Bug 379373

Summary: [PATCH] Syscall param msg->desc.port.name points to uninitialised byte(s) on macOS 10.12
Product: [Developer tools] valgrind Reporter: Rhys Kidd <rhyskidd>
Component: generalAssignee: Rhys Kidd <rhyskidd>
Status: RESOLVED FIXED    
Severity: normal CC: louis.brunner.fr, zerderr
Priority: NOR    
Version: 3.13 SVN   
Target Milestone: ---   
Platform: macOS (DMG)   
OS: macOS   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Bug Depends on:    
Bug Blocks: 365327    
Attachments: Define the kernelrpc_mach_port_construct_trap mach trap

Description Rhys Kidd 2017-04-30 01:07:16 UTC 
As reported on macOS 10.12:

Syscall param msg->desc.port.name points to uninitialised byte(s)
    at 0x1003AC34A: mach_msg_trap (in /usr/lib/system/libsystem_kernel.dylib)
    by 0x1003AB796: mach_msg (in /usr/lib/system/libsystem_kernel.dylib)
    by 0x1003A5485: task_set_special_port (in /usr/lib/system/libsystem_kernel.dylib)
    by 0x10054110E: _os_trace_create_debug_control_port (in /usr/lib/system/libsystem_trace.dylib)
    by 0x100541458: _libtrace_init (in /usr/lib/system/libsystem_trace.dylib)
    by 0x1000AA9DF: libSystem_initializer (in /usr/lib/libSystem.B.dylib)
    by 0x10001AA1A: ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) (in /usr/lib/dyld)
    by 0x10001AC1D: ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) (in /usr/lib/dyld)
    by 0x1000164A9: ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in /usr/lib/dyld)
    by 0x100016440: ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in /usr/lib/dyld)
    by 0x100015523: ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in /usr/lib/dyld)
    by 0x1000155B8: ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) (in /usr/lib/dyld)
  Address 0x10488de8c is on thread 1's stack
  in frame #2, created by task_set_special_port (???:)

Reproducible: Always

Steps to Reproduce:
1. ./vg-in-place -d true
Comment 1 Louis Brunner 2017-05-12 11:26:19 UTC 
Created attachment 105470 [details]
Define the kernelrpc_mach_port_construct_trap mach trap

The problem seems to be caused by a call to task_set_special_port with a port constructed with mach_port_construct (handled by kernelrpc_mach_port_construct_trap). The attached patch resolves the issue by implementing the checks in the PRE/POST of this trap.
Comment 2 Rhys Kidd 2017-09-10 14:55:41 UTC 
Thanks for the patch Louis.

A version of the patch landed in git as:
128fd6e Fix syscall param msg->desc.port.name on macOS 10.12. bz#379373