Bug#650714: libc6: strptime memory access error
Package: libc6
Version: 2.13-21
Severity: normal
Hi,
Compililing the attached program with gcc and running the resulting
binary with "valgrind --tool=memcheck" shows teh following errors.
Compiling with -DEXTRA=10 to allocate and initialize more space for
the first parameter passed to strptime avoids the valgrind errors.
==23362== Memcheck, a memory error detector
==23362== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==23362== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==23362== Command: ./a.out
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362== by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362== by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362== by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362== by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362==
==23362== HEAP SUMMARY:
==23362== in use at exit: 12 bytes in 1 blocks
==23362== total heap usage: 1 allocs, 0 frees, 12 bytes allocated
==23362==
==23362== LEAK SUMMARY:
==23362== definitely lost: 12 bytes in 1 blocks
==23362== indirectly lost: 0 bytes in 0 blocks
==23362== possibly lost: 0 bytes in 0 blocks
==23362== still reachable: 0 bytes in 0 blocks
==23362== suppressed: 0 bytes in 0 blocks
==23362== Rerun with --leak-check=full to see details of leaked memory
==23362==
==23362== For counts of detected and suppressed errors, rerun with: -v
==23362== ERROR SUMMARY: 48 errors from 14 contexts (suppressed: 4 from 4)
/*
Compililing with gcc foo.c and running with valgrind --tool=memcheck
shows
==23362== Memcheck, a memory error detector
==23362== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==23362== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==23362== Command: ./a.out
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362== by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0984: __GI___strncasecmp_l (strcmp.S:1362)
==23362== by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362== by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB1768: __GI___strncasecmp_l (strcmp.S:2113)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0044: __GI___strncasecmp_l (strcmp.S:862)
==23362== by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC8150: __strptime_internal (strptime_l.c:431)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EB0734: __GI___strncasecmp_l (strcmp.S:1237)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF49C: __GI___strncasecmp_l (strcmp.S:216)
==23362== by 0x4EC8D07: __strptime_internal (strptime_l.c:446)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b104b is 11 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362== by 0x4EC80D0: __strptime_internal (strptime_l.c:420)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362== Invalid read of size 8
==23362== at 0x4EAF560: __GI___strncasecmp_l (strcmp.S:286)
==23362== by 0x4EC81E4: __strptime_internal (strptime_l.c:444)
==23362== by 0x400645: main (in /export/home/jwe/a.out)
==23362== Address 0x51b1048 is 8 bytes inside a block of size 12 alloc'd
==23362== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23362== by 0x4005D7: strsave (in /export/home/jwe/a.out)
==23362== by 0x400629: main (in /export/home/jwe/a.out)
==23362==
==23362==
==23362== HEAP SUMMARY:
==23362== in use at exit: 12 bytes in 1 blocks
==23362== total heap usage: 1 allocs, 0 frees, 12 bytes allocated
==23362==
==23362== LEAK SUMMARY:
==23362== definitely lost: 12 bytes in 1 blocks
==23362== indirectly lost: 0 bytes in 0 blocks
==23362== possibly lost: 0 bytes in 0 blocks
==23362== still reachable: 0 bytes in 0 blocks
==23362== suppressed: 0 bytes in 0 blocks
==23362== Rerun with --leak-check=full to see details of leaked memory
==23362==
==23362== For counts of detected and suppressed errors, rerun with: -v
==23362== ERROR SUMMARY: 48 errors from 14 contexts (suppressed: 4 from 4)
Compiling with gcc -DEXTRA=10 (for example) avoids the invalid read
errors from valgrind.
*/
#define _XOPEN_SOURCE 1
#include <gnu/libc-version.h>
#include <limits.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#ifndef EXTRA
#define EXTRA 0
#endif
char *
strsave (const char *s)
{
int len;
char *tmp;
size_t i;
if (! s)
return 0;
len = strlen (s);
tmp = malloc (len+1+EXTRA);
strcpy (tmp, s);
for (i = 0; i < EXTRA; i++)
tmp[len+i] = 0;
return tmp;
}
int
main (void)
{
struct tm t;
char *p, *q;
puts (gnu_get_libc_version ());
memset (&t, 0, sizeof (t));
p = strsave ("07-Sep-2000");
q = strptime (p, "%d-%b-%Y %H:%M:%S", &t);
return 0;
}
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libc-bin 2.13-21
ii libgcc1 1:4.6.2-4
libc6 recommends no packages.
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.41
ii glibc-doc 2.13-21
ii locales 2.13-21
-- debconf information:
glibc/upgrade: true
* glibc/restart-services: cron
glibc/disable-screensaver:
glibc/restart-failed:
Reply to: