From: Paul Floyd <pjfloyd@wanadoo.fr>
Date: Sun, 10 Apr 2022 18:55:28 +0000 (+0200)
Subject: Fix a crash handling fexecve.
X-Git-Tag: VALGRIND_3_19_0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f83395616befb96af66ec2cc7f4330605271faf;p=thirdparty%2Fvalgrind.git

Fix a crash handling fexecve.

Found this by testing the Solaris execx (the bits that are
Linux-cmpatible) test. That was giving

--28286-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--28286-- si_code=2;  Faulting address: 0x4A0095A;  sp: 0x1002ca9c88

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==28286==    at 0x5803DE54: vgPlain_strcpy (m_libcbase.c:309)
==28286==    by 0x5810A9B3: vgSysWrap_linux_sys_execveat_before (syswrap-linux.c:13310)
==28286==    by 0x580953C9: vgPlain_client_syscall (syswrap-main.c:2234)

It's a mistake to copy the path obtained with VG_(resolve_filename) to
the client ARG2, it's unlikely to have space for the path.

Instead just copy the pointer.
---

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 38edccc983..e2fafd4213 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -13307,7 +13307,7 @@ PRE(sys_execveat)
            if (path[0] == '\0') {
                if (ARG5 & VKI_AT_EMPTY_PATH) {
                    if (VG_(resolve_filename)(ARG1, &buf)) {
-                       VG_(strcpy)(path, buf);
+                       path = buf;
                        check_pathptr = False;
                    }
                }