[Bug 839001] Re: Wrong memory access with strlen()

Sworddragon 839001 at bugs.launchpad.net
Thu Apr 26 22:53:03 UTC 2012 

I can't reproduce this bug anymore with GCC 4.7 (but still with GCC
4.6). So it seems this was a GCC bug which is now fixed.

** Changed in: eglibc (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/839001

Title:
  Wrong memory access with strlen()

Status in “eglibc” package in Ubuntu:
  Fix Released

Bug description:
  I'm using Ubuntu 11.10 dev with libc6 2.13-17ubuntu2 and Valgrind
  1:3.6.1-0ubuntu2. strlen() is accessing in some cases the wrong
  memory. I have written example code that shows the problem. The code
  was compiled with "gcc -O3 -Wall -Wextra -o test -pedantic test.c"
  (the error appears on -O2 too but not on -O1). The application was
  executed with "valgrind ./test".

  This is the code:

  #include <stdlib.h>
  #include <string.h>

  int main()
  {
  	char *buffer;

  	buffer = malloc(7);
  	strcpy(buffer, "1234");
  	buffer = realloc(buffer, strlen(buffer) + 1024);
  	free(buffer);
  	return 0;
  }

  
  And this is the output of a run:

  ==203489== Memcheck, a memory error detector
  ==203489== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
  ==203489== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
  ==203489== Command: ./test
  ==203489== 
  ==203489== Invalid read of size 4
  ==203489==    at 0x4004BB: main (in /home/sworddragon/data/test)
  ==203489==  Address 0x51ce044 is 4 bytes inside a block of size 7 alloc'd
  ==203489==    at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
  ==203489==    by 0x4004AD: main (in /home/sworddragon/data/test)
  ==203489== 
  ==203489== 
  ==203489== HEAP SUMMARY:
  ==203489==     in use at exit: 0 bytes in 0 blocks
  ==203489==   total heap usage: 2 allocs, 2 frees, 1,035 bytes allocated
  ==203489== 
  ==203489== All heap blocks were freed -- no leaks are possible
  ==203489== 
  ==203489== For counts of detected and suppressed errors, rerun with: -v
  ==203489== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/839001/+subscriptions

More information about the foundations-bugs mailing list