From: Dmitry V. Levin <ldv@altlinux.org>
Date: Mon, 26 Dec 2016 01:21:04 +0000 (+0000)
Subject: vm_read_mem: detect address truncation
X-Git-Tag: v4.16~161
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=11aa97bfba59f709a34b5477ce2cc67cd81ee788;p=strace

vm_read_mem: detect address truncation

When sizeof(kernel_ureg_t) > sizeof(long), the tracee address passed
to vm_read_mem could be silently truncated.  Detect this situation
and return EIO when the tracee address does not fit into unsigned long.

* util.c (vm_read_mem): Save raddr argument into a temporary variable
truncated_raddr of type unsigned long.  Set errno to EIO and return -1
when truncated_raddr does not equal to raddr.
---

diff --git a/util.c b/util.c
index ed95d0f2..b977924c 100644
--- a/util.c
+++ b/util.c
@@ -1082,12 +1082,19 @@ static ssize_t
 vm_read_mem(const pid_t pid, void *const laddr,
 	    const kernel_ureg_t raddr, const size_t len)
 {
+	const unsigned long truncated_raddr = raddr;
+
+	if (raddr != (kernel_ureg_t) truncated_raddr) {
+		errno = EIO;
+		return -1;
+	}
+
 	const struct iovec local = {
 		.iov_base = laddr,
 		.iov_len = len
 	};
 	const struct iovec remote = {
-		.iov_base = (void *) raddr,
+		.iov_base = (void *) truncated_raddr,
 		.iov_len = len
 	};