253383 – [PATCH] several LTP testcases trigger VALGRIND INTERNAL ERROR

Bug 253383 - [PATCH] several LTP testcases trigger VALGRIND INTERNAL ERROR

Summary: [PATCH] several LTP testcases trigger VALGRIND INTERNAL ERROR

Status:	REPORTED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	general (show other bugs)
Version:	3.6 SVN
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-10-06 13:26 UTC by Christian Borntraeger
Modified:	2023-11-17 00:46 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
fix for several valgrind internal errros (5.70 KB, patch) 2010-10-06 13:26 UTC, Christian Borntraeger	Details
Fix memcheck with some ltp testcases (604 bytes, patch) 2010-10-11 09:26 UTC, Christian Borntraeger	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Borntraeger 2010-10-06 13:26:02 UTC

Created attachment 52269 [details]
fix for several valgrind internal errros

Version:           3.6 SVN
OS:                Linux

several LTP testcases (bind01,connect01,io_submit01,recvmsg01,rt_sigaction02,rt_sigprocmask02,sendto01,setrlimit02) trigger errors like:

==26759== Command: testcases/kernel/syscalls/bind/bind01
==26759== 
==26759== Syscall param socketcall.bind(my_addr.sa_family) points to unaddressable byte(s)
==26759==    at 0x472CCF37: bind (socket.S:64)
==26759==    by 0x47216C75: (below main) (libc-start.c:228)
==26759==  Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
==26759== 
--26759-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--26759-- si_code=1;  Faulting address: 0xFFFFFFFF;  sp: 0x4894e10

valgrind: the 'impossible' happened:
   Killed by fatal signal
==26759==    at 0x38074DC9: pre_mem_read_sockaddr (syswrap-generic.c:942)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==26759==    at 0x472CCF37: bind (socket.S:64)
==26759==    by 0x47216C75: (below main) (libc-start.c:228)


Here is a patch that tries to fix most of these problems by using 
ML_(valid_client_addr) before inspecting memory content.

Reproducible: Always

Steps to Reproduce:
valgrind ltp/testcases/kernel/syscalls/bind/bind01 and others.

Comment 1 Christian Borntraeger 2010-10-11 09:26:05 UTC

Created attachment 52405 [details]
Fix memcheck with some ltp testcases

Fix additional failures with memcheck
--18618-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--18618-- si_code=1;  Faulting address: 0x0;  sp: 0x403b6a9d0

valgrind: the 'impossible' happened:
   Killed by fatal signal
==18618==    at 0x401074328: vgModuleLocal_buf_and_len_pre_check (syswrap-generic.c:1000)
==18618==    by 0x40107464B: vgModuleLocal_generic_PRE_sys_getpeername (syswrap-generic.c:1493)
==18618==    by 0x401073A53: vgPlain_client_syscall (syswrap-main.c:1490)
==18618==    by 0x40106F963: handle_syscall (scheduler.c:899)

Comment 2 Mark Wielaard 2023-11-17 00:46:08 UTC

The second patch was fixed slightly differently:

commit f7cce36efe5223ae2766141552143441018780f3
Author: Mark Wielaard <mark@klomp.org>
Date:   Tue Feb 23 21:27:19 2016 +0000

    Bug 359724 getsockname might crash - deref_UInt should call safe_to_deref
    
    git-svn-id: svn://svn.valgrind.org/valgrind/trunk@15809