Bug 455644

Summary: Under valgrind, iostream causes error and outputs nulls
Product: [Fedora] Fedora Reporter: Matt McCutchen <matt>
Component: valgrindAssignee: Jakub Jelinek <jakub>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: craig, dvlasenk, jakub, ronald.wahl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-18 06:15:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Test program
none
x86_32 test binary which works for me
none
x86_64 test binary which works for me none

Description Matt McCutchen 2008-07-16 18:52:57 UTC
Description of problem:
When I run a trivial C++ program that outputs a number using iostreams under
Valgrind, an "invalid free" error is detected and the program outputs null bytes
in place of the digits of the number.  The program works fine without Valgrind.

Version-Release number of selected component (if applicable):
valgrind-3.3.0-3.i386
gcc-c++-4.3.0-8.i386
glibc-2.8-3.i686

How reproducible:
Every time

Steps to Reproduce:
1. Download the attached testprog.cc .
2. make testprog
3. valgrind ./testprog | od -t x1c

Actual results:
==11971== Memcheck, a memory error detector.
==11971== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==11971== Using LibVEX rev 1804, a library for dynamic binary translation.
==11971== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==11971== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==11971== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==11971== For more details, rerun with: -v
==11971== 
==11971== Invalid free() / delete / delete[]
==11971==    at 0x40052EA: operator delete(void*, std::nothrow_t const&)
(vg_replace_malloc.c:354)
==11971==    by 0x213118: std::__verify_grouping(char const*, unsigned,
std::string const&) (locale_facets.cc:108)
==11971==    by 0x21404C: std::locale::_Impl::_Impl(char const*, unsigned)
(localename.cc:218)
==11971==    by 0x2140CC: std::locale::_Impl::_Impl(char const*, unsigned)
(localename.cc:206)
==11971==    by 0x2151F7: std::locale::locale() (basic_string.h:2189)
==11971==    by 0x2101CC: std::locale::_Impl::_Impl(std::locale::_Impl const&,
unsigned) (locale.cc:249)
==11971==    by 0x8048664: __static_initialization_and_destruction_0(int, int)
(in /home/matt/test/valgrind/testprog)
==11971==    by 0x804869D: _GLOBAL__I_main (in /home/matt/test/valgrind/testprog)
==11971==    by 0x804877C: (within /home/matt/test/valgrind/testprog)
==11971==    by 0x80484E3: (within /home/matt/test/valgrind/testprog)
==11971==    by 0x8048718: __libc_csu_init (in /home/matt/test/valgrind/testprog)
==11971==    by 0x8A8570: (below main) (libc-start.c:179)
==11971==  Address 0x2ac188 is not stack'd, malloc'd or (recently) free'd
==11971== 
==11971== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 15 from 1)
==11971== malloc/free: in use at exit: 0 bytes in 0 blocks.
==11971== malloc/free: 0 allocs, 1 frees, 0 bytes allocated.
==11971== For counts of detected errors, rerun with: -v
==11971== All heap blocks were freed -- no leaks are possible.
0000000 00 00 00 00 00 00 00 0a
         \0  \0  \0  \0  \0  \0  \0  \n
0000010

Expected results:
No Valgrind error, and output of -314159.

Additional info:

Comment 1 Matt McCutchen 2008-07-16 18:52:57 UTC
Created attachment 311981 [details]
Test program

Comment 2 Denys Vlasenko 2008-08-19 10:57:13 UTC
Failed to reproduce on Fedora 9 x86_64:


# make testprog
g++     testprog.cc   -o testprog

# ./testprog
-314159

# valgrind ./testprog
==19802== Memcheck, a memory error detector.
==19802== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==19802== Using LibVEX rev 1804, a library for dynamic binary translation.
==19802== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==19802== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==19802== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==19802== For more details, rerun with: -v
==19802==
-314159
==19802==
==19802== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 1)
==19802== malloc/free: in use at exit: 0 bytes in 0 blocks.
==19802== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==19802== For counts of detected errors, rerun with: -v
==19802== All heap blocks were freed -- no leaks are possible.

# g++ --version
g++ (GCC) 4.3.0 20080428 (Red Hat 4.3.0-8)
Copyright (C) 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

# valgrind --version
valgrind-3.3.0

Just retested in on 32-bit x86 and it also works.

I will attach my test binaries, can you test whether they fail for you?

Comment 3 Denys Vlasenko 2008-08-19 10:58:17 UTC
Created attachment 314529 [details]
x86_32 test binary which works for me

Comment 4 Denys Vlasenko 2008-08-19 10:59:01 UTC
Created attachment 314530 [details]
x86_64 test binary which works for me

Comment 5 Matt McCutchen 2008-08-19 14:45:48 UTC
Your x86_32 binary is byte-for-byte identical to mine, so needless to say, it fails in the same way.  I also compiled the test program on another x86_32 machine with "g++ (GCC) 4.1.2 (Ubuntu 4.1.2-0ubuntu4)", and that binary also failed on my machine, so the problem doesn't seem to be with g++.  I tried valgrind-3.3.0-2, valgrind-3.3.0-1, and valgrind-3.2.3-8 from Koji with the original binary and the same problem occurred.

However, when I set up a chrooted environment with glibc-2.7-2, the problem did not occur.  It appears to have been introduced by a change between glibc 2.7 and 2.8.

Comment 6 Matt McCutchen 2008-08-19 15:51:35 UTC
The problem still occurs with glibc-2.8.90-11.i686 from Koji.

Comment 7 Matt McCutchen 2008-09-09 03:16:16 UTC
I'm moving this bug to the glibc component because it seems to have been caused by a change in glibc.

Comment 8 Matt McCutchen 2008-12-03 15:50:33 UTC
The problem still occurs with glibc-2.9-2.i686 in Fedora 10.

Comment 9 Matt McCutchen 2009-01-09 04:32:43 UTC
Hm.  I ran "prelink -ua" to unprelink everything and the problem went away.  
That explains why my glibc 2.7 chroot worked: it was never prelinked.  There's no longer evidence that this bug is related to glibc, so I'm moving it back to valgrind.

I don't have a strong desire to have the binaries on my computer prelinked, so I'm satisfied at this point, but there may still be a bug here and I would be happy to help investigate it if anyone wishes.

Comment 10 Ronald Wahl 2009-03-24 17:47:39 UTC
This is most probably a valgrind problem. See:

http://bugs.kde.org/show_bug.cgi?id=185816

The bug occurs if libstdc++ is prelinked and its debuginfo is installed (gcc-debuginfo).

I hope the patch from upstream can be applied to valgrind in F10. Thx.

Comment 11 Bug Zapper 2009-11-18 10:14:22 UTC
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 12 Matt McCutchen 2009-11-18 16:39:06 UTC
As per comment #9, I'm no longer pursing this myself.  If anyone else cares to reproduce it on newer Fedora, please comment and I will bump the version.

Comment 13 Bug Zapper 2009-12-18 06:15:05 UTC
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.