From: Mark Wielaard <mark@klomp.org>
Date: Mon, 24 Feb 2014 15:09:21 +0000 (+0000)
Subject: BZ#331380 cont. Don't crash if evp->sigev_notify is invalid. Fix scalar test.
X-Git-Tag: svn/VALGRIND_3_10_0~599
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85d5d547379aeac2e131382bbf306fec9ccee551;p=thirdparty%2Fvalgrind.git

BZ#331380 cont. Don't crash if evp->sigev_notify is invalid. Fix scalar test.

We check evp.sigev_notify_thread_id only if evp->sigev_notify has
SIGEV_THREAD_ID set. But before checking we need to make sure accessing
evp->sigev_notify is valid.

Fix memcheck/tests/x86-linux/scalar.stderr.exp output.
We now produce separate warnings for the 3 different fields.

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@13837
---

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 1a7fa6b78b..1b1e65ef7a 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -2183,7 +2183,8 @@ PRE(sys_timer_create)
                     sizeof(int) );
       PRE_MEM_READ( "timer_create(evp.sigev_notify)", (Addr)&evp->sigev_notify,
                     sizeof(int) );
-      if ((evp->sigev_notify & VKI_SIGEV_THREAD_ID) != 0)
+      if (ML_(safe_to_deref)(&evp->sigev_notify, sizeof(int))
+          && (evp->sigev_notify & VKI_SIGEV_THREAD_ID) != 0)
          PRE_MEM_READ( "timer_create(evp.sigev_notify_thread_id)",
                        (Addr)&evp->vki_sigev_notify_thread_id, sizeof(int) );
    }
diff --git a/memcheck/tests/x86-linux/scalar.stderr.exp b/memcheck/tests/x86-linux/scalar.stderr.exp
index e1a2bf2194..2114db99b8 100644
--- a/memcheck/tests/x86-linux/scalar.stderr.exp
+++ b/memcheck/tests/x86-linux/scalar.stderr.exp
@@ -3602,7 +3602,17 @@ Syscall param timer_create(timerid) contains uninitialised byte(s)
    ...
    by 0x........: main (scalar.c:1158)
 
-Syscall param timer_create(evp) points to unaddressable byte(s)
+Syscall param timer_create(evp.sigev_value) points to unaddressable byte(s)
+   ...
+   by 0x........: main (scalar.c:1158)
+ Address 0x........ is not stack'd, malloc'd or (recently) free'd
+
+Syscall param timer_create(evp.sigev_signo) points to unaddressable byte(s)
+   ...
+   by 0x........: main (scalar.c:1158)
+ Address 0x........ is not stack'd, malloc'd or (recently) free'd
+
+Syscall param timer_create(evp.sigev_notify) points to unaddressable byte(s)
    ...
    by 0x........: main (scalar.c:1158)
  Address 0x........ is not stack'd, malloc'd or (recently) free'd