On Wed, Jun 15, 2011 at 05:36:52PM -0400, Jeff King wrote: > Package: valgrind > Version: 1:3.6.1-5 > Severity: minor > Tags: patch > > I get false positives with a simple use of strspn: > > $ cat >foo.c <<'EOF' > #include <string.h> > > int main(void) > { > char buf[32]; > > strcpy(buf, "foo"); > if (strspn(buf, "o")) > return 0; > return 1; > } > EOF > > $ gcc -g -o foo foo.c > $ valgrind ./foo > ... > ==5854== Conditional jump or move depends on uninitialised value(s) > ==5854== at 0x4B3623E: __strspn_sse42 (strspn-c.c:142) > ==5854== by 0x400509: main (foo.c:8) > ... > > Looks like it was reported elsewhere with a patch a few months ago: > > https://bugs.kde.org/show_bug.cgi?id=270925 > > I tried the version of valgrind in experimental, but it shows the same > behavior.
This isn't very surprising as the libc over-reads memory in its strspn implementation. valgrind has to reimplement it and divert it (like it does for dozens of other str* functions) but it doesn't sadly. And adding a suppression doesn't fly since you would hide overreads of non NUL terminated strings e.g. -- ·O· Pierre Habouzit ··O madco...@debian.org OOO http://www.madism.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org