https://bugs.kde.org/show_bug.cgi?id=496353
Bug ID: 496353
Summary: Valgrind wrapper of fexecve always returns ENOENT with
memfd
Classification: Developer tools
Product: valgrind
Version: 3.24 GIT
Platform: Arch Linux
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: jsew...@acm.org
Reporter: freenull...@gmail.com
Target Milestone: ---
Created attachment 175863
--> https://bugs.kde.org/attachment.cgi?id=175863&action=edit
Minimal test case to reproduce the issue.
SUMMARY
Using memfd_create(2), one can create an anonymous file and retrieve its file
descriptor. The fexecve(3) function can be used to execute such a file. This
combination of functions can be used to execute a program from memory.
The fexecve function is implemented in glibc on Linux through the execveat(2)
syscall. When running under Valgrind, execveat errorneously always fails with
errno set to ENOENT when a file descriptor retrieved from memfd_create is
passed to it.
This is causedf by the fact that the execveat wrapper constructs an absolute
path to the file pointed to by dirfd (or dirfd and pathname). For memfd files,
procfs returns the path as /memfd:NAME (deleted), a bogus path to a file that
almost certainly doesn't exist. This path is ultimately passed to execve, which
fails to open the file.
STEPS TO REPRODUCE
1. Extract the attachment valgrind-fexecve.zip.
2. Execute `make`. This requires a C compiler and xxd.
3. Execute `broken` normally to observe correct results and run it under
Valgrind to reproduce the issue.
OBSERVED RESULT
The program prints the error "fexecve failed: No such file or directory" and
exits with an exit code of 1.
EXPECTED RESULT
The program prints `Hello from embedded executable` and exits succesfully.
SOFTWARE/OS VERSIONS
Linux: 6.11.5
--
You are receiving this mail because:
You are watching all bug changes.
