83573 – Valgrind SIGSEGV on execve

Bug 83573 - Valgrind SIGSEGV on execve

Summary: Valgrind SIGSEGV on execve

Status:	RESOLVED FIXED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	memcheck (show other bugs)
Version:	2.1 CVS
Platform:	Compiled Sources Linux

Importance:	NOR minor
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-06-18 05:21 UTC by Joshua Roys
Modified:	2004-06-19 15:02 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Joshua Roys 2004-06-18 05:21:21 UTC

Overview:

I use Valgrind to check leaks in a text game I work on, and I just added in
"copyover", using execve() to reboot the game without disconnecting anyone. 
After making sure it worked with GDB, I was going to check for leaks.

Steps to reproduce:

I don't think Valgrind liked the NULL for the third parameter of execve().
------
CMD(do_copyover)
{
	char *argv[] = { mudname, NULL };

	mudlog("Copyover started by %s...", LVL_OWNER, GET_NAME(info));
	sendToAll("Warning:  Attempting copyover.  You will not be disconnected.\r\n");

	if (prep_execve())
	{
		execve(mudname, argv, NULL);
		mudlog("Copyover failed:  execve(%s, argv, NULL) with error code [%d]",
LVL_OWNER, mudname, errno);
	}

	sendToAll("Copyover failed.\r\n");

	return;
}
------

Actual Results:

==8469== Memcheck, a memory error detector for x86-linux.
==8469== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward.
==8469== Using valgrind-2.1.2.CVS, a program supervision framework for x86-linux.
==8469== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
==8469== Valgrind library directory: /usr/local/lib/valgrind
==8469== Command line
==8469==    ./test
==8469== Startup, with flags:
==8469==    -v
==8469==    --tool=memcheck
==8469==    --show-reachable=yes
==8469==    --leak-check=yes
==8469==    --num-callers=10
==8469== Contents of /proc/version:
==8469==   Linux version 2.6.6-1.435 (bhcompile@tweety.build.redhat.com) (gcc
version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 Mon Jun 14 09:09:07 EDT 2004

--- snip ---

Serai: '/m'
Serai: 'copy'
Copyover started by Serai...
==8469== Syscall param execve(envp) contains uninitialised or unaddressable byte(s)
==8469==    at 0xACF7CF: execve (in /lib/tls/libc-2.3.3.so)
==8469==    by 0x8053698: do_copyover(charInfo*, char*, int, int)
(cmd.other.cpp:135)
==8469==    by 0x804E483: commandParser(charInfo*, char*) (interpreter.cpp:156)
==8469==    by 0x804A8D6: mainLoop(int) (test.cpp:651)
==8469==    by 0x8049744: main (test.cpp:209)
==8469==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
--8469-- INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--8469-- si_code=1 Fault EIP: 0xB803AE48; Faulting address: 0x0

valgrind: the `impossible' happened:
   Killed by fatal signal
Basic block ctr is approximately 250000
==8469==    at 0xB802B445: vgPlain_core_panic (vg_mylibc.c:1240)
==8469==    by 0xB802B444: panic (vg_mylibc.c:1236)
==8469==    by 0xB802B459: vgPlain_core_panic (vg_mylibc.c:1241)
==8469==    by 0xB80318F9: vg_sync_signalhandler (vg_signals.c:2225)
==8469==    by 0xB80436A1: (within /usr/local/lib/valgrind/stage2)

sched status:

Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0
==8469==    at 0x4FFFF042: ???
==8469==    by 0x8053698: do_copyover(charInfo*, char*, int, int)
(cmd.other.cpp:135)
==8469==    by 0x804E483: commandParser(charInfo*, char*) (interpreter.cpp:156)
==8469==    by 0x804A8D6: mainLoop(int) (test.cpp:651)
==8469==    by 0x8049744: main (test.cpp:209)

Expected Results:

No SIGSEGV.

Build Date / Platform:

I run Fedora Core 2.
2.6.6-1.435 Mon Jun 14 09:09:07 EDT 2004 i686 i686 i386 GNU/Linux

Thanks!
Valgrind rules!

Joshua

Comment 1 Tom Hughes 2004-06-19 15:02:43 UTC

CVS commit by thughes: 

Don't try and validate the contents of the environment passed to
the execve system call if the envp pointer is null as it causes
valgrind to die with a segmentation fault.

CCMAIL: 83573-done@bugs.kde.org


  A            none/tests/execve.c   1.1 [no copyright]
  A            none/tests/execve.stderr.exp   1.1
  A            none/tests/execve.stdout.exp   1.1
  A            none/tests/execve.vgtest   1.1
  M +2 -1      coregrind/vg_syscalls.c   1.101
  M +4 -2      none/tests/Makefile.am   1.38


--- valgrind/coregrind/vg_syscalls.c  #1.100:1.101
@@ -1839,4 +1839,5 @@ PRE(execve)
    SYSCALL_TRACK( pre_mem_read_asciiz, tid, "execve(filename)", arg1 );
    pre_argv_envp( arg2, tid, "execve(argv)", "execve(argv[i])" );
+   if (arg3 != (UInt)NULL)
    pre_argv_envp( arg3, tid, "execve(envp)", "execve(envp[i])" );
 

--- valgrind/none/tests/Makefile.am  #1.37:1.38
@@ -28,4 +28,5 @@
         discard.vgtest \
         exec-sigmask.vgtest exec-sigmask.stdout.exp exec-sigmask.stderr.exp \
+        execve.vgtext execve.stdout.exp execve.stderr.exp \
         floored.stderr.exp floored.stdout.exp \
         floored.vgtest \
@@ -67,6 +68,6 @@
 check_PROGRAMS = \
         args badseg bitfield1 bt_everything bt_literal closeall coolo_strlen \
-        cpuid dastest discard exec-sigmask floored fork fpu_lazy_eflags \
-        fucomip $(INSN_TESTS) \
+        cpuid dastest discard exec-sigmask execve floored fork \
+        fpu_lazy_eflags fucomip $(INSN_TESTS) \
         int munmap_exe map_unmap mremap rcl_assert \
         rcrl readline1 resolv seg_override sem semlimit sha1_test \
@@ -90,4 +91,5 @@
 discard_SOURCES         = discard.c
 exec_sigmask_SOURCES    = exec-sigmask.c
+execve                  = execve.c
 fork_SOURCES            = fork.c
 floored_SOURCES         = floored.c