Bug 755242

Summary: wcscmp() triggers valgrind warnings
Product: [Fedora] Fedora Reporter: Sam Varshavchik <mrsam>
Component: valgrindAssignee: Mark Wielaard <mjw>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 18CC: dodji, jakub, kjell, mjw, paul.0000.black
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 16:02:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sam Varshavchik 2011-11-19 23:27:34 UTC 
Description of problem:

wcscmp() in glibc glibc-2.14 (at least on x86_64) uses MMX, that may read past the end of the input strings it's checking. valgrind doesn't like this.

Version-Release number of selected component (if applicable):

valgrind-3.6.1-6.fc16.x86_64

How reproducible:

Always

Steps to Reproduce:

1.

#include <wchar.h>

void foo(int)
{
}

int main()
{
	wchar_t *a=new wchar_t[2], *b=new wchar_t[2];
	size_t j;

	a[0]=b[0]='A';
	a[1]=b[1]=0;

	foo(wcscmp(a, b));
	delete[] a;
	delete[] b;

	return 0;
}


2. valgrind --tool=memcheck --leak-check=yes <program>
  
Actual results:

==9488== Invalid read of size 8
==9488==    at 0x384069F280: wcscmp (wcscmp.S:423)
==9488==    by 0x400643: main (t.C:15)
==9488==  Address 0x4c2b048 is 0 bytes after a block of size 8 alloc'd
==9488==    at 0x4A06A27: operator new[](unsigned long) (vg_replace_malloc.c:305)
==9488==    by 0x4005EE: main (t.C:9)

Expected results:

No warnings.

Additional info:

Add to /usr/lib64/valgrind/default.supp:

{
   wcscmp-uses-mmx
   Memcheck:Addr8
   fun:wcscmp
}
Comment 1 Paul Black 2011-11-30 11:43:00 UTC 
Seeing the same; doesn't happen with a 32-bit prog on 64-bit F16.
Comment 2 Mark Wielaard 2012-10-04 18:18:12 UTC 
Posted bug and patch upstream:
SSE optimized wcscpy, wcscmp, wcsrchr and wcschr trigger uninitialised value and/or invalid read warnings
https://bugs.kde.org/show_bug.cgi?id=307828
Comment 3 Fedora Update System 2012-10-15 13:26:47 UTC 
valgrind-3.8.1-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/valgrind-3.8.1-3.fc18
Comment 4 Fedora Update System 2012-10-15 17:38:24 UTC 
Package valgrind-3.8.1-3.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing valgrind-3.8.1-3.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16133/valgrind-3.8.1-3.fc18
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2012-10-15 21:59:16 UTC 
valgrind-3.8.1-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/valgrind-3.8.1-3.fc17
Comment 6 Sam Varshavchik 2012-10-16 00:46:26 UTC 
valgrind-3.8.1-3.fc17 fails.

[mrsam@octopus base]$ valgrind --tool=memcheck ./testhttpclientauth 
==28524== Memcheck, a memory error detector
==28524== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==28524== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==28524== Command: ./testhttpclientauth
==28524== 
vex amd64->IR: unhandled instruction bytes: 0xF0 0xF 0xC0 0x10 0x84 0xD2 0xF 0x95
vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F
vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=0
==28524== valgrind: Unrecognised instruction at address 0x56c947.

valgrind-3.7.0-4.fc17.x86_64 works on this binary (except for this bug).
Comment 7 Mark Wielaard 2012-10-16 07:18:39 UTC 
(In reply to comment #6)
> valgrind-3.8.1-3.fc17 fails.
> 
> [mrsam@octopus base]$ valgrind --tool=memcheck ./testhttpclientauth 
> ==28524== Memcheck, a memory error detector
> ==28524== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
> ==28524== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
> ==28524== Command: ./testhttpclientauth
> ==28524== 
> vex amd64->IR: unhandled instruction bytes: 0xF0 0xF 0xC0 0x10 0x84 0xD2 0xF
> 0x95
> vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
> vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F
> vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=0
> ==28524== valgrind: Unrecognised instruction at address 0x56c947.
> 
> valgrind-3.7.0-4.fc17.x86_64 works on this binary (except for this bug).

I'll open a new bug for this, since this is a different, but probably new, issue. Could you share the binary or share the build instructions?
Comment 8 Mark Wielaard 2012-10-16 07:23:42 UTC 
(In reply to comment #7)
> I'll open a new bug for this, since this is a different, but probably new,
> issue.

https://bugzilla.redhat.com/show_bug.cgi?id=866793
Comment 9 Fedora Update System 2012-12-20 16:02:59 UTC 
valgrind-3.8.1-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.