Bug 345929

Summary:	Crash when running with `--gen-suppressions=yes` after entering 'y' to confirm
Product:	[Developer tools] valgrind	Reporter:	Kevin Ushey <kevinushey>
Component:	memcheck	Assignee:	Rhys Kidd <rhyskidd>
Status:	RESOLVED FIXED
Severity:	normal	CC:	austinenglish, rhyskidd
Priority:	NOR
Version First Reported In:	3.10 SVN
Target Milestone:	---
Platform:	Homebrew (macOS)
OS:	macOS
See Also:	https://bugs.kde.org/show_bug.cgi?id=347988
Latest Commit:		Version Fixed/Implemented In:
Sentry Crash Report:
Bug Depends on:
Bug Blocks:	339017

Description Kevin Ushey 2015-04-06 21:14:10 UTC

Error message, following `y` to confirm a suppression for a __platform function:

    Memcheck: the 'impossible' happened:
       unexpected size for Addr

Repro:

    valgrind --gen-suppressions=yes ls -la

I get this output:

kevin:~$ valgrind --gen-suppressions=yes ls -la
==59270== Memcheck, a memory error detector
==59270== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==59270== Using Valgrind-3.11.0.SVN and LibVEX; rerun with -h for copyright info
==59270== Command: ls -la
==59270== 
--59270-- UNKNOWN host message [id 412, to mach_host_self(), reply 0x30f]
--59270-- UNKNOWN host message [id 222, to mach_host_self(), reply 0x30f]
--59270-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option
--59270-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 2 times)
--59270-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 4 times)
--59270-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 8 times)
total 66016
==59270== Conditional jump or move depends on uninitialised value(s)
==59270==    at 0x100533C3F: _platform_memchr$VARIANT$Haswell (in /usr/lib/system/libsystem_platform.dylib)
==59270==    by 0x100327B96: __sfvwrite (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100331FE5: __vfprintf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x1003579AE: __v2printf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100357C80: __xvprintf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x10032DB71: vfprintf_l (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x10032B9D7: printf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100002BA2: ??? (in /bin/ls)
==59270==    by 0x100002745: ??? (in /bin/ls)
==59270==    by 0x100001BF0: ??? (in /bin/ls)
==59270==    by 0x10000191E: ??? (in /bin/ls)
==59270==    by 0x1002945C8: start (in /usr/lib/system/libdyld.dylib)
==59270== 
==59270== 
==59270== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- y
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_platform_memchr$VARIANT$Haswell
   fun:__sfvwrite
   fun:__vfprintf
   fun:__v2printf
   fun:__xvprintf
   fun:vfprintf_l
   fun:printf
   obj:/bin/ls
   obj:/bin/ls
   obj:/bin/ls
   obj:/bin/ls
   fun:start
}
==59270== Invalid read of size 32
==59270==    at 0x100533C21: _platform_memchr$VARIANT$Haswell (in /usr/lib/system/libsystem_platform.dylib)
==59270==    by 0x100327B96: __sfvwrite (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100331FE5: __vfprintf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x1003579AE: __v2printf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100357C80: __xvprintf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x10032DB71: vfprintf_l (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x10032B9D7: printf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100002BA2: ??? (in /bin/ls)
==59270==    by 0x100002745: ??? (in /bin/ls)
==59270==    by 0x100001BF0: ??? (in /bin/ls)
==59270==    by 0x10000191E: ??? (in /bin/ls)
==59270==    by 0x1002945C8: start (in /usr/lib/system/libdyld.dylib)
==59270==  Address 0x1008a63e0 is 10 bytes after a block of size 70 alloc'd
==59270==    at 0x10000EC11: calloc (in /usr/local/Cellar/valgrind/HEAD/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==59270==    by 0x10000230C: ??? (in /bin/ls)
==59270==    by 0x100001BF0: ??? (in /bin/ls)
==59270==    by 0x10000191E: ??? (in /bin/ls)
==59270==    by 0x1002945C8: start (in /usr/lib/system/libdyld.dylib)
==59270==    by 0x1: ???
==59270==    by 0x1048089EA: ???
==59270==    by 0x1048089ED: ???
==59270== 
==59270== 
==59270== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- y

Memcheck: the 'impossible' happened:
   unexpected size for Addr

host stacktrace:
==59270==    at 0x23804079E: ???
==59270==    by 0x238040BAD: ???
==59270==    by 0x238040C3B: ???
==59270==    by 0x238040C65: ???
==59270==    by 0x2380347AB: ???
==59270==    by 0x23803CD03: ???
==59270==    by 0x23803B0EB: ???
==59270==    by 0x23803A9B6: ???
==59270==    by 0x238033192: ???
==59270==    by 0x238020FA1: ???
==59270==    by 0x700000BB258D: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==59270==    at 0x100533C21: _platform_memchr$VARIANT$Haswell (in /usr/lib/system/libsystem_platform.dylib)
==59270==    by 0x100327B96: __sfvwrite (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100331FE5: __vfprintf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x1003579AE: __v2printf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100357C80: __xvprintf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x10032DB71: vfprintf_l (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x10032B9D7: printf (in /usr/lib/system/libsystem_c.dylib)
==59270==    by 0x100002BA2: ??? (in /bin/ls)
==59270==    by 0x100002745: ??? (in /bin/ls)
==59270==    by 0x100001BF0: ??? (in /bin/ls)
==59270==    by 0x10000191E: ??? (in /bin/ls)
==59270==    by 0x1002945C8: start (in /usr/lib/system/libdyld.dylib)
==59270==    by 0x1: ???
==59270==    by 0x1048089EA: ???
==59270==    by 0x1048089ED: ???


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

Reproducible: Always

Comment 1 Julian Seward 2015-04-28 11:24:57 UTC

Probably easy to fix.  We should fix it.

Comment 2 Rhys Kidd 2015-05-04 11:44:28 UTC

Hi Kevin, I am working on a fix for this. Thanks for the bug report.

Comment 3 Rhys Kidd 2015-06-12 14:10:46 UTC

Kevin,
I would like you to test the proposed patch attached to the related bug here: https://bugs.kde.org/show_bug.cgi?id=347988
This fixed the issue for me on a modern Haswell-based CPU system.

Comment 4 Rhys Kidd 2015-07-01 23:06:51 UTC

Resolved in 15391.