From: Julian Seward Date: Sat, 17 Nov 2007 01:49:06 +0000 (+0000) Subject: Don't segfault on syscall (SYS_io_destroy, 0). (Jakub Jelinek) Fixes X-Git-Tag: svn/VALGRIND_3_3_0~121 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8dd547a5300ac42693d403b24735d7a83d475d97;p=thirdparty%2Fvalgrind.git Don't segfault on syscall (SYS_io_destroy, 0). (Jakub Jelinek) Fixes #147325. git-svn-id: svn://svn.valgrind.org/valgrind/trunk@7170 --- diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index 0d8c90a180..96cbe37149 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -1223,17 +1223,18 @@ POST(sys_io_setup) // file-descriptors are closed... PRE(sys_io_destroy) { - struct vki_aio_ring *r; - SizeT size; + SizeT size = 0; PRINT("sys_io_destroy ( %llu )", (ULong)ARG1); PRE_REG_READ1(long, "io_destroy", vki_aio_context_t, ctx); // If we are going to seg fault (due to a bogus ARG1) do it as late as // possible... - r = (struct vki_aio_ring *)ARG1; - size = VG_PGROUNDUP(sizeof(struct vki_aio_ring) + - r->nr*sizeof(struct vki_io_event)); + if (ML_(safe_to_deref)( (void*)ARG1, sizeof(struct vki_aio_ring))) { + struct vki_aio_ring *r = (struct vki_aio_ring *)ARG1; + size = VG_PGROUNDUP(sizeof(struct vki_aio_ring) + + r->nr*sizeof(struct vki_io_event)); + } SET_STATUS_from_SysRes( VG_(do_syscall1)(SYSNO, ARG1) );