bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Valgrind detects invalid read in bash. malloc assertion fails.


From: Johannes Müller
Subject: Re: Valgrind detects invalid read in bash. malloc assertion fails.
Date: Wed, 15 May 2019 11:08:00 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

On 14.05.19 15:46, Chet Ramey wrote:

I assume this is a valgrind false positive.

That possible. However, the assertion that causes the abort, is part of the malloc.c version (line 934) that ships with bash. I guess that the issue is caused by the fact that bash uses it's own malloc.c, which seems to be incompatible with valgrind.

It's also interesting, that even
    valgrind ./bash -c 'echo $BASH_VERSION'
causes an error in valgrind on Debian 9.9.

The following commands reproduces the issue(s) on both of my Debian 9.9 systems:

jmueller@debian:~/workspace$ git clone https://git.savannah.gnu.org/git/bash.git
jmueller@debian:~/workspace/bash$ cd bash/
jmueller@debian:~/workspace/bash$ ./configure
jmueller@debian:~/workspace/bash$ make
jmueller@debian:~/workspace/bash$ valgrind ./bash -c 'echo $BASH_VERSION'

==25061== Memcheck, a memory error detector
==25061== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==25061== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==25061== Command: ./bash -c echo\ $BASH_VERSION
==25061==
5.0.7(1)-release
==25061== Invalid free() / delete / delete[] / realloc()
==25061==    at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==25061==    by 0x17F647: unwind_frame_run_internal.constprop.3 (unwind_prot.c:333)
==25061==    by 0x17FA6F: without_interrupts (unwind_prot.c:123)
==25061==    by 0x17FA6F: run_unwind_frame (unwind_prot.c:151)
==25061==    by 0x1A00B5: parse_and_execute (evalstring.c:490)
==25061==    by 0x135EA0: run_one_command (shell.c:1416)
==25061==    by 0x13803A: main (shell.c:735)
==25061==  Address 0x4238ba8 is in the brk data segment 0x4226000-0x423cfff
==25061==
==25061==
==25061== HEAP SUMMARY:
==25061==     in use at exit: 0 bytes in 0 blocks
==25061==   total heap usage: 46 allocs, 47 frees, 5,539 bytes allocated
==25061==
==25061== All heap blocks were freed -- no leaks are possible
==25061==
==25061== For counts of detected and suppressed errors, rerun with: -v
==25061== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

