379373 – [PATCH] Syscall param msg->desc.port.name points to uninitialised byte(s) on macOS 10.12

Bug 379373 - [PATCH] Syscall param msg->desc.port.name points to uninitialised byte(s) on macOS 10.12

Summary: [PATCH] Syscall param msg->desc.port.name points to uninitialised byte(s) on ...

Status:	RESOLVED FIXED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	general (show other bugs)
Version:	3.13 SVN
Platform:	macOS (DMG) macOS

Importance:	NOR normal
Target Milestone:	---
Assignee:	Rhys Kidd

URL:
Keywords:

Depends on:
Blocks:	365327
	Show dependency tree / graph

Reported:	2017-04-30 01:07 UTC by Rhys Kidd
Modified:	2017-09-10 14:55 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Define the kernelrpc_mach_port_construct_trap mach trap (1.48 KB, patch) 2017-05-12 11:26 UTC, Louis Brunner	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Rhys Kidd 2017-04-30 01:07:16 UTC

As reported on macOS 10.12:

Syscall param msg->desc.port.name points to uninitialised byte(s)
    at 0x1003AC34A: mach_msg_trap (in /usr/lib/system/libsystem_kernel.dylib)
    by 0x1003AB796: mach_msg (in /usr/lib/system/libsystem_kernel.dylib)
    by 0x1003A5485: task_set_special_port (in /usr/lib/system/libsystem_kernel.dylib)
    by 0x10054110E: _os_trace_create_debug_control_port (in /usr/lib/system/libsystem_trace.dylib)
    by 0x100541458: _libtrace_init (in /usr/lib/system/libsystem_trace.dylib)
    by 0x1000AA9DF: libSystem_initializer (in /usr/lib/libSystem.B.dylib)
    by 0x10001AA1A: ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) (in /usr/lib/dyld)
    by 0x10001AC1D: ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) (in /usr/lib/dyld)
    by 0x1000164A9: ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in /usr/lib/dyld)
    by 0x100016440: ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in /usr/lib/dyld)
    by 0x100015523: ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in /usr/lib/dyld)
    by 0x1000155B8: ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) (in /usr/lib/dyld)
  Address 0x10488de8c is on thread 1's stack
  in frame #2, created by task_set_special_port (???:)

Reproducible: Always

Steps to Reproduce:
1. ./vg-in-place -d true

Comment 1 Louis Brunner 2017-05-12 11:26:19 UTC

Created attachment 105470 [details]
Define the kernelrpc_mach_port_construct_trap mach trap

The problem seems to be caused by a call to task_set_special_port with a port constructed with mach_port_construct (handled by kernelrpc_mach_port_construct_trap). The attached patch resolves the issue by implementing the checks in the PRE/POST of this trap.

Comment 2 Rhys Kidd 2017-09-10 14:55:41 UTC

Thanks for the patch Louis.

A version of the patch landed in git as:
128fd6e Fix syscall param msg->desc.port.name on macOS 10.12. bz#379373