vm_read_mem: detect address truncation

When sizeof(kernel_ureg_t) > sizeof(long), the tracee address passed to vm_read_mem could be silently truncated. Detect this situation and return EIO when the tracee address does not fit into unsigned long. * util.c (vm_read_mem): Save raddr argument into a temporary variable truncated_raddr of type unsigned long. Set errno to EIO and return -1 when truncated_raddr does not equal to raddr.
2016-12-26 01:21:04 +00:00 · 2016-12-26 01:21:04 +00:00 · 11aa97bfba
commit 11aa97bfba
parent 9cd050573c
1 changed files with 8 additions and 1 deletions
--- a/util.c
+++ b/util.c
@ -1082,12 +1082,19 @@ static ssize_t
 vm_read_mem(const pid_t pid, void *const laddr,
 	    const kernel_ureg_t raddr, const size_t len)
 {
+	const unsigned long truncated_raddr = raddr;
+
+	if (raddr != (kernel_ureg_t) truncated_raddr) {
+		errno = EIO;
+		return -1;
+	}
+
 	const struct iovec local = {
 		.iov_base = laddr,
 		.iov_len = len
 	};
 	const struct iovec remote = {
-		.iov_base = (void *) raddr,
+		.iov_base = (void *) truncated_raddr,
 		.iov_len = len
 	};