On Wed, Jun 15, 2011 at 05:36:52PM -0400, Jeff King wrote:
> Package: valgrind
> Version: 1:3.6.1-5
> Severity: minor
> Tags: patch
>
> I get false positives with a simple use of strspn:
>
> $ cat >foo.c <<'EOF'
> #include <string.h>
>
> int main(void)
> {
> char buf[32];
>
> strcpy(buf, "foo");
> if (strspn(buf, "o"))
> return 0;
> return 1;
> }
> EOF
>
> $ gcc -g -o foo foo.c
> $ valgrind ./foo
> ...
> ==5854== Conditional jump or move depends on uninitialised value(s)
> ==5854== at 0x4B3623E: __strspn_sse42 (strspn-c.c:142)
> ==5854== by 0x400509: main (foo.c:8)
> ...
>
> Looks like it was reported elsewhere with a patch a few months ago:
>
> https://bugs.kde.org/show_bug.cgi?id=270925
>
> I tried the version of valgrind in experimental, but it shows the same
> behavior.
This isn't very surprising as the libc over-reads memory in its strspn
implementation. valgrind has to reimplement it and divert it (like it
does for dozens of other str* functions) but it doesn't sadly.
And adding a suppression doesn't fly since you would hide overreads of
non NUL terminated strings e.g.
--
·O· Pierre Habouzit
··O madco...@debian.org
OOO http://www.madism.org
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
