Bug 253383

Summary: [PATCH] several LTP testcases trigger VALGRIND INTERNAL ERROR
Product: [Developer tools] valgrind Reporter: Christian Borntraeger <borntraeger>
Component: generalAssignee: Julian Seward <jseward>
Status: REPORTED ---    
Severity: normal CC: mark
Priority: NOR    
Version First Reported In: 3.6 SVN   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: fix for several valgrind internal errros
Fix memcheck with some ltp testcases

Description Christian Borntraeger 2010-10-06 13:26:02 UTC 
Created attachment 52269 [details]
fix for several valgrind internal errros

Version:           3.6 SVN
OS:                Linux

several LTP testcases (bind01,connect01,io_submit01,recvmsg01,rt_sigaction02,rt_sigprocmask02,sendto01,setrlimit02) trigger errors like:

==26759== Command: testcases/kernel/syscalls/bind/bind01
==26759== 
==26759== Syscall param socketcall.bind(my_addr.sa_family) points to unaddressable byte(s)
==26759==    at 0x472CCF37: bind (socket.S:64)
==26759==    by 0x47216C75: (below main) (libc-start.c:228)
==26759==  Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
==26759== 
--26759-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--26759-- si_code=1;  Faulting address: 0xFFFFFFFF;  sp: 0x4894e10

valgrind: the 'impossible' happened:
   Killed by fatal signal
==26759==    at 0x38074DC9: pre_mem_read_sockaddr (syswrap-generic.c:942)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==26759==    at 0x472CCF37: bind (socket.S:64)
==26759==    by 0x47216C75: (below main) (libc-start.c:228)


Here is a patch that tries to fix most of these problems by using 
ML_(valid_client_addr) before inspecting memory content.

Reproducible: Always

Steps to Reproduce:
valgrind ltp/testcases/kernel/syscalls/bind/bind01 and others.
Comment 1 Christian Borntraeger 2010-10-11 09:26:05 UTC 
Created attachment 52405 [details]
Fix memcheck with some ltp testcases

Fix additional failures with memcheck
--18618-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--18618-- si_code=1;  Faulting address: 0x0;  sp: 0x403b6a9d0

valgrind: the 'impossible' happened:
   Killed by fatal signal
==18618==    at 0x401074328: vgModuleLocal_buf_and_len_pre_check (syswrap-generic.c:1000)
==18618==    by 0x40107464B: vgModuleLocal_generic_PRE_sys_getpeername (syswrap-generic.c:1493)
==18618==    by 0x401073A53: vgPlain_client_syscall (syswrap-main.c:1490)
==18618==    by 0x40106F963: handle_syscall (scheduler.c:899)
Comment 2 Mark Wielaard 2023-11-17 00:46:08 UTC 
The second patch was fixed slightly differently:

commit f7cce36efe5223ae2766141552143441018780f3
Author: Mark Wielaard <mark@klomp.org>
Date:   Tue Feb 23 21:27:19 2016 +0000

    Bug 359724 getsockname might crash - deref_UInt should call safe_to_deref
    
    git-svn-id: svn://svn.valgrind.org/valgrind/trunk@15809