amd64/187808: Pointer validation gone missing for __vdso_gettimeofday()

Konstantin Belousov kostikbel at gmail.com
Fri Mar 21 12:40:01 UTC 2014 

The following reply was made to PR amd64/187808; it has been noted by GNATS.

From: Konstantin Belousov <kostikbel at gmail.com>
To: Peter Holm <pho at freebsd.org>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: amd64/187808: Pointer validation gone missing for
 __vdso_gettimeofday()
Date: Fri, 21 Mar 2014 14:30:44 +0200

 --dUqh8vgUBVXHzm9w
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Fri, Mar 21, 2014 at 09:26:26AM +0000, Peter Holm wrote:
 >=20
 > >Number:         187808
 > >Category:       amd64
 > >Synopsis:       Pointer validation gone missing for __vdso_gettimeofday()
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-amd64
 > >State:          open
 > >Quarter:       =20
 > >Keywords:      =20
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Fri Mar 21 09:30:00 UTC 2014
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Peter Holm
 > >Release:        HEAD
 > >Organization:
 > >Environment:
 > FreeBSD t2.osted.lan 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r263418M: Thu M=
 ar 20 07:20:51 CET 2014     pho at t2.osted.lan:/usr/src/sys/amd64/compile/PHO=
   amd64
 > >Description:
 > If first argument to gettimeofday() is an invalid pointer the call does n=
 ot return EFAULT.
 > >How-To-Repeat:
 > $ cat -n gettimeofday.c
 >      1  #include <err.h>
 >      2  #include <stdio.h>
 >      3  #include <sys/time.h>
 >      4  #include <sys/syscall.h>
 >      5  #include <unistd.h>
 >      6
 >      7  int
 >      8  main(void)
 >      9  {
 >     10          if (syscall(SYS_gettimeofday, (void *)-1, NULL) =3D=3D -1)
 >     11                  warn("syscall()");
 >     12
 >     13          /* broken by r237434 */
 >     14          if (gettimeofday((void *)-1, NULL) =3D=3D -1)
 >     15                  warn("gettimeofday()");
 >     16
 >     17          return (0);
 >     18  }
 > $ cc -o gettimeofday -Wall -Wextra -O2 -g gettimeofday.c
 > $ ./gettimeofday                                       =20
 > gettimeofday: syscall(): Bad address
 > Segmentation fault (core dumped)
 > $=20
 
 Nothing in the SUSvX requires the pointer to the struct timeval to be
 validated, or rather, if pointer is not valid, the behaviour is undefined.
 
 It is impossible to 'fix' this in reliable manner for userspace function.
 The expectations are the same as for other functions, e.g. strcmp(3).
 
 --dUqh8vgUBVXHzm9w
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (FreeBSD)
 
 iQIcBAEBAgAGBQJTLDDzAAoJEJDCuSvBvK1BUokP/0VZKbQUO8c53XTIn7W7+VWH
 MGqD4/F/ylbH5S7MpRasMcw+ARDAyfQ44gdu7EqK8XOcL90l5BXQejZ/D+8s6X5I
 lRyp2IwPQvIEdHSTDKdooJOAF16hdNEc27VFjC2EulnH2t3s1zD2ksYqcCGukdGp
 lZ20wLKXWbZuDpXcIK4hVXFl/MwTwMUIUR9sAdk6cueWlm94EqQ63oe/Nh75jaTS
 sTAd7R/UwLmTJ9rqIvMP1ak/KWrK1UWYAZxkc5uR8prR37ANKo2yKOaowoYoMsJ4
 0noiIl+srjGQUGCVjJTEEN06hMZLcyw5eiGN6sYRjnpTwF69bbiMmq1Sv0QYEvGn
 vQa7R/i1QKyREy+1iNeMIPSJBca1Dbe5OX9rd/8Q1x1hICZcmo7PtGWXEbFFbpNk
 AZCSNiZ4P9zZUNrLqGka4NhcpbimesUSvFw0JCpmMK6UhN1CM+7M9AL6cTDP8QpN
 oE6aR6IiRgnTm5PaAhn9CewX6numTUJNhJ7HZ8pcAPkuFJmrjnkpD/9TIK2dT2bH
 LQmiHMq+iqh4XeJQR1l4mPwfUv5h9jclrT7rElzQ/oDkqvdHIi1U5DBEeho4czns
 OiT0hJQ7aXx3k7K0M/gb27D4ruSZ+mByn1aSmKTqfmrp0Z8vnc1/JIXFj6MprfCB
 k9heks5TRXsGAZNKzU2+
 =F5Z4
 -----END PGP SIGNATURE-----
 
 --dUqh8vgUBVXHzm9w--

More information about the freebsd-amd64 mailing list