[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: diffutils-3.7.41-7475 exercises undefined behaviour
|
From: |
Bruno Haible |
|
Subject: |
Re: diffutils-3.7.41-7475 exercises undefined behaviour |
|
Date: |
Sun, 25 Jul 2021 22:03:50 +0200 |
|
User-agent: |
KMail/5.1.3 (Linux/4.4.0-210-generic; KDE/5.18.0; x86_64; ; ) |
Hi Jim,
> I've done as you suggested, but so far, I have been unable to evoke a
> used-uninitialized error on a Fedora 34 system using its libc-2.33,
> valgrind-3.17.0 and this compiler:
> gcc version 11.1.1 20210531 (Red Hat 11.1.1-3) (GCC)
>
> Would you please describe your environment and share the names of the
> test(s) that evoked such failures?
I did so, on Ubuntu 16.04.x, with gcc 5.4.0 and valgrind 3.11.0. Find
the log file attached. You can ignore the test failures that were due
to "memory leaks".
> > Conditional jump or move depends on uninitialised value(s)
> > at 0x4020F0: block_compare (cmp.c:620)
> > by 0x4020F0: cmp (cmp.c:463)
> > by 0x4020F0: main (cmp.c:361)
> >
> > Would it be possible to run block_compare on an initialized buffer,
> > instead of on a partially uninitialized one?
>
> In spite of that, I think I can see what's happening: at cmp:460, we
> put a single-byte sentinel at the end of each buffer, yet the
> following block_compare reads full words, so depending on alignment, a
> final word-read may read the sentinel byte and possibly a few
> (uninitialized ones) beyond it
Yes, that sounds like a plausible explanation of the stack trace above.
Bruno
test-suite.log.gz
Description: application/gzip