Description of problem: I did some unrelated testing with valgrind and it checked all children processes. One of them was python3 and I got some valgrind errors. Version-Release number of selected component (if applicable): sh# rpm -q python3 python3-3.6.4-3.fc27.x86_64 How reproducible: Deterministic Steps to Reproduce: 1. dnf isntall -y valgrind 2. valgrind python3 -c 'print("Hello world")' Actual results: [root@vm-041 ~]# valgrind python3 -c 'print("Hello world")' ==45495== Memcheck, a memory error detector ==45495== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==45495== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==45495== Command: python3 -c print("Hello\ world") ==45495== ==45495== Conditional jump or move depends on uninitialised value(s) ==45495== at 0x5DDE040: __wcsnlen_sse4_1 (in /usr/lib64/libc-2.26.so) ==45495== by 0x5DCBB01: wcsrtombs (in /usr/lib64/libc-2.26.so) ==45495== by 0x5D513E0: wcstombs (in /usr/lib64/libc-2.26.so) ==45495== by 0x4F47F0D: Py_EncodeLocale (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x501087F: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x4EDDE17: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x502ABF2: Py_GetProgramFullPath (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x50581F0: _PySys_Init (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x5061964: _Py_InitializeEx_Private (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x506205B: Py_Main (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x108D44: main (in /usr/bin/python3.6) ==45495== ==45495== Conditional jump or move depends on uninitialised value(s) ==45495== at 0x5DDE0C1: __wcsnlen_sse4_1 (in /usr/lib64/libc-2.26.so) ==45495== by 0x5DCBB01: wcsrtombs (in /usr/lib64/libc-2.26.so) ==45495== by 0x5D513E0: wcstombs (in /usr/lib64/libc-2.26.so) ==45495== by 0x4F47F0D: Py_EncodeLocale (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x501087F: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x4EDDE17: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x502ABF2: Py_GetProgramFullPath (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x50581F0: _PySys_Init (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x5061964: _Py_InitializeEx_Private (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x506205B: Py_Main (in /usr/lib64/libpython3.6m.so.1.0) ==45495== by 0x108D44: main (in /usr/bin/python3.6) ==45495== Hello world ==45495== ==45495== HEAP SUMMARY: ==45495== in use at exit: 884,034 bytes in 7,177 blocks ==45495== total heap usage: 33,413 allocs, 26,236 frees, 4,964,347 bytes allocated ==45495== ==45495== LEAK SUMMARY: ==45495== definitely lost: 0 bytes in 0 blocks ==45495== indirectly lost: 0 bytes in 0 blocks ==45495== possibly lost: 355,838 bytes in 2,308 blocks ==45495== still reachable: 528,196 bytes in 4,869 blocks ==45495== suppressed: 0 bytes in 0 blocks ==45495== Rerun with --leak-check=full to see details of leaked memory ==45495== ==45495== For counts of detected and suppressed errors, rerun with: -v ==45495== Use --track-origins=yes to see where uninitialised values come from ==45495== ERROR SUMMARY: 1364 errors from 2 contexts (suppressed: 0 from 0) Expected results: Zero errors in error summary Additional info: It is reproducible on rawhide with (python3-3.6.4-3.fc28.x86_64 ) as well but I cannot see any error on fedora26 with python3-3.6.4-1.fc26.x86_64 I am not sure what is a difference between f26 and f27. If they are very similar then it might be issue in glibc.
Here is an output from rawhide on real hardware (not VM) sh$ valgrind python3 -c 'print("Hello world")' ==6452== Memcheck, a memory error detector ==6452== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==6452== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==6452== Command: python3 -c print("Hello\ world") ==6452== ==6452== Conditional jump or move depends on uninitialised value(s) ==6452== at 0x5EAFB37: __wcsnlen_avx2 (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5DF6851: wcsrtombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5D8B5D0: wcstombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x4F4701D: wcstombs (stdlib.h:154) ==6452== by 0x4F4701D: Py_EncodeLocale (fileutils.c:492) ==6452== by 0x50168CF: _Py_wstat (getpath.c:124) ==6452== by 0x4EDC307: isxfile (getpath.c:175) ==6452== by 0x4EDC307: calculate_path.cold.1737 (getpath.c:551) ==6452== by 0x502F5F2: Py_GetProgramFullPath (getpath.c:872) ==6452== by 0x5058640: _PySys_Init (sysmodule.c:1956) ==6452== by 0x5061614: _Py_InitializeEx_Private (pylifecycle.c:589) ==6452== by 0x5061D0B: Py_Main (main.c:703) ==6452== by 0x108D64: main (python.c:102) ==6452== ==6452== Conditional jump or move depends on uninitialised value(s) ==6452== at 0x5D7970D: __gconv_transform_internal_utf8 (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5DF6884: wcsrtombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5D8B5D0: wcstombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x4F4701D: wcstombs (stdlib.h:154) ==6452== by 0x4F4701D: Py_EncodeLocale (fileutils.c:492) ==6452== by 0x50168CF: _Py_wstat (getpath.c:124) ==6452== by 0x4EDC307: isxfile (getpath.c:175) ==6452== by 0x4EDC307: calculate_path.cold.1737 (getpath.c:551) ==6452== by 0x502F5F2: Py_GetProgramFullPath (getpath.c:872) ==6452== by 0x5058640: _PySys_Init (sysmodule.c:1956) ==6452== by 0x5061614: _Py_InitializeEx_Private (pylifecycle.c:589) ==6452== by 0x5061D0B: Py_Main (main.c:703) ==6452== by 0x108D64: main (python.c:102) ==6452== ==6452== Conditional jump or move depends on uninitialised value(s) ==6452== at 0x5D79716: __gconv_transform_internal_utf8 (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5DF6884: wcsrtombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5D8B5D0: wcstombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x4F4701D: wcstombs (stdlib.h:154) ==6452== by 0x4F4701D: Py_EncodeLocale (fileutils.c:492) ==6452== by 0x50168CF: _Py_wstat (getpath.c:124) ==6452== by 0x4EDC307: isxfile (getpath.c:175) ==6452== by 0x4EDC307: calculate_path.cold.1737 (getpath.c:551) ==6452== by 0x502F5F2: Py_GetProgramFullPath (getpath.c:872) ==6452== by 0x5058640: _PySys_Init (sysmodule.c:1956) ==6452== by 0x5061614: _Py_InitializeEx_Private (pylifecycle.c:589) ==6452== by 0x5061D0B: Py_Main (main.c:703) ==6452== by 0x108D64: main (python.c:102) ==6452== ==6452== Conditional jump or move depends on uninitialised value(s) ==6452== at 0x5D79751: __gconv_transform_internal_utf8 (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5DF6884: wcsrtombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x5D8B5D0: wcstombs (in /usr/lib64/libc-2.26.9000.so) ==6452== by 0x4F4701D: wcstombs (stdlib.h:154) ==6452== by 0x4F4701D: Py_EncodeLocale (fileutils.c:492) ==6452== by 0x50168CF: _Py_wstat (getpath.c:124) ==6452== by 0x4EDC307: isxfile (getpath.c:175) ==6452== by 0x4EDC307: calculate_path.cold.1737 (getpath.c:551) ==6452== by 0x502F5F2: Py_GetProgramFullPath (getpath.c:872) ==6452== by 0x5058640: _PySys_Init (sysmodule.c:1956) ==6452== by 0x5061614: _Py_InitializeEx_Private (pylifecycle.c:589) ==6452== by 0x5061D0B: Py_Main (main.c:703) ==6452== by 0x108D64: main (python.c:102) ==6452== Hello world ==6452== ==6452== HEAP SUMMARY: ==6452== in use at exit: 884,736 bytes in 7,180 blocks ==6452== total heap usage: 34,772 allocs, 27,592 frees, 5,197,370 bytes allocated ==6452== ==6452== LEAK SUMMARY: ==6452== definitely lost: 0 bytes in 0 blocks ==6452== indirectly lost: 0 bytes in 0 blocks ==6452== possibly lost: 355,518 bytes in 2,302 blocks ==6452== still reachable: 529,218 bytes in 4,878 blocks ==6452== suppressed: 0 bytes in 0 blocks ==6452== Rerun with --leak-check=full to see details of leaked memory ==6452== ==6452== For counts of detected and suppressed errors, rerun with: -v ==6452== Use --track-origins=yes to see where uninitialised values come from ==6452== ERROR SUMMARY: 6690 errors from 4 contexts (suppressed: 0 from 0)
It is reproducible even with python3.7
Created attachment 1486675 [details] Short C program which emits a Valgrind warning I confirm that I'm able to reproduce a warning on Fedora 27, but I am also able to get a warning even with a very short C program which only calls mbstowcs() and wcstombs(). So I'm not sure if the issue comes from Python, maybe it's a false alarm of Valgrind caused by the glibc?
Thanks for the short reproducer. The problem is that wcsrtombs calls wcsnlen with a length argument which is larger than the allocated memory region. This is not valid because wcsnlen treats the input as an array and may read beyond the null terminator.
This message is a reminder that Fedora 27 is nearing its end of life. On 2018-Nov-30 Fedora will stop maintaining and issuing updates for Fedora 27. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '27'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 27 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Florian, I can see that upstream bug is still open https://sourceware.org/bugzilla/show_bug.cgi?id=23711 But I cannot reproduce this bug anymore. Can we close this BZ? or it still need to be fixed in upstream.
(In reply to Lukas Slebodnik from comment #6) > Florian, > > I can see that upstream bug is still open > https://sourceware.org/bugzilla/show_bug.cgi?id=23711 > > But I cannot reproduce this bug anymore. > Can we close this BZ? or it still need to be fixed in upstream. No, the bug is still there. You might not see the valgrind report anymore because a different implementation of wcsnlen is selected at run time.
This bug appears to have been reported against 'rawhide' during the Fedora 30 development cycle. Changing version to '30.
I need to follow-up upstream and figure out whether this is actually a bug.