https://bugs.kde.org/show_bug.cgi?id=483786
Bug ID: 483786
Summary: Incorrect parameter indexing in FreeBSD
clock_nanosleep syscall wrapper
Classification: Developer tools
Product: valgrind
Version: 3.22.0
Platform: Other
OS: FreeBSD
Status: REPORTED
Severity: normal
Priority: NOR
Component: memcheck
Assignee: jsew...@acm.org
Reporter: kel...@ieee.org
Target Milestone: ---
Created attachment 167335
--> https://bugs.kde.org/attachment.cgi?id=167335&action=edit
Patch
In coregrind/m_syswrap/syswrap-freebsd.c, PRE(sys_clock_nanosleep) and
POST(sys_clock_nanosleep) each refer to the struct timespec arguments of the
syscall by the wrong indexes (using ARG1 and ARG2 instead of ARG3 and ARG4,
respectively).
The result is that errors in the third and fourth arguments to
clock_nanosleep() are always missed, and spurious errors concerning those
arguments are generated based on the values supplied to the first two
arguments.
The attached patch resolves the issue, as verified with the attached test
program. The same bug does not appear in the Linux variant of this syscall
wrapper.
The attached test program was built using:
cc -Wall -o valgrind-test valgrind-test.c
The output of an unpatched 3.22.0 valgrind run of the test program is:
$valgrind ./valgrind-test
==95892== Memcheck, a memory error detector
==95892== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==95892== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==95892== Command: ./valgrind-test
==95892==
==95892== Syscall param clock_nanosleep(rqtp) points to unaddressable byte(s)
==95892== at 0x4994F2A: __sys_clock_nanosleep (in /lib/libc.so.7)
==95892== by 0x20197A: valgrind_should_complain (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== by 0x201A2A: main (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==95892==
==95892== Syscall param clock_nanosleep(rqtp) points to unaddressable byte(s)
==95892== at 0x4994F2A: __sys_clock_nanosleep (in /lib/libc.so.7)
==95892== by 0x2019BA: valgrind_should_not_complain (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== by 0x201A2F: main (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==95892==
==95892== Syscall param clock_nanosleep(rqtp) points to unaddressable byte(s)
==95892== at 0x4994F2A: __sys_clock_nanosleep (in /lib/libc.so.7)
==95892== by 0x2019FD: valgrind_should_not_complain2 (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== by 0x201A34: main (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==95892==
==95892== Syscall param clock_nanosleep(rmtp) points to unaddressable byte(s)
==95892== at 0x4994F2A: __sys_clock_nanosleep (in /lib/libc.so.7)
==95892== by 0x2019FD: valgrind_should_not_complain2 (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== by 0x201A34: main (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95892== Address 0x1 is not stack'd, malloc'd or (recently) free'd
==95892==
==95892==
==95892== HEAP SUMMARY:
==95892== in use at exit: 0 bytes in 0 blocks
==95892== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==95892==
==95892== All heap blocks were freed -- no leaks are possible
==95892==
==95892== For lists of detected and suppressed errors, rerun with: -s
==95892== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
The output of the patched 3.22.0 valgrind run of the test program is (with path
differences to the patched binary elided):
$valgrind ./valgrind-test
==95928== Memcheck, a memory error detector
==95928== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==95928== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==95928== Command: ./valgrind-test
==95928==
==95928== Syscall param clock_nanosleep(rqtp) points to uninitialised byte(s)
==95928== at 0x498CF2A: __sys_clock_nanosleep (in /lib/libc.so.7)
==95928== by 0x20197A: valgrind_should_complain (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95928== by 0x201A2A: main (in
/usr/home/pkelsey/valgrind-test/valgrind-test)
==95928== Address 0x1ffc000990 is on thread 1's stack
==95928== in frame #1, created by valgrind_should_complain (???:)
==95928==
==95928==
==95928== HEAP SUMMARY:
==95928== in use at exit: 0 bytes in 0 blocks
==95928== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==95928==
==95928== All heap blocks were freed -- no leaks are possible
==95928==
==95928== Use --track-origins=yes to see where uninitialised values come from
==95928== For lists of detected and suppressed errors, rerun with: -s
==95928== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are watching all bug changes.
