[valgrind] [Bug 386945] Bogus memcheck errors on ppc64(le) when using strcmp() with gcc-7

Mark Wielaard Thu, 29 Nov 2018 14:37:03 -0800

https://bugs.kde.org/show_bug.cgi?id=386945


--- Comment #39 from Mark Wielaard <m...@klomp.org> ---
With that gcc backport https://gcc.gnu.org/ml/gcc-patches/2018-11/msg02161.html
and the valgrind fixes we get rid of all the Conditional jump or move depends
on uninitialised value(s) issues, but unfortunately we still have an issue with
the some Invalid read of size 4.

The simplest example is the last C program:

#include <stdlib.h>
#include <string.h>

int main() {

        char *foo = calloc(3, 1);

        return strcmp(foo, "a");
}

gcc -g -O2 -o t t.c

valgrind -q ./t
==31430== Invalid read of size 4
==31430==    at 0x10000510: main (t.c:8)
==31430==  Address 0x42e0044 is 1 bytes after a block of size 3 alloc'd
==31430==    at 0x40874C8: calloc (vg_replace_malloc.c:752)
==31430==    by 0x100004FF: main (t.c:6)
==31430== 

The issue is the following ldbrx:

Dump of assembler code for function main:
   0x00000000100004e0 <+0>:     lis     r2,4098
   0x00000000100004e4 <+4>:     addi    r2,r2,32512
   0x00000000100004e8 <+8>:     mflr    r0
   0x00000000100004ec <+12>:    li      r4,1
   0x00000000100004f0 <+16>:    li      r3,3
   0x00000000100004f4 <+20>:    std     r0,16(r1)
   0x00000000100004f8 <+24>:    stdu    r1,-32(r1)
   0x00000000100004fc <+28>:    bl      0x10000480
<00000022.plt_call.calloc@@GLIBC_2.17>
   0x0000000010000500 <+32>:    ld      r2,24(r1)
   0x0000000010000504 <+36>:    addis   r4,r2,-2
   0x0000000010000508 <+40>:    li      r10,0
   0x000000001000050c <+44>:    addi    r4,r4,-30120
=> 0x0000000010000510 <+48>:    ldbrx   r7,0,r3
   0x0000000010000514 <+52>:    ldbrx   r8,0,r4
   0x0000000010000518 <+56>:    cmpb    r10,r7,r10
   0x000000001000051c <+60>:    cmpb    r9,r7,r8
   0x0000000010000520 <+64>:    orc.    r10,r10,r9
   0x0000000010000524 <+68>:    bne     0x10000548 <main+104>
   0x0000000010000528 <+72>:    addi    r9,r3,8
   0x000000001000052c <+76>:    ldbrx   r7,0,r9
   0x0000000010000530 <+80>:    addi    r9,r4,8
   0x0000000010000534 <+84>:    ldbrx   r8,0,r9
   0x0000000010000538 <+88>:    cmpb    r10,r7,r10
   0x000000001000053c <+92>:    cmpb    r9,r7,r8
   0x0000000010000540 <+96>:    orc.    r10,r10,r9
   0x0000000010000544 <+100>:   beq     0x10000570 <main+144>
   0x0000000010000548 <+104>:   cntlzd  r9,r10
   0x000000001000054c <+108>:   addi    r9,r9,8
   0x0000000010000550 <+112>:   rldcl   r3,r7,r9,56
   0x0000000010000554 <+116>:   rldcl   r9,r8,r9,56
   0x0000000010000558 <+120>:   subf    r3,r9,r3
   0x000000001000055c <+124>:   addi    r1,r1,32
   0x0000000010000560 <+128>:   extsw   r3,r3
   0x0000000010000564 <+132>:   ld      r0,16(r1)
   0x0000000010000568 <+136>:   mtlr    r0
   0x000000001000056c <+140>:   blr
   0x0000000010000570 <+144>:   addi    r9,r3,16
   0x0000000010000574 <+148>:   ldbrx   r7,0,r9
