Processed: Re: Bug#1028504: libc6: valgrind reports "Invalid read of size 8" deep in decompose_rpath in dl-load.c
Processing control commands: > reassign -1 valgrind Bug #1028504 [libc6] libc6: valgrind reports "Invalid read of size 8" deep in decompose_rpath in dl-load.c Bug reassigned from package 'libc6' to 'valgrind'. No longer marked as found in versions glibc/2.36-8. Ignoring request to alter fixed versions of bug #1028504 to the same values previously set > affects -1 libc6 Bug #1028504 [valgrind] libc6: valgrind reports "Invalid read of size 8" deep in decompose_rpath in dl-load.c Added indication that 1028504 affects libc6 -- 1028504: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028504 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1028504: libc6: valgrind reports "Invalid read of size 8" deep in decompose_rpath in dl-load.c
control: reassign -1 valgrind control: affects -1 libc6 Hi, On 2023-01-12 10:15, Mike Hommey wrote: > Package: libc6 > Version: 2.36-8 > Severity: important > > STR: > - apt install firefox valgrind > - valgrind --show-mismatched-frees=no firefox > > valgrind will quickly show errors like: > ==6383== Invalid read of size 8 > ==6383==at 0x4023A34: strncmp (strcmp-sse2.S:162) Looking at the source code the code in the glibc is correct. It reads the data in chunk of 16-bytes, which indeed can go slightly over the allocated memory, but extra care is taken to not cross a cache line. The solution there is to add a suppression file to valgrind to ignore that. I am therefore reassigning the bug to the valgrind package. Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#1028504: libc6: valgrind reports "Invalid read of size 8" deep in decompose_rpath in dl-load.c
Package: libc6 Version: 2.36-8 Severity: important STR: - apt install firefox valgrind - valgrind --show-mismatched-frees=no firefox valgrind will quickly show errors like: ==6383== Invalid read of size 8 ==6383==at 0x4023A34: strncmp (strcmp-sse2.S:162) ==6383==by 0x4004C8E: is_dst (dl-load.c:216) ==6383==by 0x4005A5E: _dl_dst_count (dl-load.c:253) ==6383==by 0x4005C37: expand_dynamic_string_token (dl-load.c:395) ==6383==by 0x4005DA2: fillin_rpath.isra.0 (dl-load.c:483) ==6383==by 0x4006092: decompose_rpath (dl-load.c:654) ==6383==by 0x400824B: _dl_map_object (dl-load.c:2111) ==6383==by 0x4002280: openaux (dl-deps.c:64) ==6383==by 0x4BE0E99: _dl_catch_exception (dl-error-skeleton.c:208) ==6383==by 0x40025E9: _dl_map_object_deps (dl-deps.c:232) ==6383==by 0x400BB5C: dl_open_worker_begin (dl-open.c:592) ==6383==by 0x4BE0E99: _dl_catch_exception (dl-error-skeleton.c:208) ==6383== Address 0x4ebec59 is 9 bytes inside a block of size 15 alloc'd ==6383==at 0x48407B4: malloc (vg_replace_malloc.c:381) ==6383==by 0x402381A: malloc (rtld-malloc.h:56) ==6383==by 0x402381A: strdup (strdup.c:42) ==6383==by 0x4006024: decompose_rpath (dl-load.c:629) ==6383==by 0x400824B: _dl_map_object (dl-load.c:2111) ==6383==by 0x4002280: openaux (dl-deps.c:64) ==6383==by 0x4BE0E99: _dl_catch_exception (dl-error-skeleton.c:208) ==6383==by 0x40025E9: _dl_map_object_deps (dl-deps.c:232) ==6383==by 0x400BB5C: dl_open_worker_begin (dl-open.c:592) ==6383==by 0x4BE0E99: _dl_catch_exception (dl-error-skeleton.c:208) ==6383==by 0x400B2B5: dl_open_worker (dl-open.c:782) ==6383==by 0x4BE0E99: _dl_catch_exception (dl-error-skeleton.c:208) ==6383==by 0x400B6A7: _dl_open (dl-open.c:884) Mike