[valgrind] [Bug 448464] New: False positive "uninitialised bytes" for ioctl HCIGETDEVLIST

[Andrea]

https://bugs.kde.org/show_bug.cgi?id=448464

            Bug ID: 448464
           Summary: False positive "uninitialised bytes" for ioctl
                    HCIGETDEVLIST
           Product: valgrind
           Version: 3.17.0
          Platform: Ubuntu Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: memcheck
          Assignee: jsew...@acm.org
          Reporter: mariofut...@googlemail.com
  Target Milestone: ---

SUMMARY

False positive "uninitialised bytes" for ioctl HCIGETDEVLIST

With this example

#include <pcap.h>

pcap_if_t *alldevs = NULL;
static char errbuf[PCAP_ERRBUF_SIZE];

int main()
{
  pcap_findalldevs(&alldevs, errbuf);
}

valgrind reports

==34992== Memcheck, a memory error detector
==34992== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==34992== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==34992== Command: ./a.out
==34992== 
==34992== Syscall param ioctl(HCIGETDEVLIST) points to uninitialised byte(s)
==34992==    at 0x49DE9CB: ioctl (syscall-template.S:120)
==34992==    by 0x4880641: bt_findalldevs (pcap-bt-linux.c:103)
==34992==    by 0x4880E78: pcap_findalldevs (pcap.c:737)
==34992==    by 0x109169: main (in /home/andrea/projects/cvs/a2e/a.out)
==34992==  Address 0x4e6e772 is 2 bytes inside a block of size 132 alloc'd
==34992==    at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==34992==    by 0x4880619: bt_findalldevs (pcap-bt-linux.c:92)
==34992==    by 0x4880E78: pcap_findalldevs (pcap.c:737)
==34992==    by 0x109169: main (in /home/andrea/projects/cvs/a2e/a.out)

The problem is in this patch

https://sourceware.org/git/?p=valgrind.git;a=blobdiff;f=coregrind/m_syswrap/syswrap-linux.c;h=e1157e95a887ac8864598f9d9a0cb3d4c32629c7;hp=8ea032e6b8c184894e5206bc49a65a870646d43e;hb=e97f8c49d6e3978045a596037381cbb74aa12c0c;hpb=3a9215788139ab31e5d89773d2ba2b4d0ec70051

This line will fail

PRE_MEM_READ("ioctl(HCIGETDEVLIST)", (Addr)ARG3, sizeof(struct
vki_hci_dev_list_req));

because it is reading 4 bytes, 2 of which are padding.

Look here

https://sourceware.org/git/?p=valgrind.git;a=blobdiff;f=include/vki/vki-linux.h;h=9123e24720c9e7808254d0aebc6b7d702e2ab501;hp=225da00ae8766eda84a51a5382677aaf52f00246;hb=e97f8c49d6e3978045a596037381cbb74aa12c0c;hpb=3a9215788139ab31e5d89773d2ba2b4d0ec70051

vki_hci_dev_list_req has size 4, but only the first 2 are data, the rest is
padding caused by the 0-size array.

valgrind should only check the first 2 bytes (i.e. dev_num) and not the whole
structure.

This has been reported and verified in this downstream issue:
https://github.com/the-tcpdump-group/libpcap/issues/1083

-- 
You are receiving this mail because:
You are watching all bug changes.