[valgrind] [Bug 434638] New: Invalid read and jump false positive when changing RSP

Fri, 19 Mar 2021 13:32:52 -0700 

https://bugs.kde.org/show_bug.cgi?id=434638

            Bug ID: 434638
           Summary: Invalid read and jump false positive when changing RSP
           Product: valgrind
           Version: 3.15 SVN
          Platform: unspecified
                OS: Unspecified
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: memcheck
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

SUMMARY

valgrind freaks out and spills lots of unrelated errors when RSP is updated
several times to different values that don't point to valid memory. I don't see
this as a problem because I don't do any calls or pushes in this part of my
program and I don't handle signals, but apparently this causes valgrind to go
nuts and err on correct unrelated code much later.


STEPS TO REPRODUCE

Compile this assembly with NASM and run valgrind on it:

[bits 64]
[global main]
main:
        mov rax, var + 1000
        mov [rel var], rax
        mov rsp, 0x123
        mov rsp, [rel var]
        mov rax, [rel var]
        jmp $
[section .bss]
var:
        resb 8


OBSERVED RESULT

$ valgrind -v --tool=memcheck ./test
==72053== Memcheck, a memory error detector
==72053== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==72053== Using Valgrind-3.15.0-608cb11914-20190413 and LibVEX; rerun with -h
for copyright info
==72053== Command: ./test
==72053== 
--72053-- Valgrind options:
--72053--    -v
--72053--    --tool=memcheck
--72053-- Contents of /proc/version:
--72053--   Linux version 5.8.0-45-generic (buildd@lcy01-amd64-024) (gcc
(Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34)
#51~20.04.1-Ubuntu SMP Tue Feb 23 13:46:31 UTC 2021
--72053-- 
--72053-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-rdtscp-sse3-ssse3
--72053-- Page sizes: currently 4096, max supported 4096
--72053-- Valgrind library directory: /usr/lib/x86_64-linux-gnu/valgrind
--72053-- Reading syms from /home/ivanq/Documents/k1801vm1/test
--72053-- Reading syms from /usr/lib/x86_64-linux-gnu/ld-2.31.so
--72053--   Considering /usr/lib/x86_64-linux-gnu/ld-2.31.so ..
--72053--   .. CRC mismatch (computed 6cded93a wanted 1af57820)
--72053--   Considering /lib/x86_64-linux-gnu/ld-2.31.so ..
--72053--   .. CRC mismatch (computed 6cded93a wanted 1af57820)
--72053--   Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.31.so ..
--72053--   .. CRC is valid
--72053-- Reading syms from
/usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux
--72053--    object doesn't have a symbol table
--72053--    object doesn't have a dynamic symbol table
--72053-- Scheduler: using generic scheduler lock implementation.
--72053-- Reading suppressions file:
/usr/lib/x86_64-linux-gnu/valgrind/default.supp
==72053== embedded gdbserver: reading from
/tmp/vgdb-pipe-from-vgdb-to-72053-by-ivanq-on-???
==72053== embedded gdbserver: writing to  
/tmp/vgdb-pipe-to-vgdb-from-72053-by-ivanq-on-???
==72053== embedded gdbserver: shared mem  
/tmp/vgdb-pipe-shared-mem-vgdb-72053-by-ivanq-on-???
==72053== 
==72053== TO CONTROL THIS PROCESS USING vgdb (which you probably
==72053== don't want to do, unless you know exactly what you're doing,
==72053== or are doing some strange experiment):
==72053==   /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=72053
...command...
==72053== 
==72053== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==72053==   /path/to/gdb ./test
==72053== and then give GDB the following command
==72053==   target remote | /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb
--pid=72053
==72053== --pid is optional if only one valgrind process is running
==72053== 
--72053-- REDIR: 0x4022d80 (ld-linux-x86-64.so.2:strlen) redirected to
0x580c9ce2 (???)
--72053-- REDIR: 0x4022b50 (ld-linux-x86-64.so.2:index) redirected to
0x580c9cfc (???)
--72053-- Reading syms from
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so
--72053--    object doesn't have a symbol table
--72053-- Reading syms from
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so
--72053--    object doesn't have a symbol table
==72053== WARNING: new redirection conflicts with existing -- ignoring it
--72053--     old: 0x04022d80 (strlen              ) R-> (0000.0) 0x580c9ce2
???
--72053--     new: 0x04022d80 (strlen              ) R-> (2007.0) 0x0483f060
