[Bug 2015216] Re: Invalid read of size 8 in strncmp() from is_dst()

Simon Chopin 2015216 at bugs.launchpad.net
Tue Apr 4 18:19:03 UTC 2023 

** Changed in: glibc (Ubuntu)
       Status: New => Invalid

** Changed in: valgrind (Ubuntu)
       Status: New => In Progress

** Changed in: valgrind (Ubuntu)
   Importance: Undecided => High

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to valgrind in Ubuntu.
https://bugs.launchpad.net/bugs/2015216

Title:
  Invalid read of size 8 in strncmp() from is_dst()

Status in glibc package in Ubuntu:
  Invalid
Status in valgrind package in Ubuntu:
  In Progress

Bug description:
  Valgrind reports this in gnome-shell on almost every run:

  ==34822== Invalid read of size 8
  ==34822==    at 0x40264A8: strncmp (strcmp-sse2.S:162)
  ==34822==    by 0x400554E: is_dst (dl-load.c:216)
  ==34822==    by 0x40067D6: _dl_dst_count (dl-load.c:253)
  ==34822==    by 0x40067D6: expand_dynamic_string_token (dl-load.c:395)
  ==34822==    by 0x4006981: fillin_rpath.isra.0 (dl-load.c:483)
  ==34822==    by 0x4006CB2: decompose_rpath (dl-load.c:654)
  ==34822==    by 0x40092DF: cache_rpath (dl-load.c:696)
  ==34822==    by 0x40092DF: _dl_map_object (dl-load.c:2114)
  ==34822==    by 0x4002934: openaux (dl-deps.c:64)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x4002D6E: _dl_map_object_deps (dl-deps.c:232)
  ==34822==    by 0x400CE5E: dl_open_worker_begin (dl-open.c:592)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x400C2E9: dl_open_worker (dl-open.c:782)
  ==34822==  Address 0xe5c00a9 is 9 bytes inside a block of size 15 alloc'd
  ==34822==    at 0x4843828: malloc (vg_replace_malloc.c:381)
  ==34822==    by 0x402628E: malloc (rtld-malloc.h:56)
  ==34822==    by 0x402628E: strdup (strdup.c:42)
  ==34822==    by 0x4006C44: decompose_rpath (dl-load.c:629)
  ==34822==    by 0x40092DF: cache_rpath (dl-load.c:696)
  ==34822==    by 0x40092DF: _dl_map_object (dl-load.c:2114)
  ==34822==    by 0x4002934: openaux (dl-deps.c:64)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x4002D6E: _dl_map_object_deps (dl-deps.c:232)
  ==34822==    by 0x400CE5E: dl_open_worker_begin (dl-open.c:592)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x400C2E9: dl_open_worker (dl-open.c:782)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x400C6BB: _dl_open (dl-open.c:884)
  ==34822== 
  ==34822== Invalid read of size 8
  ==34822==    at 0x40264A8: strncmp (strcmp-sse2.S:162)
  ==34822==    by 0x400554E: is_dst (dl-load.c:216)
  ==34822==    by 0x4006645: _dl_dst_substitute (dl-load.c:295)
  ==34822==    by 0x4006981: fillin_rpath.isra.0 (dl-load.c:483)
  ==34822==    by 0x4006CB2: decompose_rpath (dl-load.c:654)
  ==34822==    by 0x40092DF: cache_rpath (dl-load.c:696)
  ==34822==    by 0x40092DF: _dl_map_object (dl-load.c:2114)
  ==34822==    by 0x4002934: openaux (dl-deps.c:64)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x4002D6E: _dl_map_object_deps (dl-deps.c:232)
  ==34822==    by 0x400CE5E: dl_open_worker_begin (dl-open.c:592)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x400C2E9: dl_open_worker (dl-open.c:782)
  ==34822==  Address 0xe5c00a9 is 9 bytes inside a block of size 15 alloc'd
  ==34822==    at 0x4843828: malloc (vg_replace_malloc.c:381)
  ==34822==    by 0x402628E: malloc (rtld-malloc.h:56)
  ==34822==    by 0x402628E: strdup (strdup.c:42)
  ==34822==    by 0x4006C44: decompose_rpath (dl-load.c:629)
  ==34822==    by 0x40092DF: cache_rpath (dl-load.c:696)
  ==34822==    by 0x40092DF: _dl_map_object (dl-load.c:2114)
  ==34822==    by 0x4002934: openaux (dl-deps.c:64)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x4002D6E: _dl_map_object_deps (dl-deps.c:232)
  ==34822==    by 0x400CE5E: dl_open_worker_begin (dl-open.c:592)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x400C2E9: dl_open_worker (dl-open.c:782)
  ==34822==    by 0x40014DC: _dl_catch_exception (dl-catch.c:237)
  ==34822==    by 0x400C6BB: _dl_open (dl-open.c:884)

  ProblemType: Bug
  DistroRelease: Ubuntu 23.04
  Package: libc6 2.37-0ubuntu2
  ProcVersionSignature: Ubuntu 6.2.0-18.18-generic 6.2.6
  Uname: Linux 6.2.0-18-generic x86_64
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Tue Apr  4 18:01:17 2023
  InstallationDate: Installed on 2022-11-28 (127 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20221126)
  SourcePackage: glibc
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2015216/+subscriptions

More information about the foundations-bugs mailing list