https://bugs.kde.org/show_bug.cgi?id=369409
Bug ID: 369409
Summary: null pointer dereference in vgPlain_do_syscall
Product: valgrind
Version: 3.11.0
Platform: Ubuntu Packages
OS: Linux
Status: UNCONFIRMED
Severity: crash
Priority: NOR
Component: memcheck
Assignee: jsew...@acm.org
Reporter: n0va8o....@gmail.com
Created attachment 101311
--> https://bugs.kde.org/attachment.cgi?id=101311&action=edit
get from openssl test
process 41826 is executing new program: /usr/lib/valgrind/memcheck-amd64-linux
==41826== Memcheck, a memory error detector
==41826== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==41826== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==41826== Command: ./sslapitest ./server.pem ./server.pem
==41826==
./sslapitest: 91 test cases
vex amd64->IR: unhandled instruction bytes: 0x48 0xF 0xC7 0xF0 0x72 0x2 0xE2
0xF8
vex amd64->IR: REX=1 REX.W=1 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F
vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=0
==41826== valgrind: Unrecognised instruction at address 0x52f02e5.
==41826== at 0x52F02E5: OPENSSL_ia32_rdrand (x86_64cpuid.s:336)
==41826== by 0x5277CE7: rand_bytes (md_rand.c:456)
==41826== by 0x5278076: rand_nopseudo_bytes (md_rand.c:525)
==41826== by 0x527859F: RAND_bytes (rand_lib.c:106)
==41826== by 0x4E74A53: SSL_CTX_new (ssl_lib.c:2431)
==41826== by 0x404F0B: create_ssl_ctx_pair (ssltestlib.c:532)
==41826== by 0x40251E: execute_test_large_message (sslapitest.c:50)
==41826== by 0x4026CB: test_large_message_tls (sslapitest.c:104)
==41826== by 0x40558C: run_tests (testutil.c:69)
==41826== by 0x403F11: main (sslapitest.c:871)
==41826== Your program just tried to execute an instruction that Valgrind
==41826== did not recognise. There are two possible reasons for this.
==41826== 1. Your program has a bug and erroneously jumped to a non-code
==41826== location. If you are running Memcheck and you just saw a
==41826== warning about a bad jump, it's probably your program's fault.
==41826== 2. The instruction is legitimate but Valgrind doesn't handle it,
==41826== i.e. it's Valgrind's fault. If you think this is the case or
==41826== you are not sure, please let us know and we'll try to fix it.
==41826== Either way, Valgrind will now raise a SIGILL signal which will
==41826== probably kill your program.
==41826==
==41826== Process terminating with default action of signal 4 (SIGILL)
==41826== Illegal opcode at address 0x52F02E5
==41826== at 0x52F02E5: OPENSSL_ia32_rdrand (x86_64cpuid.s:336)
==41826== by 0x5277CE7: rand_bytes (md_rand.c:456)
==41826== by 0x5278076: rand_nopseudo_bytes (md_rand.c:525)
==41826== by 0x527859F: RAND_bytes (rand_lib.c:106)
==41826== by 0x4E74A53: SSL_CTX_new (ssl_lib.c:2431)
==41826== by 0x404F0B: create_ssl_ctx_pair (ssltestlib.c:532)
==41826== by 0x40251E: execute_test_large_message (sslapitest.c:50)
==41826== by 0x4026CB: test_large_message_tls (sslapitest.c:104)
==41826== by 0x40558C: run_tests (testutil.c:69)
==41826== by 0x403F11: main (sslapitest.c:871)
==41826==
==41826== HEAP SUMMARY:
==41826== in use at exit: 102,889 bytes in 3,206 blocks
==41826== total heap usage: 3,510 allocs, 304 frees, 155,677 bytes allocated
==41826==
==41826== LEAK SUMMARY:
==41826== definitely lost: 0 bytes in 0 blocks
==41826== indirectly lost: 0 bytes in 0 blocks
==41826== possibly lost: 0 bytes in 0 blocks
==41826== still reachable: 102,889 bytes in 3,206 blocks
==41826== suppressed: 0 bytes in 0 blocks
==41826== Reachable blocks (those to which a pointer was found) are not shown.
==41826== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==41826==
==41826== For counts of detected and suppressed errors, rerun with: -v
==41826== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Program received signal SIGILL, Illegal instruction.
