From: Mark Wielaard Date: Thu, 2 Mar 2017 11:14:36 +0000 (+0000) Subject: Fix two safe_to_deref/sizeof mismatches in sys_sigaction/sys_rt_sigaction. X-Git-Tag: svn/VALGRIND_3_13_0~163 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=add127dbf918b5c03c2d79a5d31dde689c17dcf4;p=thirdparty%2Fvalgrind.git Fix two safe_to_deref/sizeof mismatches in sys_sigaction/sys_rt_sigaction. Before dereferencing the sigaction pointer and reading the fields we need to make sure the whole struct is safe_to_deref. We were using the size of the pointer, but needed the size of the struct. git-svn-id: svn://svn.valgrind.org/valgrind/trunk@16258 --- diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index 03064aa37d..02fb127c71 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -3715,7 +3715,7 @@ PRE(sys_sigaction) PRE_MEM_READ( "sigaction(act->sa_handler)", (Addr)&sa->ksa_handler, sizeof(sa->ksa_handler)); PRE_MEM_READ( "sigaction(act->sa_mask)", (Addr)&sa->sa_mask, sizeof(sa->sa_mask)); PRE_MEM_READ( "sigaction(act->sa_flags)", (Addr)&sa->sa_flags, sizeof(sa->sa_flags)); - if (ML_(safe_to_deref)(sa,sizeof(sa)) + if (ML_(safe_to_deref)(sa,sizeof(struct vki_old_sigaction)) && (sa->sa_flags & VKI_SA_RESTORER)) PRE_MEM_READ( "sigaction(act->sa_restorer)", (Addr)&sa->sa_restorer, sizeof(sa->sa_restorer)); } @@ -3828,7 +3828,7 @@ PRE(sys_rt_sigaction) PRE_MEM_READ( "rt_sigaction(act->sa_handler)", (Addr)&sa->ksa_handler, sizeof(sa->ksa_handler)); PRE_MEM_READ( "rt_sigaction(act->sa_mask)", (Addr)&sa->sa_mask, sizeof(sa->sa_mask)); PRE_MEM_READ( "rt_sigaction(act->sa_flags)", (Addr)&sa->sa_flags, sizeof(sa->sa_flags)); - if (ML_(safe_to_deref)(sa,sizeof(sa)) + if (ML_(safe_to_deref)(sa,sizeof(vki_sigaction_toK_t)) && (sa->sa_flags & VKI_SA_RESTORER)) PRE_MEM_READ( "rt_sigaction(act->sa_restorer)", (Addr)&sa->sa_restorer, sizeof(sa->sa_restorer)); }