https://bugs.kde.org/show_bug.cgi?id=470520
Bug ID: 470520
Summary: Multiple realloc zero errors crash in MC_(eq_Error)
Classification: Developer tools
Product: valgrind
Version: 3.21.0
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: memcheck
Assignee: jsew...@acm.org
Reporter: m...@klomp.org
Target Milestone: ---
MC_(eq_Error) doesn't handle Err_ReallocSizeZero which causes a crash when
detecting multiple realloc zero errors in the same place.
Take the following program:
$ cat /tmp/t.c
#include <stdlib.h>
int
main ()
{
char *p = malloc (1024);
for (int i = 3; i >= 0; i--)
for (int j = 0; j <= 3; j++)
{
char *q = realloc (p, i * j * 512);
p = q;
}
free (p);
}
$ gcc -g -o t t.c
$ valgrind ./t
==442517== Memcheck, a memory error detector
==442517== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==442517== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
==442517== Command: ./t
==442517==
==442517== realloc() with size 0
==442517== at 0x4846A40: realloc (vg_replace_malloc.c:1649)
==442517== by 0x401189: main (t.c:10)
==442517== Address 0x4a4a040 is 0 bytes inside a block of size 1,024 alloc'd
==442517== at 0x484182F: malloc (vg_replace_malloc.c:431)
==442517== by 0x401157: main (t.c:6)
==442517==
Error:
unknown error code 14
Memcheck: the 'impossible' happened:
unknown error code in mc_eq_Error
host stacktrace:
==442517== at 0x580439FA: show_sched_status_wrk (m_libcassert.c:406)
==442517== by 0x58043B2F: report_and_quit (m_libcassert.c:477)
==442517== by 0x58043E18: panic (m_libcassert.c:553)
==442517== by 0x58043E18: vgPlain_tool_panic (m_libcassert.c:568)
==442517== by 0x5803A278: vgMemCheck_eq_Error (mc_errors.c:1067)
==442517== by 0x5803EDCF: eq_Error (m_errormgr.c:307)
==442517== by 0x5803EDCF: vgPlain_maybe_record_error (m_errormgr.c:765)
==442517== by 0x58039AB9: vgMemCheck_record_realloc_size_zero
(mc_errors.c:896)
==442517== by 0x58005B2A: vgMemCheck_realloc (mc_malloc_wrappers.c:583)
==442517== by 0x580A2426: do_client_request (scheduler.c:1987)
==442517== by 0x580A2426: vgPlain_scheduler (scheduler.c:1542)
==442517== by 0x580E9437: thread_wrapper (syswrap-linux.c:102)
==442517== by 0x580E9437: run_a_thread_NORETURN (syswrap-linux.c:155)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable (lwpid 442517)
==442517== at 0x4846A40: realloc (vg_replace_malloc.c:1649)
==442517== by 0x401189: main (t.c:10)
client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFEFFF8A0
valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 10144 of 1048576
Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.
If that doesn't help, please report this bug to: www.valgrind.org
In the bug report, send all the above text, the valgrind
version, and what OS and version you are using. Thanks.
--
You are receiving this mail because:
You are watching all bug changes.
