Bug 503914

Summary: mount syscall param filesystemtype may be NULL
Product: [Developer tools] valgrind Reporter: Mark Wielaard <mark>
Component: generalAssignee: Julian Seward <jseward>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version First Reported In: 3.25 GIT   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Mark Wielaard 2025-05-08 09:58:50 UTC 
On Linux depending on flags the source, type and data my be ignored.
We already don't check data and allow source to be NULL.
Normally when type is ignored an application will provide an empty string "".
But sometimes NULL is passed (like for source).
So we should also allow type to be NULL to prevent false positives.

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 6f3917830fa4..afd4a618b12f 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -1000,7 +1000,8 @@ PRE(sys_mount)
 {
    // Nb: depending on 'flags', the 'type' and 'data' args may be ignored.
    // We are conservative and check everything, except the memory pointed to
-   // by 'data'.
+   // by 'data'. And since both 'source' and 'type' may be ignored, we allow
+   // them to be NULL.
    *flags |= SfMayBlock;
    PRINT("sys_mount( %#" FMT_REGWORD "x(%s), %#" FMT_REGWORD "x(%s), %#"
          FMT_REGWORD "x(%s), %#" FMT_REGWORD "x, %#" FMT_REGWORD "x )",
@@ -1012,7 +1013,8 @@ PRE(sys_mount)
    if (ARG1)
       PRE_MEM_RASCIIZ( "mount(source)", ARG1);
    PRE_MEM_RASCIIZ( "mount(target)", ARG2);
-   PRE_MEM_RASCIIZ( "mount(type)", ARG3);
+   if (ARG3)
+      PRE_MEM_RASCIIZ( "mount(type)", ARG3);
 }
 
 PRE(sys_oldumount)
Comment 1 Mark Wielaard 2025-05-08 23:03:45 UTC 
commit ff6e14ab798af0628c54c6a704c1cb8844a79419
Author: Mark Wielaard <mark@klomp.org>
Date:   Fri May 9 00:21:25 2025 +0200

    mount syscall param filesystemtype may be NULL
    
    On Linux the mount syscall, depending on flags provided, the source,
    type and data my be ignored.  We already don't check data and allow
    source to be NULL.  Normally when type is ignored an application will
    provide an empty string "".  But sometimes NULL is passed (like for
    source).  So we now also allow type to be NULL to prevent false
    positives.
    
    Adjust the linux/scalar.c tests so the type param is still
    unaddressable.
    
    https://bugs.kde.org/show_bug.cgi?id=503914