From 300d541a82d9966e833e4db9028011121253a19b Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Fri, 11 Jul 2025 17:18:47 +0200 Subject: [PATCH] Check ppoll ufds array is safe to deref before checking fd members LTP ppoll01 provides a bad fds array to ppoll as a testcase. memcheck should warn (through PRE_MEM_READ) this array is bad. But it shouldn't try to derefence anything if is isn't safe. --- coregrind/m_syswrap/syswrap-linux.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index a5e1f9d65..51a47a16f 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -2041,6 +2041,8 @@ static void ppoll_pre_helper ( ThreadId tid, SyscallArgLayout* layout, for (i = 0; i < ARG2; i++) { PRE_MEM_READ( "ppoll(ufds.fd)", (Addr)(&ufds[i].fd), sizeof(ufds[i].fd) ); + if (!ML_(safe_to_deref)(&ufds[i].fd, sizeof(ufds[i].fd))) + break; if (ufds[i].fd >= 0) { PRE_MEM_READ( "ppoll(ufds.events)", (Addr)(&ufds[i].events), sizeof(ufds[i].events) ); -- 2.47.2