amd64/187808: Pointer validation gone missing for __vdso_gettimeofday()

Peter Holm peter at holm.cc
Fri Mar 21 13:00:01 UTC 2014 

The following reply was made to PR amd64/187808; it has been noted by GNATS.

From: Peter Holm <peter at holm.cc>
To: Konstantin Belousov <kostikbel at gmail.com>
Cc: freebsd-gnats-submit at freebsd.org
Subject: Re: amd64/187808: Pointer validation gone missing for
 __vdso_gettimeofday()
Date: Fri, 21 Mar 2014 13:56:46 +0100

 On Fri, Mar 21, 2014 at 02:30:44PM +0200, Konstantin Belousov wrote:
 > On Fri, Mar 21, 2014 at 09:26:26AM +0000, Peter Holm wrote:
 > > 
 > > >Number:         187808
 > > >Category:       amd64
 > > >Synopsis:       Pointer validation gone missing for __vdso_gettimeofday()
 > > >Confidential:   no
 > > >Severity:       non-critical
 > > >Priority:       low
 > > >Responsible:    freebsd-amd64
 > > >State:          open
 > > >Quarter:        
 > > >Keywords:       
 > > >Date-Required:
 > > >Class:          sw-bug
 > > >Submitter-Id:   current-users
 > > >Arrival-Date:   Fri Mar 21 09:30:00 UTC 2014
 > > >Closed-Date:
 > > >Last-Modified:
 > > >Originator:     Peter Holm
 > > >Release:        HEAD
 > > >Organization:
 > > >Environment:
 > > FreeBSD t2.osted.lan 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r263418M: Thu Mar 20 07:20:51 CET 2014     pho at t2.osted.lan:/usr/src/sys/amd64/compile/PHO  amd64
 > > >Description:
 > > If first argument to gettimeofday() is an invalid pointer the call does not return EFAULT.
 > > >How-To-Repeat:
 > > $ cat -n gettimeofday.c
 > >      1  #include <err.h>
 > >      2  #include <stdio.h>
 > >      3  #include <sys/time.h>
 > >      4  #include <sys/syscall.h>
 > >      5  #include <unistd.h>
 > >      6
 > >      7  int
 > >      8  main(void)
 > >      9  {
 > >     10          if (syscall(SYS_gettimeofday, (void *)-1, NULL) == -1)
 > >     11                  warn("syscall()");
 > >     12
 > >     13          /* broken by r237434 */
 > >     14          if (gettimeofday((void *)-1, NULL) == -1)
 > >     15                  warn("gettimeofday()");
 > >     16
 > >     17          return (0);
 > >     18  }
 > > $ cc -o gettimeofday -Wall -Wextra -O2 -g gettimeofday.c
 > > $ ./gettimeofday                                        
 > > gettimeofday: syscall(): Bad address
 > > Segmentation fault (core dumped)
 > > $ 
 > 
 > Nothing in the SUSvX requires the pointer to the struct timeval to be
 > validated, or rather, if pointer is not valid, the behaviour is undefined.
 > 
 > It is impossible to 'fix' this in reliable manner for userspace function.
 > The expectations are the same as for other functions, e.g. strcmp(3).
 
 Thank you for the explanation.
 
 - Peter

More information about the freebsd-amd64 mailing list