[valgrind] [Bug 379039] New: False positive when passing non null terminated char* name (len 16 >= bytes) to prctl(PR_SET_NAME

Fri, 21 Apr 2017 05:56:28 -0700 

https://bugs.kde.org/show_bug.cgi?id=379039

            Bug ID: 379039
           Summary: False positive when passing non null terminated char*
                    name (len 16 >= bytes) to prctl(PR_SET_NAME
           Product: valgrind
           Version: 3.12.0
          Platform: RedHat RPMs
                OS: Linux
            Status: UNCONFIRMED
          Severity: minor
          Priority: NOR
         Component: memcheck
          Assignee: jsew...@acm.org
          Reporter: thatsafunnyname.ra...@mailnull.com
  Target Milestone: ---

Hello and thank you for valgrind,

  This is a minor edge case.

  I noticed that with a non null terminated array of 16 chars passed to prctl
with PR_SET_NAME, valgrind 3.12.0 ( and 3.11.0 , 3.10.0 , 3.8.1 and 3.5.0 )
memcheck ends up calling mc_is_defined_asciiz which checks a zero-terminated
ascii string and reports the memory error "Syscall param prctl(set-name) points
to uninitialised byte(s)".  I don't think the name *has* to be null terminated
if it is 16 bytes (or more).

>From the linux man page:

  "The name can be up to 16 bytes long, 
   including the terminating null byte.
   (If the length of the string, including the terminating null byte,
   exceeds 16 bytes, the string is silently truncated.)"

Reproducer:

# cat valgrind_memcheck_prctl.c
#include <sys/prctl.h>
int main(int argc, char *argv[]){
  char buf[16] = "1234567890123456";
  int ret = prctl(PR_SET_NAME, buf, 0, 0, 0);
  return ret;
}

# gcc -g valgrind_memcheck_prctl.c

# valgrind --track-origins=yes ./a.out
==143257== Memcheck, a memory error detector
==143257== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==143257== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==143257== Command: ./a.out
==143257==
==143257== Syscall param prctl(set-name) points to uninitialised byte(s)
==143257==    at 0x4F2AF8A: prctl (in /usr/lib64/libc-2.17.so)
==143257==    by 0x400580: main (valgrind_memcheck_prctl.c:4)
==143257==  Address 0xfff000260 is on thread 1's stack
==143257==  in frame #1, created by main (valgrind_memcheck_prctl.c:2)
==143257==  Uninitialised value was created by a stack allocation
==143257==    at 0x400530: main (valgrind_memcheck_prctl.c:2)
==143257==
==143257==
==143257== HEAP SUMMARY:
==143257==     in use at exit: 0 bytes in 0 blocks
==143257==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==143257==
==143257== All heap blocks were freed -- no leaks are possible
==143257==
==143257== For counts of detected and suppressed errors, rerun with: -v
==143257== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Above is on a RHEL7 x86_64 host, using the valgrind-3.10.0-16.el7 RPM and
gcc-4.8.5-4.el7.

Cheers,
Peter (Stig) Edwards

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to