writable ( tst, "msgsnd(msgp->mtext)", 
+                  must_be_writable ( tst, "msgrcv(msgp->mtext)", 
                                      (UInt)msgp->mtext, msgsz );
 
                   KERNEL_DO_SYSCALL(tid,res);