First Last Prev Next    This bug is not in your last search results.
Bug 618360 - valgrind-3.5.0-17.fc13.x86_64 failed to properly handle red-zone
valgrind-3.5.0-17.fc13.x86_64 failed to properly handle red-zone
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: valgrind (Show other bugs)
13
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-26 14:40 EDT by H.J. Lu
Modified: 2010-07-27 14:53 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-27 13:35:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
A testcase for Linux/x86-64 (2.07 KB, text/plain)
2010-07-26 14:40 EDT, H.J. Lu 		no flags Details
A smaller testcase (3.19 KB, application/octet-stream)
2010-07-27 14:53 EDT, H.J. Lu 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
KDE Software Compilation 245925 None None None Never

  None (edit)
Description H.J. Lu 2010-07-26 14:40:01 EDT 
Created attachment 434491 [details]
A testcase for Linux/x86-64

On x86-64, there is a 128byte red zone. But valgrind-3.5.0-17.fc13.x86_64
failed to handle it properly:

[hjl@gnu-6 valgrind-1]$ make
gcc -O2    foo.c   -o foo
./foo || true
valgrind --tool=memcheck ./foo
==23552== Memcheck, a memory error detector
==23552== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==23552== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==23552== Command: ./foo
==23552== 
==23552== Invalid read of size 8
==23552==    at 0x400548: check_absence_pattern_sets (in /export/home/hjl/bugs/gcc/valgrind-1/foo)
==23552==    by 0x400676: main (in /export/home/hjl/bugs/gcc/valgrind-1/foo)
==23552==  Address 0x1c is not stack'd, malloc'd or (recently) free'd
==23552== 
==23552== 
==23552== Process terminating with default action of signal 11 (SIGSEGV)
==23552==  Access not within mapped region at address 0x1C
==23552==    at 0x400548: check_absence_pattern_sets (in /export/home/hjl/bugs/gcc/valgrind-1/foo)
==23552==    by 0x400676: main (in /export/home/hjl/bugs/gcc/valgrind-1/foo)
==23552==  If you believe this happened as a result of a stack
==23552==  overflow in your program's main thread (unlikely but
==23552==  possible), you can try to increase the size of the
==23552==  main thread stack using the --main-stacksize= flag.
==23552==  The main thread stack size used in this run was 8388608.
==23552== 
==23552== HEAP SUMMARY:
==23552==     in use at exit: 96 bytes in 2 blocks
==23552==   total heap usage: 2 allocs, 0 frees, 96 bytes allocated
==23552== 
==23552== LEAK SUMMARY:
==23552==    definitely lost: 0 bytes in 0 blocks
==23552==    indirectly lost: 0 bytes in 0 blocks
==23552==      possibly lost: 0 bytes in 0 blocks
==23552==    still reachable: 96 bytes in 2 blocks
==23552==         suppressed: 0 bytes in 0 blocks
==23552== Rerun with --leak-check=full to see details of leaked memory
==23552== 
==23552== For counts of detected and suppressed errors, rerun with: -v
==23552== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from 6)
make: *** [all] Segmentation fault
[hjl@gnu-6 valgrind-1]$
Comment 1 H.J. Lu 2010-07-27 13:00:00 EDT 
Valgrind will touch (%RSP - 8). If (%RSP - 8) is used for spill,
we will get the wrong value when it is restored.
Comment 2 Jakub Jelinek 2010-07-27 13:35:52 EDT 
Please continue in the upstream bug.
Comment 3 H.J. Lu 2010-07-27 14:53:53 EDT 
Created attachment 434800 [details]
A smaller testcase

Here is a smaller testcase which doesn't require libc. I also
fixed a bug in the original testcase.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.