Use safe_dereference in IPCOP_msgrcv. (Tom Hughes) git-svn-id: svn://svn.valgrind.org/valgrind/trunk@160 a5019735-40e9-0310-863c-91ae7b9d1cf9

commit: 59c255c1b39537252450b1f18125eb1cf0bca6ef [log] [tgz]
author: sewardj <sewardj@a5019735-40e9-0310-863c-91ae7b9d1cf9> Sat Apr 27 02:06:15 2002 +0000
committer: sewardj <sewardj@a5019735-40e9-0310-863c-91ae7b9d1cf9> Sat Apr 27 02:06:15 2002 +0000
tree: 510023bf35c0ac863212ed0b015b887ba2947880
parent: 9dfb4a71f7e6002b7261676e76a49a7625307137 [diff] [blame]
diff --git a/vg_syscall_mem.c b/vg_syscall_mem.c
index 30bf897..444f987 100644
--- a/vg_syscall_mem.c
+++ b/vg_syscall_mem.c

@@ -1212,12 +1212,15 @@
                }
             case 12: /* IPCOP_msgrcv */
                {
-                  struct msgbuf *msgp = ((struct ipc_kludge *)arg5)->msgp;
+                  struct msgbuf *msgp;
                   Int msgsz = arg3;
+ 
+                  msgp = (struct msgbuf *)safe_dereference( 
+                            (Addr) (&((struct ipc_kludge *)arg5)->msgp), 0 );
 
-                  must_be_writable ( tst, "msgsnd(msgp->mtype)", 
+                  must_be_writable ( tst, "msgrcv(msgp->mtype)", 
                                      (UInt)&msgp->mtype, sizeof(msgp->mtype) );
-                  must_be_writable ( tst, "msgsnd(msgp->mtext)", 
+                  must_be_writable ( tst, "msgrcv(msgp->mtext)", 
                                      (UInt)msgp->mtext, msgsz );
 
                   KERNEL_DO_SYSCALL(tid,res);
commit	59c255c1b39537252450b1f18125eb1cf0bca6ef	[log] [tgz]
author	sewardj <sewardj@a5019735-40e9-0310-863c-91ae7b9d1cf9>	Sat Apr 27 02:06:15 2002 +0000
committer	sewardj <sewardj@a5019735-40e9-0310-863c-91ae7b9d1cf9>	Sat Apr 27 02:06:15 2002 +0000
tree	510023bf35c0ac863212ed0b015b887ba2947880
parent	9dfb4a71f7e6002b7261676e76a49a7625307137 [diff] [blame]