jmueller@debian:~/workspace/bash$ valgrind ./bash -c ': *'
==25062== Memcheck, a memory error detector
==25062== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==25062== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==25062== Command: ./bash -c :\ *
==25062==
==25062== Invalid read of size 1
==25062==    at 0x1E4F67: internal_free.isra.1 (malloc.c:917)
==25062==    by 0x1B45FD: glob_filename (glob.c:1374)
==25062==    by 0x1807FD: shell_glob_filename (pathexp.c:442)
==25062==    by 0x17B58A: glob_expand_word_list (subst.c:11030)
==25062==    by 0x17B58A: expand_word_list_internal (subst.c:11467)
==25062==    by 0x14F3D2: execute_simple_command (execute_cmd.c:4307)
==25062==    by 0x15119E: execute_command_internal (execute_cmd.c:841)
==25062==    by 0x1A049A: parse_and_execute (evalstring.c:456)
==25062==    by 0x135EA0: run_one_command (shell.c:1416)
==25062==    by 0x13803A: main (shell.c:735)
==25062==  Address 0x5607228 is 8 bytes before a block of size 8 alloc'd
==25062==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==25062==    by 0x1B454E: glob_filename (glob.c:1066)
==25062==    by 0x1807FD: shell_glob_filename (pathexp.c:442)
==25062==    by 0x17B58A: glob_expand_word_list (subst.c:11030)
==25062==    by 0x17B58A: expand_word_list_internal (subst.c:11467)
==25062==    by 0x14F3D2: execute_simple_command (execute_cmd.c:4307)
==25062==    by 0x15119E: execute_command_internal (execute_cmd.c:841)
==25062==    by 0x1A049A: parse_and_execute (evalstring.c:456)
==25062==    by 0x135EA0: run_one_command (shell.c:1416)
==25062==    by 0x13803A: main (shell.c:735)
==25062==
==25062== Invalid read of size 1
==25062==    at 0x1E4F78: internal_free.isra.1 (malloc.c:928)
==25062==    by 0x1B45FD: glob_filename (glob.c:1374)
==25062==    by 0x1807FD: shell_glob_filename (pathexp.c:442)
==25062==    by 0x17B58A: glob_expand_word_list (subst.c:11030)
==25062==    by 0x17B58A: expand_word_list_internal (subst.c:11467)
==25062==    by 0x14F3D2: execute_simple_command (execute_cmd.c:4307)
==25062==    by 0x15119E: execute_command_internal (execute_cmd.c:841)
==25062==    by 0x1A049A: parse_and_execute (evalstring.c:456)
==25062==    by 0x135EA0: run_one_command (shell.c:1416)
==25062==    by 0x13803A: main (shell.c:735)
==25062==  Address 0x5607228 is 8 bytes before a block of size 8 alloc'd
==25062==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==25062==    by 0x1B454E: glob_filename (glob.c:1066)
==25062==    by 0x1807FD: shell_glob_filename (pathexp.c:442)
==25062==    by 0x17B58A: glob_expand_word_list (subst.c:11030)
==25062==    by 0x17B58A: expand_word_list_internal (subst.c:11467)
==25062==    by 0x14F3D2: execute_simple_command (execute_cmd.c:4307)
==25062==    by 0x15119E: execute_command_internal (execute_cmd.c:841)
==25062==    by 0x1A049A: parse_and_execute (evalstring.c:456)
==25062==    by 0x135EA0: run_one_command (shell.c:1416)
==25062==    by 0x13803A: main (shell.c:735)
==25062==

malloc: glob.c:1374: assertion botched
free: called with unallocated block argument
Aborting...==25062==
==25062== Process terminating with default action of signal 6 (SIGABRT): dumping core
==25062==    at 0x5298FFF: raise (raise.c:51)
==25062==    by 0x529A429: abort (abort.c:89)
==25062==    by 0x15DF66: programming_error (error.c:175)
==25062==    by 0x1E4FB4: internal_free.isra.1 (malloc.c:934)
==25062==    by 0x1B45FD: glob_filename (glob.c:1374)
==25062==    by 0x1807FD: shell_glob_filename (pathexp.c:442)
==25062==    by 0x17B58A: glob_expand_word_list (subst.c:11030)
==25062==    by 0x17B58A: expand_word_list_internal (subst.c:11467)
==25062==    by 0x14F3D2: execute_simple_command (execute_cmd.c:4307)
==25062==    by 0x15119E: execute_command_internal (execute_cmd.c:841)
==25062==    by 0x1A049A: parse_and_execute (evalstring.c:456)
==25062==    by 0x135EA0: run_one_command (shell.c:1416)
==25062==    by 0x13803A: main (shell.c:735)
==25062==
==25062== HEAP SUMMARY:
==25062==     in use at exit: 8 bytes in 1 blocks
==25062==   total heap usage: 84 allocs, 83 frees, 16,600 bytes allocated
==25062==
==25062== LEAK SUMMARY:
==25062==    definitely lost: 0 bytes in 0 blocks
==25062==    indirectly lost: 0 bytes in 0 blocks
==25062==      possibly lost: 0 bytes in 0 blocks
==25062==    still reachable: 8 bytes in 1 blocks
==25062==         suppressed: 0 bytes in 0 blocks
==25062== Rerun with --leak-check=full to see details of leaked memory
==25062==
==25062== For counts of detected and suppressed errors, rerun with: -v
==25062== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Aborted
jmueller@debian:~/workspace/bash$

Attachment: build_and_test.log
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]