Bug 755242 - wcscmp() triggers valgrind warnings
Summary: wcscmp() triggers valgrind warnings
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: valgrind
Version: 18
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Mark Wielaard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-19 23:27 UTC by Sam Varshavchik
Modified: 2012-12-20 16:02 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-20 16:02:57 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
KDE Software Compilation 307828 None None None 2012-10-04 18:18:12 UTC

Description Sam Varshavchik 2011-11-19 23:27:34 UTC
Description of problem:

wcscmp() in glibc glibc-2.14 (at least on x86_64) uses MMX, that may read past the end of the input strings it's checking. valgrind doesn't like this.

Version-Release number of selected component (if applicable):

valgrind-3.6.1-6.fc16.x86_64

How reproducible:

Always

Steps to Reproduce:

1.

#include <wchar.h>

void foo(int)
{
}

int main()
{
	wchar_t *a=new wchar_t[2], *b=new wchar_t[2];
	size_t j;

	a[0]=b[0]='A';
	a[1]=b[1]=0;

	foo(wcscmp(a, b));
	delete[] a;
	delete[] b;

	return 0;
}


2. valgrind --tool=memcheck --leak-check=yes <program>
  
Actual results:

==9488== Invalid read of size 8
==9488==    at 0x384069F280: wcscmp (wcscmp.S:423)
==9488==    by 0x400643: main (t.C:15)
==9488==  Address 0x4c2b048 is 0 bytes after a block of size 8 alloc'd
==9488==    at 0x4A06A27: operator new[](unsigned long) (vg_replace_malloc.c:305)
==9488==    by 0x4005EE: main (t.C:9)

Expected results:

No warnings.

Additional info:

Add to /usr/lib64/valgrind/default.supp:

{
   wcscmp-uses-mmx
   Memcheck:Addr8
   fun:wcscmp
}

Comment 1 Paul Black 2011-11-30 11:43:00 UTC
Seeing the same; doesn't happen with a 32-bit prog on 64-bit F16.

Comment 2 Mark Wielaard 2012-10-04 18:18:12 UTC
Posted bug and patch upstream:
SSE optimized wcscpy, wcscmp, wcsrchr and wcschr trigger uninitialised value and/or invalid read warnings
https://bugs.kde.org/show_bug.cgi?id=307828

Comment 3 Fedora Update System 2012-10-15 13:26:47 UTC
valgrind-3.8.1-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/valgrind-3.8.1-3.fc18

Comment 4 Fedora Update System 2012-10-15 17:38:24 UTC
Package valgrind-3.8.1-3.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing valgrind-3.8.1-3.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16133/valgrind-3.8.1-3.fc18
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2012-10-15 21:59:16 UTC
valgrind-3.8.1-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/valgrind-3.8.1-3.fc17

Comment 6 Sam Varshavchik 2012-10-16 00:46:26 UTC
valgrind-3.8.1-3.fc17 fails.

[mrsam@octopus base]$ valgrind --tool=memcheck ./testhttpclientauth 
==28524== Memcheck, a memory error detector
==28524== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==28524== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==28524== Command: ./testhttpclientauth
==28524== 
vex amd64->IR: unhandled instruction bytes: 0xF0 0xF 0xC0 0x10 0x84 0xD2 0xF 0x95
vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F
vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=0
==28524== valgrind: Unrecognised instruction at address 0x56c947.

valgrind-3.7.0-4.fc17.x86_64 works on this binary (except for this bug).

Comment 7 Mark Wielaard 2012-10-16 07:18:39 UTC
(In reply to comment #6)
> valgrind-3.8.1-3.fc17 fails.
> 
> [mrsam@octopus base]$ valgrind --tool=memcheck ./testhttpclientauth 
> ==28524== Memcheck, a memory error detector
> ==28524== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
> ==28524== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
> ==28524== Command: ./testhttpclientauth
> ==28524== 
> vex amd64->IR: unhandled instruction bytes: 0xF0 0xF 0xC0 0x10 0x84 0xD2 0xF
> 0x95
> vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
> vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F
> vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=0
> ==28524== valgrind: Unrecognised instruction at address 0x56c947.
> 
> valgrind-3.7.0-4.fc17.x86_64 works on this binary (except for this bug).

I'll open a new bug for this, since this is a different, but probably new, issue. Could you share the binary or share the build instructions?

Comment 8 Mark Wielaard 2012-10-16 07:23:42 UTC
(In reply to comment #7)
> I'll open a new bug for this, since this is a different, but probably new,
> issue.

https://bugzilla.redhat.com/show_bug.cgi?id=866793

Comment 9 Fedora Update System 2012-12-20 16:02:59 UTC
valgrind-3.8.1-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.