[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#650714: libc6: strptime memory access error

Package: libc6
Version: 2.13-21
Severity: normal

Hi,

Compililing the attached program with gcc and running the resulting
binary with "valgrind --tool=memcheck" shows teh following errors.
Compiling with -DEXTRA=10 to allocate and initialize more space for
the first parameter passed to strptime avoids the valgrind errors.

==23362== Memcheck, a memory error detector
==23362== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==23362== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==23362== Command: ./a.out
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362==    by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362==    by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362==    by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362==    by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== 
==23362== HEAP SUMMARY:
==23362==     in use at exit: 12 bytes in 1 blocks
==23362==   total heap usage: 1 allocs, 0 frees, 12 bytes allocated
==23362== 
==23362== LEAK SUMMARY:
==23362==    definitely lost: 12 bytes in 1 blocks
==23362==    indirectly lost: 0 bytes in 0 blocks
==23362==      possibly lost: 0 bytes in 0 blocks
==23362==    still reachable: 0 bytes in 0 blocks
==23362==         suppressed: 0 bytes in 0 blocks
==23362== Rerun with --leak-check=full to see details of leaked memory
==23362== 
==23362== For counts of detected and suppressed errors, rerun with: -v
==23362== ERROR SUMMARY: 48 errors from 14 contexts (suppressed: 4 from 4)


/*

Compililing with gcc foo.c and running with valgrind --tool=memcheck
shows

==23362== Memcheck, a memory error detector
==23362== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==23362== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==23362== Command: ./a.out
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362==    by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362==    by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362==    by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362==    by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362==    by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362==    by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== Invalid read of size 8
==23362==    at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362==    by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362==    by 0x400645: main (in /export/home/jwe/a.out)
==23362==  Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362==    by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362==    by 0x400629: main (in /export/home/jwe/a.out)
==23362== 
==23362== 
==23362== HEAP SUMMARY:
==23362==     in use at exit: 12 bytes in 1 blocks
==23362==   total heap usage: 1 allocs, 0 frees, 12 bytes allocated
==23362== 
==23362== LEAK SUMMARY:
==23362==    definitely lost: 12 bytes in 1 blocks
==23362==    indirectly lost: 0 bytes in 0 blocks
==23362==      possibly lost: 0 bytes in 0 blocks
==23362==    still reachable: 0 bytes in 0 blocks
==23362==         suppressed: 0 bytes in 0 blocks
==23362== Rerun with --leak-check=full to see details of leaked memory
==23362== 
==23362== For counts of detected and suppressed errors, rerun with: -v
==23362== ERROR SUMMARY: 48 errors from 14 contexts (suppressed: 4 from 4)

Compiling with gcc -DEXTRA=10 (for example) avoids the invalid read
errors from valgrind.

*/

#define _XOPEN_SOURCE 1
#include <gnu/libc-version.h>
#include <limits.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>

#ifndef EXTRA
#define EXTRA 0
#endif

char *
strsave (const char *s)
{
  int len;
  char *tmp;
  size_t i;

  if (! s)
    return 0;

  len = strlen (s);
  tmp = malloc (len+1+EXTRA);
  strcpy (tmp, s);
  for (i = 0; i < EXTRA; i++)
    tmp[len+i] = 0;
  return tmp;
}

int
main (void)
{
  struct tm t;
  char *p, *q;

  puts (gnu_get_libc_version ());

  memset (&t, 0, sizeof (t));

  p = strsave ("07-Sep-2000");

  q = strptime (p, "%d-%b-%Y %H:%M:%S", &t);

  return 0;
}

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libc-bin  2.13-21  
ii  libgcc1   1:4.6.2-4

libc6 recommends no packages.

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.41 
ii  glibc-doc              2.13-21
ii  locales                2.13-21

-- debconf information:
  glibc/upgrade: true
* glibc/restart-services: cron
  glibc/disable-screensaver:
  glibc/restart-failed:
Reply to: