From: Mark Wielaard <mark@klomp.org>
Date: Tue, 23 Feb 2016 21:27:19 +0000 (+0000)
Subject: Bug 359724 getsockname might crash - deref_UInt should call safe_to_deref
X-Git-Tag: svn/VALGRIND_3_12_0~214
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7cce36efe5223ae2766141552143441018780f3;p=thirdparty%2Fvalgrind.git

Bug 359724 getsockname might crash - deref_UInt should call safe_to_deref

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@15809
---

diff --git a/NEWS b/NEWS
index ad391bc6f2..9d4ed1ace0 100644
--- a/NEWS
+++ b/NEWS
@@ -75,6 +75,7 @@ where XXXXXX is the bug number as listed below.
 359289  s390x: popcnt (B9E1) not implemented
 359472  The Power PC vsubuqm instruction doesn't always give the correct result
 359703  s390: wire up separate socketcalls system calls
+359724  getsockname might crash - deref_UInt should call safe_to_deref
 
 n-i-bz Fix incorrect (or infinite loop) unwind on RHEL7 x86 and amd64
 n-i-bz massif --pages-as-heap=yes does not report peak caused by mmap+munmap
diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c
index 061c1e1436..2eaf505db2 100644
--- a/coregrind/m_syswrap/syswrap-generic.c
+++ b/coregrind/m_syswrap/syswrap-generic.c
@@ -1200,7 +1200,7 @@ static UInt deref_UInt ( ThreadId tid, Addr a, const HChar* s )
 {
    UInt* a_p = (UInt*)a;
    PRE_MEM_READ( s, (Addr)a_p, sizeof(UInt) );
-   if (a_p == NULL)
+   if (a_p == NULL || ! ML_(safe_to_deref) (a_p, sizeof(UInt)))
       return 0;
    else
       return *a_p;