_pre_mem_asciiz handlers in both tools: don't segfault if passed an
obviously invalid address. Fixes #255009. Investigation & initial
patch by Philippe Waroquiers (philippe.waroquiers@skynet.be)
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@11533 a5019735-40e9-0310-863c-91ae7b9d1cf9
diff --git a/drd/drd_main.c b/drd/drd_main.c
index 239f498..7398404 100644
--- a/drd/drd_main.c
+++ b/drd/drd_main.c
@@ -51,6 +51,7 @@
#include "pub_tool_replacemalloc.h"
#include "pub_tool_threadstate.h" // VG_(get_running_tid)()
#include "pub_tool_tooliface.h"
+#include "pub_tool_aspacemgr.h" // VG_(am_is_valid_for_client)
/* Local variables. */
@@ -257,6 +258,13 @@
const char* p = (void*)a;
SizeT size = 0;
+ // Don't segfault if the string starts in an obviously stupid
+ // place. Actually we should check the whole string, not just
+ // the start address, but that's too much trouble. At least
+ // checking the first byte is better than nothing. See #255009.
+ if (!VG_(am_is_valid_for_client) (a, 1, VKI_PROT_READ))
+ return;
+
/* Note: the expression '*p' reads client memory and may crash if the */
/* client provided an invalid pointer ! */
while (*p)