[valgrind] [Bug 484002] New: Add suppression for invalid read in glibc's __wcpncpy_avx2() via wcsxfrm()

Tue, 19 Mar 2024 07:29:03 -0700 

https://bugs.kde.org/show_bug.cgi?id=484002

            Bug ID: 484002
           Summary: Add suppression for invalid read in glibc's
                    __wcpncpy_avx2() via wcsxfrm()
    Classification: Developer tools
           Product: valgrind
           Version: 3.22.0
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: memcheck
          Assignee: jsew...@acm.org
          Reporter: sl...@coaxion.net
  Target Milestone: ---

SUMMARY

The following C testcase reliably gives an invalid read inside glibc. glibc
developers suggest that this is fine and just needs a suppression to be added
to valgrind. See https://sourceware.org/bugzilla/show_bug.cgi?id=31509 for
discussion.

--------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <wchar.h>

int main() {

  const wchar_t in[] = {L'a', L'b', L'c', 0};
  wchar_t out[3+1] = {0, };

  printf("%p %p\n", in, out);
  size_t res = wcsxfrm(out, in, 3);
  printf("%lu\n", res);

  wchar_t *in2 = malloc(sizeof(wchar_t) * 4);
  memcpy(in2, in, sizeof(in));
  printf("%p %p\n", in2, out);
  res = wcsxfrm(out, in2, 3);
  printf("%lu\n", res);
  free(in2);

  wchar_t *in3 = malloc(sizeof(wchar_t) * 4);
  memcpy(in3, in, sizeof(in));
  printf("%p %p\n", in3, out);
  res = wcsxfrm(out, in3, 3);
  printf("%lu\n", res);
  free(in3);
}

--------

==139735== Memcheck, a memory error detector
==139735== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==139735== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==139735== Command: ./test
==139735== 
0x1fff000330 0x1fff000320
3
0x4a5c480 0x1fff000320
3
0x4a5c4d0 0x1fff000320
==139735== Invalid read of size 32
==139735==    at 0x49DAA2E: __wcpncpy_avx2 (strncpy-avx2.S:85)
==139735==    by 0x493C560: wcsxfrm_l (strxfrm_l.c:679)
==139735==    by 0x4012A1: main (in /home/slomo/tmp/test/test)
==139735==  Address 0x4a5c4d0 is 0 bytes inside a block of size 16 alloc'd
==139735==    at 0x484280F: malloc (vg_replace_malloc.c:442)
==139735==    by 0x401258: main (in /home/slomo/tmp/test/test)
==139735== 
3
==139735== 
==139735== HEAP SUMMARY:
==139735==     in use at exit: 0 bytes in 0 blocks
==139735==   total heap usage: 3 allocs, 3 frees, 1,056 bytes allocated
==139735== 
==139735== All heap blocks were freed -- no leaks are possible
==139735== 
==139735== For lists of detected and suppressed errors, rerun with: -s
==139735== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)


SOFTWARE/OS VERSIONS

This is with valgrind 3.22.0 and glibc 2.38 on Fedora 39. x86-64.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to