On Wed, Jun 15, 2011 at 05:36:52PM -0400, Jeff King wrote:
> Package: valgrind
> Version: 1:3.6.1-5
> Severity: minor
> Tags: patch
> 
> I get false positives with a simple use of strspn:
> 
>   $ cat >foo.c <<'EOF'
>   #include <string.h>
> 
>   int main(void)
>   {
>     char buf[32];
> 
>     strcpy(buf, "foo");
>     if (strspn(buf, "o"))
>       return 0;
>     return 1;
>   }
>   EOF
> 
>   $ gcc -g -o foo foo.c
>   $ valgrind ./foo
>   ...
>   ==5854== Conditional jump or move depends on uninitialised value(s)
>   ==5854==    at 0x4B3623E: __strspn_sse42 (strspn-c.c:142)
>   ==5854==    by 0x400509: main (foo.c:8)
>   ...
> 
> Looks like it was reported elsewhere with a patch a few months ago:
> 
>   https://bugs.kde.org/show_bug.cgi?id=270925
> 
> I tried the version of valgrind in experimental, but it shows the same
> behavior.

This isn't very surprising as the libc over-reads memory in its strspn
implementation. valgrind has to reimplement it and divert it (like it
does for dozens of other str* functions) but it doesn't sadly.

And adding a suppression doesn't fly since you would hide overreads of
non NUL terminated strings e.g.
-- 
·O·  Pierre Habouzit
··O                                                madco...@debian.org
OOO                                                http://www.madism.org



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to