3.9.0-13.svn20140513r13961

valgrind-3.9.0-msghdr.patch

@@ -0,0 +1,41 @@
+commit d67f20debc80ad98c76b0edb8fc44002ca9ea0cd
+Author: Mark Wielaard <mjw@redhat.com>
+Date:   Tue May 13 15:07:52 2014 +0200
+
+    Use safe_to_deref in coregrind syswrap-generic.c (msghdr_foreachfield).
+    
+    Call ML_(safe_to_deref) before using msghdr msg_name, msg_iov or msg_control.
+    Fixes bug #334705.
+
+diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c
+index cdf64ea..f1207f4 100644
+--- a/coregrind/m_syswrap/syswrap-generic.c
++++ b/coregrind/m_syswrap/syswrap-generic.c
+@@ -951,13 +951,15 @@ void msghdr_foreachfield (
+    if ( recv )
+       foreach_func ( tid, False, fieldName, (Addr)&msg->msg_flags, sizeof( msg->msg_flags ) );
+ 
+-   if ( msg->msg_name ) {
++   if ( ML_(safe_to_deref)(&msg->msg_name, sizeof (void *))
++        && msg->msg_name ) {
+       VG_(sprintf) ( fieldName, "(%s.msg_name)", name );
+       foreach_func ( tid, False, fieldName, 
+                      (Addr)msg->msg_name, msg->msg_namelen );
+    }
+ 
+-   if ( msg->msg_iov ) {
++   if ( ML_(safe_to_deref)(&msg->msg_iov, sizeof (void *))
++        && msg->msg_iov ) {
+       struct vki_iovec *iov = msg->msg_iov;
+       UInt i;
+ 
+@@ -975,7 +977,8 @@ void msghdr_foreachfield (
+       }
+    }
+ 
+-   if ( msg->msg_control ) 
++   if ( ML_(safe_to_deref) (&msg->msg_control, sizeof (void *))
++        && msg->msg_control )
+    {
+       VG_(sprintf) ( fieldName, "(%s.msg_control)", name );
+       foreach_func ( tid, False, fieldName, 

valgrind.spec

@@ -1,12 +1,12 @@
 %{?scl:%scl_package valgrind}
 
-%define svn_date 20140319
-%define svn_rev 13879
+%define svn_date 20140513
+%define svn_rev 13961
 
 Summary: Tool for finding memory management bugs in programs
 Name: %{?scl_prefix}valgrind
 Version: 3.9.0
-Release: 12.svn%{?svn_date}r%{?svn_rev}%{?dist}
+Release: 13.svn%{?svn_date}r%{?svn_rev}%{?dist}
 Epoch: 1
 License: GPLv2+
 URL: http://www.valgrind.org/
@@ -57,8 +57,8 @@ Patch4: valgrind-3.9.0-ldso-supp.patch
 # KDE#327943 - s390x missing index/strchr suppression for ld.so bad backtrace?
 Patch5: valgrind-3.9.0-s390x-ld-supp.patch
 
-# KDE#333666 - No MPX (bndmov) instruction support in VEX
-Patch6: valgrind-3.9.0-mpx.patch
+# KDE#334705 - sendmsg and recvmsg should guard against bogus msghdr fields
+Patch6: valgrind-3.9.0-msghdr.patch
 
 %if %{build_multilib}
 # Ensure glibc{,-devel} is installed for both multilib arches
@@ -324,6 +324,11 @@ echo ===============END TESTING===============
 %endif
 
 %changelog
+* Tue May 13 2014 Mark Wielaard <mjw@redhat.com> 3.9.0-13.svn20140513r13961
+- Update to upstream svn r13961.
+- Remove valgrind-3.9.0-mpx.patch integrated upstream now.
+- Add valgrind-3.9.0-msghdr.patch
+
 * Thu May 8 2014 Mark Wielaard <mjw@redhat.com> 3.9.0-12.svn20140319r13879
 - Add valgrind-3.9.0-mpx.patch (#1087933)