This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Possible bug in wcsxfrm() with included testcase

From: Petter Reinholdtsen <pere at hungry dot com>
To: Art Haas <ahaas at airmail dot net>
Cc: libc-alpha at sources dot redhat dot com
Date: Tue, 22 Jul 2003 15:46:54 +0200
Subject: Re: Possible bug in wcsxfrm() with included testcase
Bcc: Petter Reinholdtsen <petter dot reinholdtsen at usit dot uio dot no>
References: <20030722132954.GA17577@artsapartment.org>

[Art Haas]
> I believe the test case is valid and shows there is a bug in
> wcsxfrm(), or more precisely wcpncpy(). Agree?

This is the output I get when running valgrind on the source.  It
indicates a code error in your example.


LD_LIBRARY_PATH=/usr/lib/debug valgrind wcsxfrm_test .
==30798== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==30798== Copyright (C) 2002, and GNU GPL'd, by Julian Seward.
==30798== Using valgrind-1.9.6, a program instrumentation system for x86-linux.
==30798== Copyright (C) 2000-2002, and GNU GPL'd, by Julian Seward.
==30798== Estimated CPU clock rate is 1831 MHz
==30798== For more details, rerun with: -v
==30798==
entry name: '.'
==30798== Conditional jump or move depends on uninitialised value(s)
==30798==    at 0x4028A8AB: __wcslen (wcslen.c:30)
==30798==    by 0x402A3121: wcsxfrm (../string/strxfrm.c:113)
==30798==    by 0x804882F: main (wcsxfrm_test.c:80)
==30798==    by 0x4022B14E: __libc_start_main (../sysdeps/generic/libc-start.c:129)
xfrm_len: 0
==30798==
==30798== Conditional jump or move depends on uninitialised value(s)
==30798==    at 0x4028A8AB: __wcslen (wcslen.c:30)
==30798==    by 0x402A3121: wcsxfrm (../string/strxfrm.c:113)
==30798==    by 0x804886D: main (wcsxfrm_test.c:90)
==30798==    by 0x4022B14E: __libc_start_main (../sysdeps/generic/libc-start.c:129)
==30798==
==30798== Invalid free() / delete / delete[]
==30798==    at 0x40165B8E: free (vg_clientfuncs.c:185)
==30798==    by 0x8048882: main (wcsxfrm_test.c:92)
==30798==    by 0x4022B14E: __libc_start_main (../sysdeps/generic/libc-start.c:129)
==30798==    by 0x8048590: (within /usit/saruman/bsd-u1/pre/src/bugs/wcsxfrm_test)
==30798==    Address 0x40F205B8 is 4 bytes inside a block of size 8 alloc'd
==30798==    at 0x401658B0: malloc (vg_clientfuncs.c:103)
==30798==    by 0x804867D: mbstouwcs (wcsxfrm_test.c:23)
==30798==    by 0x8048815: main (wcsxfrm_test.c:72)
==30798==    by 0x4022B14E: __libc_start_main (../sysdeps/generic/libc-start.c:129)
entry name: '..'
xfrm_len: 0
entry name: 'bug-gcc-double-main.c'
xfrm_len: 0
entry name: 'wcsxfrm_test'
xfrm_len: 0
entry name: 'wcsxfrm_test.c'
xfrm_len: 0
==30798==
==30798== ERROR SUMMARY: 15 errors from 3 contexts (suppressed: 0 from 0)
==30798== malloc/free: in use at exit: 220 bytes in 5 blocks.
==30798== malloc/free: 30 allocs, 30 frees, 37796 bytes allocated.
==30798== For a detailed leak analysis,  rerun with: --leak-check=yes
==30798== For counts of detected errors, rerun with: -v

References:
- Possible bug in wcsxfrm() with included testcase
  - From: Art Haas

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]