From: Ivo Raisr <ivosh@ivosh.net>
Date: Fri, 5 May 2017 13:20:15 +0000 (+0000)
Subject: Fix Valgrind internal error when dereferencing memory supplied by a client
X-Git-Tag: svn/VALGRIND_3_13_0~100
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41decc89fe2d5790e966b16460cfbedbeee3666a;p=thirdparty%2Fvalgrind.git

Fix Valgrind internal error when dereferencing memory supplied by a client
in ptrace(getregset) and ptrace(setregset) syscall wrappers.
n-i-bz


git-svn-id: svn://svn.valgrind.org/valgrind/trunk@16334
---

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 9ed7adc974..ad78d1eea1 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -11190,12 +11190,12 @@ ML_(linux_PRE_getregset) ( ThreadId tid, long arg3, long arg4 )
 {
    struct vki_iovec *iov = (struct vki_iovec *) arg4;
 
-   PRE_MEM_READ("ptrace(getregset iovec->iov_base)",
-		(unsigned long) &iov->iov_base, sizeof(iov->iov_base));
-   PRE_MEM_READ("ptrace(getregset iovec->iov_len)",
-		(unsigned long) &iov->iov_len, sizeof(iov->iov_len));
-   PRE_MEM_WRITE("ptrace(getregset *(iovec->iov_base))",
-		 (unsigned long) iov->iov_base, iov->iov_len);
+   PRE_FIELD_READ("ptrace(getregset iovec->iov_base)", iov->iov_base);
+   PRE_FIELD_READ("ptrace(getregset iovec->iov_len)", iov->iov_len);
+   if (ML_(safe_to_deref)(iov, sizeof(struct vki_iovec))) {
+      PRE_MEM_WRITE("ptrace(getregset *(iovec->iov_base))",
+                    (Addr) iov->iov_base, iov->iov_len);
+   }
 }
 
 void
@@ -11203,12 +11203,12 @@ ML_(linux_PRE_setregset) ( ThreadId tid, long arg3, long arg4 )
 {
    struct vki_iovec *iov = (struct vki_iovec *) arg4;
 
-   PRE_MEM_READ("ptrace(setregset iovec->iov_base)",
-		(unsigned long) &iov->iov_base, sizeof(iov->iov_base));
-   PRE_MEM_READ("ptrace(setregset iovec->iov_len)",
-		(unsigned long) &iov->iov_len, sizeof(iov->iov_len));
-   PRE_MEM_READ("ptrace(setregset *(iovec->iov_base))",
-		(unsigned long) iov->iov_base, iov->iov_len);
+   PRE_FIELD_READ("ptrace(setregset iovec->iov_base)", iov->iov_base);
+   PRE_FIELD_READ("ptrace(setregset iovec->iov_len)", iov->iov_len);
+   if (ML_(safe_to_deref)(iov, sizeof(struct vki_iovec))) {
+      PRE_MEM_READ("ptrace(setregset *(iovec->iov_base))",
+                   (Addr) iov->iov_base, iov->iov_len);
+   }
 }
 
 void