From 8b9a725140c5f65713e5978002f59d2031f5605a Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 14 May 2014 00:01:03 +0200 Subject: [PATCH] 3.9.0-13.svn20140513r13961 --- valgrind-3.9.0-msghdr.patch | 41 +++++++++++++++++++++++++++++++++++++ valgrind.spec | 15 +++++++++----- 2 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 valgrind-3.9.0-msghdr.patch diff --git a/valgrind-3.9.0-msghdr.patch b/valgrind-3.9.0-msghdr.patch new file mode 100644 index 0000000..85f18da --- /dev/null +++ b/valgrind-3.9.0-msghdr.patch @@ -0,0 +1,41 @@ +commit d67f20debc80ad98c76b0edb8fc44002ca9ea0cd +Author: Mark Wielaard +Date: Tue May 13 15:07:52 2014 +0200 + + Use safe_to_deref in coregrind syswrap-generic.c (msghdr_foreachfield). + + Call ML_(safe_to_deref) before using msghdr msg_name, msg_iov or msg_control. + Fixes bug #334705. + +diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c +index cdf64ea..f1207f4 100644 +--- a/coregrind/m_syswrap/syswrap-generic.c ++++ b/coregrind/m_syswrap/syswrap-generic.c +@@ -951,13 +951,15 @@ void msghdr_foreachfield ( + if ( recv ) + foreach_func ( tid, False, fieldName, (Addr)&msg->msg_flags, sizeof( msg->msg_flags ) ); + +- if ( msg->msg_name ) { ++ if ( ML_(safe_to_deref)(&msg->msg_name, sizeof (void *)) ++ && msg->msg_name ) { + VG_(sprintf) ( fieldName, "(%s.msg_name)", name ); + foreach_func ( tid, False, fieldName, + (Addr)msg->msg_name, msg->msg_namelen ); + } + +- if ( msg->msg_iov ) { ++ if ( ML_(safe_to_deref)(&msg->msg_iov, sizeof (void *)) ++ && msg->msg_iov ) { + struct vki_iovec *iov = msg->msg_iov; + UInt i; + +@@ -975,7 +977,8 @@ void msghdr_foreachfield ( + } + } + +- if ( msg->msg_control ) ++ if ( ML_(safe_to_deref) (&msg->msg_control, sizeof (void *)) ++ && msg->msg_control ) + { + VG_(sprintf) ( fieldName, "(%s.msg_control)", name ); + foreach_func ( tid, False, fieldName, diff --git a/valgrind.spec b/valgrind.spec index 1b6c021..b6d1e57 100644 --- a/valgrind.spec +++ b/valgrind.spec @@ -1,12 +1,12 @@ %{?scl:%scl_package valgrind} -%define svn_date 20140319 -%define svn_rev 13879 +%define svn_date 20140513 +%define svn_rev 13961 Summary: Tool for finding memory management bugs in programs Name: %{?scl_prefix}valgrind Version: 3.9.0 -Release: 12.svn%{?svn_date}r%{?svn_rev}%{?dist} +Release: 13.svn%{?svn_date}r%{?svn_rev}%{?dist} Epoch: 1 License: GPLv2+ URL: http://www.valgrind.org/ @@ -57,8 +57,8 @@ Patch4: valgrind-3.9.0-ldso-supp.patch # KDE#327943 - s390x missing index/strchr suppression for ld.so bad backtrace? Patch5: valgrind-3.9.0-s390x-ld-supp.patch -# KDE#333666 - No MPX (bndmov) instruction support in VEX -Patch6: valgrind-3.9.0-mpx.patch +# KDE#334705 - sendmsg and recvmsg should guard against bogus msghdr fields +Patch6: valgrind-3.9.0-msghdr.patch %if %{build_multilib} # Ensure glibc{,-devel} is installed for both multilib arches @@ -324,6 +324,11 @@ echo ===============END TESTING=============== %endif %changelog +* Tue May 13 2014 Mark Wielaard 3.9.0-13.svn20140513r13961 +- Update to upstream svn r13961. +- Remove valgrind-3.9.0-mpx.patch integrated upstream now. +- Add valgrind-3.9.0-msghdr.patch + * Thu May 8 2014 Mark Wielaard 3.9.0-12.svn20140319r13879 - Add valgrind-3.9.0-mpx.patch (#1087933)