Bug#278426: marked as done (libc6: memcpy is ignoring the size-parameter)

To: GOTO Masanori <gotom@debian.or.jp>
Cc: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Subject: Bug#278426: marked as done (libc6: memcpy is ignoring the size-parameter)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 27 Feb 2005 17:33:10 -0800
Message-id: <[🔎] handler.278426.D278426.11095534507420.ackdone@bugs.debian.org>
In-reply-to: <81650d7aae.wl@omega.webmasters.gr.jp>
References: <81650d7aae.wl@omega.webmasters.gr.jp> <200410262131.i9QLVAas015475@crayon.invisible-island.net>

Your message dated Mon, 28 Feb 2005 10:17:29 +0900
with message-id <81650d7aae.wl@omega.webmasters.gr.jp>
and subject line Bug#278426: libc6: memcpy problem is gone, close bug?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Oct 2004 21:36:43 +0000
>From tom@invisible-island.net Tue Oct 26 14:36:43 2004
Return-path: <tom@invisible-island.net>
Received: from pcp741060pcs.reston01.va.comcast.net (crayon.invisible-island.net) [68.49.156.7] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CMYzi-0004OU-00; Tue, 26 Oct 2004 14:36:43 -0700
Received: from crayon.invisible-island.net (tom@localhost [127.0.0.1])
	by crayon.invisible-island.net (8.13.1/8.13.1/Debian-15) with ESMTP id i9QLVAMU015477;
	Tue, 26 Oct 2004 17:31:15 -0400
Received: (from tom@localhost)
	by crayon.invisible-island.net (8.13.1/8.13.1/Submit) id i9QLVAas015475;
	Tue, 26 Oct 2004 17:31:10 -0400
Message-Id: <200410262131.i9QLVAas015475@crayon.invisible-island.net>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Thomas Dickey <tom@invisible-island.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: memcpy is ignoring the size-parameter
Reply-To: dickey@his.com
X-Mailer: reportbug 2.63
Date: Tue, 26 Oct 2004 17:31:10 -0400
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: libc6
Version: 2.3.2.ds1-18
Severity: important

Checking for memory leaks (in vile) with valgrind,
I got some unexplainable errors, such as this:

==15339== Invalid write of size 1
==15339==    at 0x1B904B5C: memcpy (mac_replace_strmem.c:301)
==15339==    by 0x80ACDA2: doalloc (trace.c:498)
==15339==    by 0x8088283: extend_mode_list (modes.c:3096)
==15339==    by 0x8089377: do_a_submode (modes.c:3471)
==15339==    by 0x80894A4: define_submode (modes.c:3499)   
==15339==    by 0x80689D3: call_cmdfunc (exec.c:815)
==15339==    by 0x8068C28: execute (exec.c:914)
==15339==    by 0x806895E: docmd (exec.c:797)
==15339==    by 0x806B11A: perform_dobuf (exec.c:2306)
==15339==    by 0x806B338: dobuf (exec.c:2386)
==15339==  Address 0x1BAEC8AB is 3 bytes after a block of size 2968 alloc'd   
==15339==    at 0x1B905901: calloc (vg_replace_malloc.c:176)
==15339==    by 0x80ACCE8: doalloc (trace.c:492)
==15339==    by 0x8088283: extend_mode_list (modes.c:3096)
==15339==    by 0x8089377: do_a_submode (modes.c:3471)
==15339==    by 0x80894A4: define_submode (modes.c:3499)
==15339==    by 0x80689D3: call_cmdfunc (exec.c:815)
==15339==    by 0x8068C28: execute (exec.c:914)
==15339==    by 0x806895E: docmd (exec.c:797)
==15339==    by 0x806B11A: perform_dobuf (exec.c:2306)
==15339==    by 0x806B338: dobuf (exec.c:2386)

The "doalloc" wrapper in this case is calling memcpy to appease valgrind's
complaints about copying uninitialized data with a realloc (replaced by a
calloc and memcpy).  After checking the various limits and sizes, I finally
replaced the memcpy() call with a for-loop using the same variables:

	for (k = 0; k < area[j].size; ++k)
		newp[k] = oldp[k];
	//memcpy(newp, oldp, area[j].size); 

and the warnings went away.

My guess is that some change to memcpy modified its logic to copy words
(or larger chunks) rather than bytes has been broken.

Alternatively, valgrind is broken (it's hard to tell).

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-td2
Locale: LANG=C, LC_CTYPE=C

Versions of packages libc6 depends on:
ii  libdb1-compat                 2.1.3-7    The Berkeley database routines [gl

-- no debconf information

---------------------------------------
Received: (at 278426-done) by bugs.debian.org; 28 Feb 2005 01:17:30 +0000
>From gotom@debian.or.jp Sun Feb 27 17:17:30 2005
Return-path: <gotom@debian.or.jp>
Received: from omega.webmasters.gr.jp (webmasters.gr.jp) [218.44.239.78] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D5ZXO-0001vV-00; Sun, 27 Feb 2005 17:17:30 -0800
Received: from omega.webmasters.gr.jp (localhost [127.0.0.1])
	by webmasters.gr.jp (Postfix) with ESMTP
	id 81579DEB1B; Mon, 28 Feb 2005 10:17:29 +0900 (JST)
Date: Mon, 28 Feb 2005 10:17:29 +0900
Message-ID: <81650d7aae.wl@omega.webmasters.gr.jp>
From: GOTO Masanori <gotom@debian.or.jp>
To: Lars Wirzenius <liw@iki.fi>, Thomas Dickey <dickey@his.com>,
	278426-done@bugs.debian.org
Subject: Re: Bug#278426: libc6: memcpy problem is gone, close bug?
In-Reply-To: <[🔎] 1108603354.8770.64.camel@esme.liw.iki.fi>
References: <[🔎] 1108603354.8770.64.camel@esme.liw.iki.fi>
User-Agent: Wanderlust/2.9.9 (Unchained Melody) SEMI/1.14.3 (Ushinoya)
 FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2
 (i386-debian-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
Delivered-To: 278426-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

At Thu, 17 Feb 2005 03:22:34 +0200,
Lars Wirzenius wrote:
> I couldn't reproduce this either, using a trivial test case, and the
> submitter says he can't either. Could this bug be closed?

I didn't notice Thomas' reply - because it sent to -submitter address.
Lars, nice follow up!

Thomas, Lars, thanks for your notification and confirmation.  I close
this report now.

Regards,
-- gotom

Reply to:

Prev by Date: Bug#274852: Bug #274852: But in which upstream version?
Next by Date: Bug#274852: Bug #274852: But in which upstream version?
Previous by thread: Re: [Jackit-devel] Re: Re: little NPTL SCHED_FIFO test program
Next by thread: Bug#266507: Raise priority of "NPTL quirks" bug
Index(es):
- Date
- Thread