Discussion:
Valgrind: r16285 - in /trunk: ./ coregrind/m_syswrap/ memcheck/tests/arm64-linux/ memcheck/tests/darwin/ memcheck/tests/x86-linux/
(too old to reply)
s***@valgrind.org
2017-03-23 23:22:21 UTC
Permalink
Raw Message
Author: iraisr
Date: Thu Mar 23 23:22:21 2017
New Revision: 16285

Log:
Fix for 377698 - Missing memory check for futex() uaddr arg for FUTEX_WAKE,
and FUTEX_WAKE_BITSET, check only 4 args for FUTEX_WAKE_BITSET,
and 2 args for FUTEX_TRYLOCK_PI.
Fixes BZ#377698.
Patch by: ***@oracle.com

Modified:
trunk/NEWS
trunk/coregrind/m_syswrap/syswrap-linux.c
trunk/memcheck/tests/arm64-linux/scalar.c
trunk/memcheck/tests/arm64-linux/scalar.stderr.exp
trunk/memcheck/tests/darwin/scalar.c
trunk/memcheck/tests/x86-linux/scalar.c
trunk/memcheck/tests/x86-linux/scalar.stderr.exp

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS (original)
+++ trunk/NEWS Thu Mar 23 23:22:21 2017
@@ -147,6 +147,9 @@
377376 memcheck/tests/linux/getregset fails with glibc2.24
377427 PPC64, lxv instruction failing on odd destination register
377478 PPC64: ISA 3.0 setup fixes
+377698 Missing memory check for futex() uaddr arg for FUTEX_WAKE
+ and FUTEX_WAKE_BITSET, check only 4 args for FUTEX_WAKE_BITSET,
+ and 2 args for FUTEX_TRYLOCK_PI
377717 Fix massive space leak when reading compressed debuginfo sections

Release 3.12.0 (20 October 2016)

Modified: trunk/coregrind/m_syswrap/syswrap-linux.c
==============================================================================
--- trunk/coregrind/m_syswrap/syswrap-linux.c (original)
+++ trunk/coregrind/m_syswrap/syswrap-linux.c Thu Mar 23 23:22:21 2017
@@ -1610,9 +1610,11 @@
}
break;
case VKI_FUTEX_WAKE_BITSET:
- PRE_REG_READ6(long, "futex",
- vki_u32 *, futex, int, op, int, val,
- int, dummy, int, dummy2, int, val3);
+ PRE_REG_READ3(long, "futex",
+ vki_u32 *, futex, int, op, int, val);
+ if (VG_(tdict).track_pre_reg_read) {
+ PRA6("futex", int, val3);
+ }
break;
case VKI_FUTEX_WAIT:
case VKI_FUTEX_LOCK_PI:
@@ -1622,10 +1624,10 @@
break;
case VKI_FUTEX_WAKE:
case VKI_FUTEX_FD:
- case VKI_FUTEX_TRYLOCK_PI:
PRE_REG_READ3(long, "futex",
vki_u32 *, futex, int, op, int, val);
break;
+ case VKI_FUTEX_TRYLOCK_PI:
case VKI_FUTEX_UNLOCK_PI:
default:
PRE_REG_READ2(long, "futex", vki_u32 *, futex, int, op);
@@ -1655,13 +1657,10 @@
case VKI_FUTEX_FD:
case VKI_FUTEX_TRYLOCK_PI:
case VKI_FUTEX_UNLOCK_PI:
- PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
- break;
-
case VKI_FUTEX_WAKE:
case VKI_FUTEX_WAKE_BITSET:
- /* no additional pointers */
- break;
+ PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
+ break;

default:
SET_STATUS_Failure( VKI_ENOSYS ); // some futex function we don't understand

Modified: trunk/memcheck/tests/arm64-linux/scalar.c
==============================================================================
--- trunk/memcheck/tests/arm64-linux/scalar.c (original)
+++ trunk/memcheck/tests/arm64-linux/scalar.c Thu Mar 23 23:22:21 2017
@@ -1068,8 +1068,8 @@
#define FUTEX_WAIT 0
#endif
// XXX: again, glibc not doing 6th arg means we have only 5s errors
- GO(__NR_futex, "5s 2m");
- SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+ GO(__NR_futex, "4s 2m");
+ SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;

// __NR_sched_setaffinity 241
GO(__NR_sched_setaffinity, "3s 1m");

Modified: trunk/memcheck/tests/arm64-linux/scalar.stderr.exp
==============================================================================
--- trunk/memcheck/tests/arm64-linux/scalar.stderr.exp (original)
+++ trunk/memcheck/tests/arm64-linux/scalar.stderr.exp Thu Mar 23 23:22:21 2017
@@ -1958,7 +1958,7 @@
130: __NR_tkill n/a
-----------------------------------------------------
-----------------------------------------------------
- 98: __NR_futex 5s 2m
+ 98: __NR_futex 4s 2m
-----------------------------------------------------
Syscall param futex(futex) contains uninitialised byte(s)
...

Modified: trunk/memcheck/tests/darwin/scalar.c
==============================================================================
--- trunk/memcheck/tests/darwin/scalar.c (original)
+++ trunk/memcheck/tests/darwin/scalar.c Thu Mar 23 23:22:21 2017
@@ -1654,8 +1654,8 @@
#define FUTEX_WAIT 0
#endif
// XXX: again, glibc not doing 6th arg means we have only 5s errors
- GO(__NR_futex, "5s 2m");
- SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+ GO(__NR_futex, "4s 2m");
+ SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;

// __NR_sched_setaffinity 241
GO(__NR_sched_setaffinity, "3s 1m");

Modified: trunk/memcheck/tests/x86-linux/scalar.c
==============================================================================
--- trunk/memcheck/tests/x86-linux/scalar.c (original)
+++ trunk/memcheck/tests/x86-linux/scalar.c Thu Mar 23 23:22:21 2017
@@ -1068,8 +1068,8 @@
#define FUTEX_WAIT 0
#endif
// XXX: again, glibc not doing 6th arg means we have only 5s errors
- GO(__NR_futex, "5s 2m");
- SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+ GO(__NR_futex, "4s 2m");
+ SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;

// __NR_sched_setaffinity 241
GO(__NR_sched_setaffinity, "3s 1m");

Modified: trunk/memcheck/tests/x86-linux/scalar.stderr.exp
==============================================================================
--- trunk/memcheck/tests/x86-linux/scalar.stderr.exp (original)
+++ trunk/memcheck/tests/x86-linux/scalar.stderr.exp Thu Mar 23 23:22:21 2017
@@ -3300,7 +3300,7 @@
Address 0x........ is not stack'd, malloc'd or (recently) free'd

-----------------------------------------------------
-240: __NR_futex 5s 2m
+240: __NR_futex 4s 2m
-----------------------------------------------------
Syscall param futex(futex) contains uninitialised byte(s)
...

Loading...