Bug 501893

Summary: Missing suppression for __wcscat_avx2 (strcat-strlen-avx2.h.S:68)?
Product: [Developer tools] valgrind Reporter: Sam James <sam>
Component: memcheckAssignee: Paul Floyd <pjfloyd>
Status: RESOLVED FIXED    
Severity: normal CC: mark, pjfloyd
Priority: NOR    
Version First Reported In: 3.24 GIT   
Target Milestone: ---   
Platform: Other   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=475652
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: First go at a fix, based on strcmp.

Description Sam James 2025-03-23 02:32:49 UTC 
Hi!

When running the libxslt testsuite under Valgrind, I see:
```
$ valgrind -q --leak-check=no --trace-children=yes --trace-children-skip=valgrind,make,ninja --trace-children-skip-by-arg=valgrind,make,ninja --exit-on-first-error=yes --error-exitcode=1 make  heck-local
make[2]: Entering directory '/var/tmp/portage/dev-libs/libxslt-1.1.43/work/libxslt-1.1.43-abi_x86_64.amd64-python3_10/python/tests'
-- basic.py
==19822== Conditional jump or move depends on uninitialised value(s)
==19822==    at 0x4D8FD2A: __wcscat_avx2 (strcat-strlen-avx2.h.S:68)
==19822==    by 0x4A9DE98: ??? (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4A73F74: ??? (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4A782BB: ??? (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4A78EAA: ??? (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4A79BBF: Py_InitializeFromConfig (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4A9E4A1: ??? (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4A9F7CF: Py_BytesMain (in /usr/lib64/libpython3.10.so.1.0)
==19822==    by 0x4C53DF4: (below main) (libc_start_call_main.h:58)
```

This is with `ld.so (Gentoo 2.41-r1 (patchset 2)) stable release version 2.41` on:
```
$ uname -a
Linux sam-build 6.12.16-gentoo-dist-hardened #1 SMP PREEMPT_DYNAMIC Tue Mar 11 16:55:27 CDT 2025 x86_64 AMD EPYC 7R13 48-Core Processor AuthenticAMD GNU/Linux
```
Comment 1 Sam James 2025-03-23 02:49:53 UTC 
Output with debugging symbols:
```
==80104== Conditional jump or move depends on uninitialised value(s)
==80104==    at 0x4D8FD2A: __wcscat_avx2 (strcat-strlen-avx2.h.S:68)
==80104==    by 0x4A9DF18: wcscat (wchar2.h:124)
==80104==    by 0x4A9DF18: calculate_module_search_path (getpath.c:1378)
==80104==    by 0x4A9DF18: calculate_path (getpath.c:1537)
==80104==    by 0x4A9DF18: _PyPathConfig_Calculate (getpath.c:1602)
==80104==    by 0x4A74034: pathconfig_init (pathconfig.c:354)
==80104==    by 0x4A74034: config_init_pathconfig (pathconfig.c:369)
==80104==    by 0x4A74034: _PyConfig_InitPathConfig (pathconfig.c:438)
==80104==    by 0x4A7837B: init_interp_main (pylifecycle.c:1082)
==80104==    by 0x4A78F6A: pyinit_main (pylifecycle.c:1195)
==80104==    by 0x4A78F6A: pyinit_main (pylifecycle.c:1184)
==80104==    by 0x4A79C7F: Py_InitializeFromConfig (pylifecycle.c:1226)
==80104==    by 0x4A79C7F: Py_InitializeFromConfig (pylifecycle.c:1204)
==80104==    by 0x4A9E521: pymain_init (main.c:66)
==80104==    by 0x4A9F84F: pymain_main (main.c:691)
==80104==    by 0x4A9F84F: Py_BytesMain (main.c:724)
==80104==    by 0x4C53DF4: (below main) (libc_start_call_main.h:58)
```
Comment 2 Paul Floyd 2025-03-23 07:25:02 UTC 
Can you provide the two strings that generate this error?

On my PC with Fedora 41 wcscat is using __wcscat_evex. I don't know if that has the same problem. That's glibc 2.40.
Comment 3 Paul Floyd 2025-03-23 07:33:23 UTC 
Created attachment 179659 [details]
First go at a fix, based on strcmp.

Please could you test this patch?
Comment 4 Sam James 2025-03-23 07:37:07 UTC 
(In reply to Paul Floyd from comment #2)
> Can you provide the two strings that generate this error?
> 

(gdb) bt
#0  0x0000000004d8fd2a in ?? () from /usr/lib64/libc.so.6
#1  0x0000000004a9e02d in wcscat (__dest=0x50715a0 L"/usr/lib/python310.zip:/usr/lib/python3.10", __src=0x506fff0 L"") at /usr/include/bits/wchar2.h:124
#2  calculate_module_search_path (calculate=0x1ffefffa30, pathconfig=0x1ffefffc20) at ./Modules/getpath.c:1409
#3  calculate_path (calculate=0x1ffefffa30, pathconfig=0x1ffefffc20) at ./Modules/getpath.c:1537
#4  _PyPathConfig_Calculate (pathconfig=pathconfig@entry=0x1ffefffc20, config=config@entry=0x4f06370) at ./Modules/getpath.c:1602
#5  0x0000000004a74035 in pathconfig_init (pathconfig=0x1ffefffc20, config=0x4f06370, compute_path_config=1) at Python/pathconfig.c:354
#6  config_init_pathconfig (config=0x4f06370, compute_path_config=1) at Python/pathconfig.c:369
#7  _PyConfig_InitPathConfig (config=config@entry=0x4f06370, compute_path_config=compute_path_config@entry=1) at Python/pathconfig.c:438
#8  0x0000000004a7837c in init_interp_main (tstate=0x4f224a0) at Python/pylifecycle.c:1082
#9  0x0000000004a78f6b in pyinit_main (tstate=<optimized out>) at Python/pylifecycle.c:1195
#10 pyinit_main (tstate=<optimized out>) at Python/pylifecycle.c:1184
#11 0x0000000004a79c80 in Py_InitializeFromConfig (config=<optimized out>) at Python/pylifecycle.c:1226
#12 Py_InitializeFromConfig (config=config@entry=0x1ffeffff00) at Python/pylifecycle.c:1204
#13 0x0000000004a9e522 in pymain_init (args=args@entry=0x1fff0000d0) at Modules/main.c:66
#14 0x0000000004a9f850 in pymain_main (args=0x1fff0000d0) at Modules/main.c:691
#15 Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at Modules/main.c:724
#16 0x0000000004c53df5 in ?? () from /usr/lib64/libc.so.6
#17 0x0000000004c53ea7 in __libc_start_main () from /usr/lib64/libc.so.6
#18 0x0000000000109081 in _start ()