   0x0000000010000578 <+152>:   addi    r9,r4,16
   0x000000001000057c <+156>:   ldbrx   r8,0,r9
   0x0000000010000580 <+160>:   cmpb    r10,r7,r10
   0x0000000010000584 <+164>:   cmpb    r9,r7,r8
   0x0000000010000588 <+168>:   orc.    r10,r10,r9
   0x000000001000058c <+172>:   bne     0x10000548 <main+104>
   0x0000000010000590 <+176>:   addi    r9,r3,24
   0x0000000010000594 <+180>:   ldbrx   r7,0,r9
   0x0000000010000598 <+184>:   addi    r9,r4,24
   0x000000001000059c <+188>:   ldbrx   r8,0,r9
   0x00000000100005a0 <+192>:   cmpb    r10,r7,r10
   0x00000000100005a4 <+196>:   cmpb    r9,r7,r8
   0x00000000100005a8 <+200>:   orc.    r10,r10,r9
   0x00000000100005ac <+204>:   bne     0x10000548 <main+104>
   0x00000000100005b0 <+208>:   addi    r9,r3,32
   0x00000000100005b4 <+212>:   ldbrx   r7,0,r9
   0x00000000100005b8 <+216>:   addi    r9,r4,32
   0x00000000100005bc <+220>:   ldbrx   r8,0,r9
   0x00000000100005c0 <+224>:   cmpb    r10,r7,r10
   0x00000000100005c4 <+228>:   cmpb    r9,r7,r8
   0x00000000100005c8 <+232>:   orc.    r10,r10,r9
   0x00000000100005cc <+236>:   bne     0x10000548 <main+104>
   0x00000000100005d0 <+240>:   addi    r9,r3,40
   0x00000000100005d4 <+244>:   ldbrx   r7,0,r9
   0x00000000100005d8 <+248>:   addi    r9,r4,40
   0x00000000100005dc <+252>:   ldbrx   r8,0,r9
   0x00000000100005e0 <+256>:   cmpb    r10,r7,r10
   0x00000000100005e4 <+260>:   cmpb    r9,r7,r8
   0x00000000100005e8 <+264>:   orc.    r10,r10,r9
   0x00000000100005ec <+268>:   bne     0x10000548 <main+104>
   0x00000000100005f0 <+272>:   addi    r9,r3,48
   0x00000000100005f4 <+276>:   ldbrx   r7,0,r9
   0x00000000100005f8 <+280>:   addi    r9,r4,48
   0x00000000100005fc <+284>:   ldbrx   r8,0,r9
   0x0000000010000600 <+288>:   cmpb    r10,r7,r10
   0x0000000010000604 <+292>:   cmpb    r9,r7,r8
   0x0000000010000608 <+296>:   orc.    r10,r10,r9
   0x000000001000060c <+300>:   bne     0x10000548 <main+104>
   0x0000000010000610 <+304>:   addi    r9,r3,56
   0x0000000010000614 <+308>:   ldbrx   r7,0,r9
   0x0000000010000618 <+312>:   addi    r9,r4,56
   0x000000001000061c <+316>:   ldbrx   r8,0,r9
   0x0000000010000620 <+320>:   cmpb    r10,r7,r10
   0x0000000010000624 <+324>:   cmpb    r9,r7,r8
   0x0000000010000628 <+328>:   orc.    r10,r10,r9
   0x000000001000062c <+332>:   bne     0x10000548 <main+104>
   0x0000000010000630 <+336>:   addi    r4,r4,64
   0x0000000010000634 <+340>:   addi    r3,r3,64
   0x0000000010000638 <+344>:   bl      0x100004c0
<00000022.plt_call.strcmp@@GLIBC_2.17>
   0x000000001000063c <+348>:   ld      r2,24(r1)
   0x0000000010000640 <+352>:   b       0x1000055c <main+124>
   0x0000000010000644 <+356>:   .long 0x0
   0x0000000010000648 <+360>:   .long 0x1000000
   0x000000001000064c <+364>:   .long 0x80

-- 
You are receiving this mail because:
You are watching all bug changes.

[valgrind] [Bug 386945] Bogus memcheck errors on ppc64(le) when using strcmp() with gcc-7

Reply via email to