[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x4
RCX: 0x3809c159 (<do_syscall_WRK+25>: ret)
RDX: 0x0
RSI: 0x4
RDI: 0xa362
RBP: 0x3
RSP: 0x802bade68 --> 0x3809c23d (<vgPlain_do_syscall+13>: mov rdx,rax)
RIP: 0x3809c159 (<do_syscall_WRK+25>: ret)
R8 : 0x0
R9 : 0x0
R10: 0x0
R11: 0x206
R12: 0x1c00
R13: 0x3
R14: 0x0
R15: 0x0
EFLAGS: 0x206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x3809c14f <do_syscall_WRK+15>: mov r8,r9
0x3809c152 <do_syscall_WRK+18>: mov r9,QWORD PTR [rsp+0x8]
0x3809c157 <do_syscall_WRK+23>: syscall
=> 0x3809c159 <do_syscall_WRK+25>: ret
0x3809c15a <do_syscall_WRK+26>: nop WORD PTR [rax+rax*1+0x0]
0x3809c160 <vgPlain_mk_SysRes_ppc32_linux>: and esi,0x1
0x3809c163 <vgPlain_mk_SysRes_ppc32_linux+3>: xor eax,eax
0x3809c165 <vgPlain_mk_SysRes_ppc32_linux+5>: mov edx,edi
[------------------------------------stack-------------------------------------]
0000| 0x802bade68 --> 0x3809c23d (<vgPlain_do_syscall+13>: mov rdx,rax)
0008| 0x802bade70 --> 0x0
0016| 0x802bade78 --> 0x1
0024| 0x802bade80 --> 0x3819b990 ("mk_free_bszB")
0032| 0x802bade88 --> 0x38087ef2 (<vgPlain_kill+34>: test al,al)
0040| 0x802bade90 --> 0x0
0048| 0x802bade98 --> 0x0
0056| 0x802badea0 --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGILL
0x000000003809c159 in do_syscall_WRK ()
─── Assembly
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
0x000000003809c14f do_syscall_WRK+15 mov r8,r9
0x000000003809c152 do_syscall_WRK+18 mov r9,QWORD PTR [rsp+0x8]
0x000000003809c157 do_syscall_WRK+23 syscall
0x000000003809c159 do_syscall_WRK+25 ret
0x000000003809c15a do_syscall_WRK+26 nop WORD PTR [rax+rax*1+0x0]
─── Expressions
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
─── History
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
─── Memory
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
─── Registers
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
rax 0x0000000000000000 rbx 0x0000000000000004 rcx 0x000000003809c159
rdx 0x0000000000000000 rsi 0x0000000000000004 rdi
0x000000000000a362 rbp 0x0000000000000003 rsp 0x0000000802bade68
r8 0x0000000000000000 r9 0x0000000000000000
r10 0x0000000000000000 r11 0x0000000000000206 r12 0x0000000000001c00
r13 0x0000000000000003 r14 0x0000000000000000 r15
0x0000000000000000 rip 0x000000003809c159 eflags [ PF IF ]
cs 0x00000033 ss 0x0000002b
ds 0x00000000 es 0x00000000 fs 0x00000000
gs 0x00000000
─── Source
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
─── Stack
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
[0] from 0x000000003809c159 in do_syscall_WRK+25
(no arguments)
[1] from 0x000000003809c23d in vgPlain_do_syscall+13 at m_syscall.c:956
arg sysno = 0x3e
arg a1 = <optimized out>
arg a2 = 0x4
arg a3 = 0x0
arg a4 = 0x0
arg a5 = 0x0
arg a6 = 0x0
arg a7 = 0x0
arg a8 = 0x0
[+]
─── Threads
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
[1] id 41826 name memcheck-amd64- from 0x000000003809c159 in do_syscall_WRK+25
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
>>> bt
#0 0x000000003809c159 in do_syscall_WRK ()
#1 0x000000003809c23d in vgPlain_do_syscall (sysno=sysno@entry=0x3e,
a1=<optimized out>, a2=a2@entry=0x4, a3=a3@entry=0x0, a4=a4@entry=0x0,
a5=a5@entry=0x0, a6=0x0, a7=0x0, a8=0x0) at m_syscall.c:956
#2 0x0000000038087ef2 in vgPlain_kill (pid=<optimized out>,
signo=signo@entry=0x4) at m_libcsignal.c:350
#3 0x00000000380999cf in vgPlain_kill_self (sigNo=0x4) at m_signals.c:1595
#4 0x0000000038089051 in shutdown_actions_NORETURN (tid=0x1,
tids_schedretcode=VgSrc_FatalSig) at m_main.c:2725
#5 0x00000000380e3a89 in run_a_thread_NORETURN (tidW=0x1) at
m_syswrap/syswrap-linux.c:198
#6 0x0000000000000000 in ?? ()
--
You are receiving this mail because:
You are watching all bug changes.