And for good measure:
```
(gdb) frame 2
#2  calculate_module_search_path (calculate=0x1ffefffa30, pathconfig=0x1ffefffc20) at ./Modules/getpath.c:1409
1409                wcscat(buf, defpath);
(gdb) p buf
$1 = 0x50715a0 L"/usr/lib/python310.zip:/usr/lib/python3.10"
(gdb) p defpath
$2 = 0x506fff0 L""
```
Comment 5 Sam James 2025-03-23 07:37:53 UTC 
The second instance is:
```
Program received signal SIGTRAP, Trace/breakpoint trap.
0x0000000004d8fd2a in ?? () from /usr/lib64/libc.so.6
(gdb) bt
#0  0x0000000004d8fd2a in ?? () from /usr/lib64/libc.so.6
#1  0x0000000004a9e03c in wcscat (__dest=0x50715a0 L"/usr/lib/python310.zip:/usr/lib/python3.10", __src=0x4b6c470 <delimiter> L":") at /usr/include/bits/wchar2.h:124
#2  calculate_module_search_path (calculate=0x1ffefffa30, pathconfig=0x1ffefffc20) at ./Modules/getpath.c:1414
#3  calculate_path (calculate=0x1ffefffa30, pathconfig=0x1ffefffc20) at ./Modules/getpath.c:1537
#4  _PyPathConfig_Calculate (pathconfig=pathconfig@entry=0x1ffefffc20, config=config@entry=0x4f06370) at ./Modules/getpath.c:1602
#5  0x0000000004a74035 in pathconfig_init (pathconfig=0x1ffefffc20, config=0x4f06370, compute_path_config=1) at Python/pathconfig.c:354
#6  config_init_pathconfig (config=0x4f06370, compute_path_config=1) at Python/pathconfig.c:369
#7  _PyConfig_InitPathConfig (config=config@entry=0x4f06370, compute_path_config=compute_path_config@entry=1) at Python/pathconfig.c:438
#8  0x0000000004a7837c in init_interp_main (tstate=0x4f224a0) at Python/pylifecycle.c:1082
#9  0x0000000004a78f6b in pyinit_main (tstate=<optimized out>) at Python/pylifecycle.c:1195
#10 pyinit_main (tstate=<optimized out>) at Python/pylifecycle.c:1184
#11 0x0000000004a79c80 in Py_InitializeFromConfig (config=<optimized out>) at Python/pylifecycle.c:1226
#12 Py_InitializeFromConfig (config=config@entry=0x1ffeffff00) at Python/pylifecycle.c:1204
#13 0x0000000004a9e522 in pymain_init (args=args@entry=0x1fff0000d0) at Modules/main.c:66
#14 0x0000000004a9f850 in pymain_main (args=0x1fff0000d0) at Modules/main.c:691
#15 Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at Modules/main.c:724
#16 0x0000000004c53df5 in ?? () from /usr/lib64/libc.so.6
#17 0x0000000004c53ea7 in __libc_start_main () from /usr/lib64/libc.so.6
#18 0x0000000000109081 in _start ()
```

Anyway, trying the patch - thanks!
Comment 6 Sam James 2025-03-23 07:42:29 UTC 
(In reply to Paul Floyd from comment #3)
> Created attachment 179659 [details]
> First go at a fix, based on strcmp.
> 
> Please could you test this patch?

Thanks, that fixes it.
Comment 7 Paul Floyd 2025-03-23 08:46:16 UTC 
Thanks for the examples. I can reproduce the issue. I'll push a fix and test shortly.
Comment 8 Paul Floyd 2025-03-23 09:22:49 UTC 
commit f87c58e89c4a0e85c59f39a7ae01027686bfff73 (HEAD -> master, origin/master, origin/HEAD)
Author: Paul Floyd <pjfloyd@wanadoo.fr>
Date:   Sun Mar 23 10:21:29 2025 +0100

    Bug 501893 - Missing suppression for __wcscat_avx2 (strcat-strlen-avx2.h.S:68)?
Comment 9 Mark Wielaard 2025-03-28 14:30:40 UTC 
Also put on the VALGRIND_3_24 branch as:

commit f206268ad56899f935d420770088076671a6b014
Author: Paul Floyd <pjfloyd@wanadoo.fr>
Date:   Sun Mar 23 10:21:29 2025 +0100

    Bug 501893 - Missing suppression for __wcscat_avx2 (strcat-strlen-avx2.h.S:68)?
    
    (cherry picked from commit f87c58e89c4a0e85c59f39a7ae01027686bfff73)