[Bug 839001] [NEW] Wrong memory access with strlen()
Sworddragon
839001 at bugs.launchpad.net
Thu Sep 1 18:45:04 UTC 2011
Public bug reported:
I'm using Ubuntu 11.10 dev with libc6 2.13-17ubuntu2 and Valgrind
1:3.6.1-0ubuntu2. strlen() is accessing in some cases the wrong memory.
I have written example code that shows the problem. The code was
compiled with "gcc -O3 -Wall -Wextra -o test -pedantic test.c" (the
error appears on -O2 too but not on -O1). The application was executed
with "valgrind ./test".
This is the code:
#include <stdlib.h>
#include <string.h>
int main()
{
char *buffer;
buffer = malloc(7);
strcpy(buffer, "1234");
buffer = realloc(buffer, strlen(buffer) + 1024);
free(buffer);
return 0;
}
And this is the output of a run:
==203489== Memcheck, a memory error detector
==203489== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==203489== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==203489== Command: ./test
==203489==
==203489== Invalid read of size 4
==203489== at 0x4004BB: main (in /home/sworddragon/data/test)
==203489== Address 0x51ce044 is 4 bytes inside a block of size 7 alloc'd
==203489== at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
==203489== by 0x4004AD: main (in /home/sworddragon/data/test)
==203489==
==203489==
==203489== HEAP SUMMARY:
==203489== in use at exit: 0 bytes in 0 blocks
==203489== total heap usage: 2 allocs, 2 frees, 1,035 bytes allocated
==203489==
==203489== All heap blocks were freed -- no leaks are possible
==203489==
==203489== For counts of detected and suppressed errors, rerun with: -v
==203489== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
** Affects: eglibc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/839001
Title:
Wrong memory access with strlen()
Status in “eglibc” package in Ubuntu:
New
Bug description:
I'm using Ubuntu 11.10 dev with libc6 2.13-17ubuntu2 and Valgrind
1:3.6.1-0ubuntu2. strlen() is accessing in some cases the wrong
memory. I have written example code that shows the problem. The code
was compiled with "gcc -O3 -Wall -Wextra -o test -pedantic test.c"
(the error appears on -O2 too but not on -O1). The application was
executed with "valgrind ./test".
This is the code:
#include <stdlib.h>
#include <string.h>
int main()
{
char *buffer;
buffer = malloc(7);
strcpy(buffer, "1234");
buffer = realloc(buffer, strlen(buffer) + 1024);
free(buffer);
return 0;
}
And this is the output of a run:
==203489== Memcheck, a memory error detector
==203489== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==203489== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==203489== Command: ./test
==203489==
==203489== Invalid read of size 4
==203489== at 0x4004BB: main (in /home/sworddragon/data/test)
==203489== Address 0x51ce044 is 4 bytes inside a block of size 7 alloc'd
==203489== at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
==203489== by 0x4004AD: main (in /home/sworddragon/data/test)
==203489==
==203489==
==203489== HEAP SUMMARY:
==203489== in use at exit: 0 bytes in 0 blocks
==203489== total heap usage: 2 allocs, 2 frees, 1,035 bytes allocated
==203489==
==203489== All heap blocks were freed -- no leaks are possible
==203489==
==203489== For counts of detected and suppressed errors, rerun with: -v
==203489== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/839001/+subscriptions
More information about the foundations-bugs
mailing list