/* if the first arg was an fd, find out which one it was. * Call with syscallrecord lock held. */ unsigned int check_if_fd(struct childdata *child, struct syscallrecord *rec) { struct syscallentry *entry; unsigned int fd; entry = get_syscall_entry(rec->nr, rec->do32bit); if ((entry->arg1type != ARG_FD) && (entry->arg1type != ARG_SOCKETINFO)) return FALSE; /* in the SOCKETINFO case, post syscall, a1 is actually the fd, * not the socketinfo. In ARG_FD a1=fd. */ fd = rec->a1; /* if it's out of range, it's not going to be valid. */ if (fd > 1024) return FALSE; if (logging == LOGGING_FILES) { if (child->logfile == NULL) return FALSE; if (fd <= (unsigned int) fileno(child->logfile)) return FALSE; } return TRUE; }
/* if the first arg was an fd, find out which one it was. * Call with syscallrecord lock held. */ unsigned int check_if_fd(struct childdata *child, struct syscallrecord *rec) { struct syscallentry *entry; unsigned int fd; fd = rec->a1; entry = get_syscall_entry(rec->nr, rec->do32bit); if (entry->arg1type != ARG_FD) return FALSE; /* if it's out of range, it's not going to be valid. */ if (fd > 1024) return FALSE; if (child->logfile == NULL) return FALSE; if (fd <= (unsigned int) fileno(child->logfile)) return FALSE; return TRUE; }
/* * Used from output_syscall_prefix, and also from postmortem dumper */ static unsigned int render_syscall_prefix(struct syscallrecord *rec, char *bufferstart) { struct syscallentry *entry; char *sptr = bufferstart; unsigned int i; unsigned int syscallnr; syscallnr = rec->nr; entry = get_syscall_entry(syscallnr, rec->do32bit); sptr += sprintf(sptr, "[child%u:%u] [%lu] %s", this_child->num, this_child->pid, rec->op_nr, rec->do32bit == TRUE ? "[32BIT] " : ""); sptr += sprintf(sptr, "%s%s(", entry->name, ANSI_RESET); for_each_arg(i) { sptr = render_arg(rec, sptr, i, entry); } sptr += sprintf(sptr, "%s) ", ANSI_RESET); return sptr - bufferstart; }