Under valgrind 2.4.0 as distributed by Fedora Core 4,
there is an off-by-one bug for sysctl(CTL_KERN, KERN_VERSION,).
The kernel sets 1+strlen(version_string) bytes, but memcheck
thinks that the terminating '\0' is not set.
sysctl_string() in linux-2.6.11/kernel/sysctl.c:
if(copy_to_user(oldval, table->data, len))
return -EFAULT;
if(put_user(0, ((char __user *) oldval) + len))
return -EFAULT;
$ valgrind --tool=memcheck /bin/date
==29034== Memcheck, a memory error detector for x86-linux.
==29034== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==29034== Using valgrind-2.4.0, a program supervision framework for x86-linux.
==29034== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==29034== For more details, rerun with: -v
==29034==
==29034== Conditional jump or move depends on uninitialised value(s)
==29034== at 0x55DEF7: strstr (in /lib/libc-2.3.5.so)
==29034== by 0x8A56E7: __pthread_initialize_minimal (in /lib/libpthread-2.3.5.so)
==29034== by 0x8A5297: (within /lib/libpthread-2.3.5.so)
==29034== by 0x8A4E7F: (within /lib/libpthread-2.3.5.so)
==29034== by 0x1B8F1A7A: call_init (dl-init.c:70)
==29034== by 0x1B8F1B9C: _dl_init (dl-init.c:100)
==29034== by 0x1B8E487E: (within /lib/ld-2.3.5-2.so)
--
|
|
From: Julian S. <js...@ac...> - 2005-06-24 08:49:42
|
On Friday 24 June 2005 05:31, John Reiser wrote:
> Under valgrind 2.4.0 as distributed by Fedora Core 4,
> there is an off-by-one bug for sysctl(CTL_KERN, KERN_VERSION,).
> The kernel sets 1+strlen(version_string) bytes, but memcheck
> thinks that the terminating '\0' is not set.
I think I fixed this a while back in the 3 line, but am not
confident I did the right fix. The post-wrapper now looks
like this:
POST(sys_sysctl)
{
struct __vki_sysctl_args *args;
args = (struct __vki_sysctl_args *)ARG1;
if (args->oldlenp != NULL) {
POST_MEM_WRITE((Addr)args->oldlenp, sizeof(*args->oldlenp));
POST_MEM_WRITE((Addr)args->oldval, 1 + *args->oldlenp);
}
}
where the fix was to the "1 +" in front of *args->oldlenp.
If you apply the same to your 2.4.0 tree, does it fix the problem?
It would be useful to know.
J
|
|
From: John R.
|
Julian Seward wrote:
> On Friday 24 June 2005 05:31, John Reiser wrote:
>
>>Under valgrind 2.4.0 as distributed by Fedora Core 4,
>>there is an off-by-one bug for sysctl(CTL_KERN, KERN_VERSION,).
>>The kernel sets 1+strlen(version_string) bytes, but memcheck
>>thinks that the terminating '\0' is not set.
>
>
> I think I fixed this a while back in the 3 line, but am not
> confident I did the right fix. The post-wrapper now looks
> like this:
>
> POST(sys_sysctl)
> {
> struct __vki_sysctl_args *args;
> args = (struct __vki_sysctl_args *)ARG1;
> if (args->oldlenp != NULL) {
> POST_MEM_WRITE((Addr)args->oldlenp, sizeof(*args->oldlenp));
> POST_MEM_WRITE((Addr)args->oldval, 1 + *args->oldlenp);
> }
> }
>
> where the fix was to the "1 +" in front of *args->oldlenp.
>
> If you apply the same to your 2.4.0 tree, does it fix the problem?
> It would be useful to know.
Yes, making that change to Fedora Core 4 package valgrind-2.4.0-3
fixes the bogus complaint from memcheck on /bin/date.
--
John Reiser, jreiser@BitWagon.com
|