strlen
--72053-- REDIR: 0x401f560 (ld-linux-x86-64.so.2:strcmp) redirected to
0x483ffd0 (strcmp)
--72053-- REDIR: 0x40232e0 (ld-linux-x86-64.so.2:mempcpy) redirected to
0x4843a20 (mempcpy)
--72053-- Reading syms from /usr/lib/x86_64-linux-gnu/libc-2.31.so
--72053--   Considering /usr/lib/x86_64-linux-gnu/libc-2.31.so ..
--72053--   .. CRC mismatch (computed cd1655d1 wanted 09373696)
--72053--   Considering /lib/x86_64-linux-gnu/libc-2.31.so ..
--72053--   .. CRC mismatch (computed cd1655d1 wanted 09373696)
--72053--   Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.31.so ..
--72053--   .. CRC is valid
--72053-- REDIR: 0x490a600 (libc.so.6:memmove) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909900 (libc.so.6:strncpy) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a930 (libc.so.6:strcasecmp) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909220 (libc.so.6:strcat) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909960 (libc.so.6:rindex) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490bdd0 (libc.so.6:rawmemchr) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4926e60 (libc.so.6:wmemchr) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49269a0 (libc.so.6:wcscmp) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a760 (libc.so.6:mempcpy) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a590 (libc.so.6:bcmp) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909890 (libc.so.6:strncmp) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49092d0 (libc.so.6:strcmp) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a6c0 (libc.so.6:memset) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4926960 (libc.so.6:wcschr) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49097f0 (libc.so.6:strnlen) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49093b0 (libc.so.6:strcspn) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a980 (libc.so.6:strncasecmp) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909350 (libc.so.6:strcpy) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490aad0 (libc.so.6:memcpy@@GLIBC_2.14) redirected to
0x48311d0 (_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49280d0 (libc.so.6:wcsnlen) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49269e0 (libc.so.6:wcscpy) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49099a0 (libc.so.6:strpbrk) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909280 (libc.so.6:index) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x49097b0 (libc.so.6:strlen) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4912d20 (libc.so.6:memrchr) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a9d0 (libc.so.6:strcasecmp_l) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a550 (libc.so.6:memchr) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4926ab0 (libc.so.6:wcslen) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x4909c60 (libc.so.6:strspn) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a8d0 (libc.so.6:stpncpy) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490a870 (libc.so.6:stpcpy) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490be10 (libc.so.6:strchrnul) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x490aa20 (libc.so.6:strncasecmp_l) redirected to 0x48311d0
(_vgnU_ifunc_wrapper)
--72053-- REDIR: 0x491ba30 (libc.so.6:__strrchr_sse2) redirected to 0x483ea70
(__strrchr_sse2)
==72053== Warning: client switching stacks?  SP change: 0x1ffefffcd8 --> 0x123
==72053==          to suppress, use: --max-stackframe=137422175157 or greater
==72053== Invalid read of size 8
==72053==    at 0x10914D: ??? (in /home/ivanq/Documents/k1801vm1/test)
==72053==  Address 0x10c014 is in the BSS segment of
/home/ivanq/Documents/k1801vm1/test
==72053== 
==72053== Jump to the invalid address stated on the next line
==72053==    at 0x109154: ??? (in /home/ivanq/Documents/k1801vm1/test)
==72053==  Address 0x109154 is in the Text segment of
/home/ivanq/Documents/k1801vm1/test
==72053==    at 0x109154: ??? (in /home/ivanq/Documents/k1801vm1/test)
==72053== 
[hangs on jmp $ here]


EXPECTED RESULT

No 'Invalid read of size 8', no 'Jump to the invalid address stated on the next
line', etc.


ADDITIONAL INFORMATION

$ uname -a
Linux Ivanqs-Macbook 5.8.0-45-generic #51~20.04.1-Ubuntu SMP Tue Feb 23
13:46:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to