Date: Fri, 21 Mar 2014 09:26:26 GMT From: Peter Holm <pho@freebsd.org> To: freebsd-gnats-submit@FreeBSD.org Subject: amd64/187808: Pointer validation gone missing for __vdso_gettimeofday() Message-ID: <201403210926.s2L9QQDa004249@cgiserv.freebsd.org> Resent-Message-ID: <201403210930.s2L9U0u2070110@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 187808
>Category: amd64
>Synopsis: Pointer validation gone missing for __vdso_gettimeofday()
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 21 09:30:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Peter Holm
>Release: HEAD
>Organization:
>Environment:
FreeBSD t2.osted.lan 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r263418M: Thu Mar 20 07:20:51 CET 2014 pho@t2.osted.lan:/usr/src/sys/amd64/compile/PHO amd64
>Description:
If first argument to gettimeofday() is an invalid pointer the call does not return EFAULT.
>How-To-Repeat:
$ cat -n gettimeofday.c
1 #include <err.h>
2 #include <stdio.h>
3 #include <sys/time.h>
4 #include <sys/syscall.h>
5 #include <unistd.h>
6
7 int
8 main(void)
9 {
10 if (syscall(SYS_gettimeofday, (void *)-1, NULL) == -1)
11 warn("syscall()");
12
13 /* broken by r237434 */
14 if (gettimeofday((void *)-1, NULL) == -1)
15 warn("gettimeofday()");
16
17 return (0);
18 }
$ cc -o gettimeofday -Wall -Wextra -O2 -g gettimeofday.c
$ ./gettimeofday
gettimeofday: syscall(): Bad address
Segmentation fault (core dumped)
$
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403210926.s2L9QQDa004249>