[Bug 1035321] Re: Wrong memory access with strlen() #2

Adam Conrad adconrad at 0c3.net
Wed Oct 3 21:01:20 UTC 2012 

If this is occurring only at higher optimisation levels, it's probably a
GCC bug, but a GLIBC one.

** Package changed: eglibc (Ubuntu) => gcc-4.7 (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1035321

Title:
  Wrong memory access with strlen() #2

Status in “gcc-4.7” package in Ubuntu:
  New

Bug description:
  I'm using Ubuntu 12.10 dev with libc6 2.15-0ubuntu16 and valgrind
  1:3.7.0-0ubuntu3. After the old bug was fixed
  (https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/839001) there
  is now a new bug which has a little different condition to trigger. It
  appears on -O3 and -O2 but not on -O1 (like the old bug).

  Here is a new code example (compiled with "gcc -O3 -Wall -Wextra -o
  test -pedantic test.c" and executed with "valgrind ./test"):

  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>

  int main()
  {
  	char *buffer1, buffer2[] = "1234";

  	buffer1 = malloc(11);
  	sprintf(buffer1, "123456%s", buffer2);
  	fprintf(stdout, "%li\n", strlen(buffer1));
  	free(buffer1);
  	return 0;
  }

  This is the output from Valgrind:

  ==14601== Memcheck, a memory error detector
  ==14601== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
  ==14601== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
  ==14601== Command: ./test
  ==14601== 
  ==14601== Invalid read of size 4
  ==14601==    at 0x400623: main (in /home/sworddragon/data/test)
  ==14601==  Address 0x51ef048 is 8 bytes inside a block of size 11 alloc'd
  ==14601==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==14601==    by 0x4005EA: main (in /home/sworddragon/data/test)
  ==14601== 
  10
  ==14601== 
  ==14601== HEAP SUMMARY:
  ==14601==     in use at exit: 0 bytes in 0 blocks
  ==14601==   total heap usage: 1 allocs, 1 frees, 11 bytes allocated
  ==14601== 
  ==14601== All heap blocks were freed -- no leaks are possible
  ==14601== 
  ==14601== For counts of detected and suppressed errors, rerun with: -v
  ==14601== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-4.7/+bug/1035321/+subscriptions

More information about the foundations-bugs mailing list