https://bugs.kde.org/show_bug.cgi?id=399087
Bug ID: 399087 Summary: memcheck escape from user code into memcheck itself via computed goto Product: valgrind Version: 3.13.0 Platform: Fedora RPMs OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: memcheck Assignee: jsew...@acm.org Reporter: jrei...@bitwagon.com Target Milestone: --- SUMMARY On armv7hl (32-bit ARM) memcheck did not notice that "add r15, r6, r10" is a computed goto: r15 is the pc, and writing to the pc causes a jump. The result was memcheck began to emulate itself, leading to bizarre results. STEPS TO REPRODUCE 1. valgrind --smc-check=all ./foo 2. valgrind --trace-flags=10000001 --trace-notbelow=108 ./foo 3. OBSERVED RESULT ==== SB 107 (evchecks 18103) [tid 1] 0x21ec8 UNKNOWN_FUNCTION UNKNOWN_OBJECT+0x0 ==== SB 108 (evchecks 18104) [tid 1] 0x21f0c UNKNOWN_FUNCTION UNKNOWN_OBJECT+0x0 ==== SB 109 (evchecks 18105) [tid 1] 0x4811f74 UNKNOWN_FUNCTION UNKNOWN_OBJECT+0x0 Notice the address jump from 0x21f0c, which is in the program being analyzed, to 0x4811f74. which is in memcheck-arm-linux EXPECTED RESULT "add r15, r6, r10" is recognized as a computed goto. Emulated control should remain inside the user program, or else be diagnosed as a "wild jump" error. ADDITIONAL INFORMATION The program is a programmer-built version of /bin/date which then was compressed by upx. The program is self contained (uses no shared libraries; the static library uClibc.a was used) and the upx-compressed version also is self-contained. It executes correctly (produces the current date on stdout) when run by the shell. Under memcheck, all the executed instructions (so far) are static and unmodified. The computed jump is the transfer to dynamically-written instructions. The --smc-check=all should have caught it. Even without --smc-check=all, memcheck should defend against user code jumping into memcheck. The error occurs quite soon, in block 108. The upx-compressed output (75KB) and console transcripts will be attached if the bugreporting system allows. -- You are receiving this mail because: You are watching all bug changes.