From: Mark Wielaard Date: Thu, 1 Jun 2023 14:10:56 +0000 (+0200) Subject: memcheck: Handle Err_ReallocSizeZero in MC_(eq_Error) X-Git-Tag: VALGRIND_3_22_0~145 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=453c7111133ce9dc5dce043e03b7b58efdbf46cd;p=thirdparty%2Fvalgrind.git memcheck: Handle Err_ReallocSizeZero in MC_(eq_Error) When an realloc size zero error is emitted MC_(eq_Error) is called to see if the errors can be deduplicated. This crashed since Err_ReallocSizeZero wasn't handled. Handle it like Err_Free. Also add a testcase for this case and test with both --realloc-zero-bytes-frees=yes and --realloc-zero-bytes-frees=no. Which will report a different number of errors. https://bugs.kde.org/show_bug.cgi?id=470520 --- diff --git a/.gitignore b/.gitignore index 076e168ded..6d73324cea 100644 --- a/.gitignore +++ b/.gitignore @@ -953,6 +953,7 @@ /memcheck/tests/post-syscall /memcheck/tests/reach_thread_register /memcheck/tests/realloc_size_zero +/memcheck/tests/realloc_size_zero_again /memcheck/tests/realloc_size_zero_mismatch /memcheck/tests/realloc1 /memcheck/tests/realloc2 diff --git a/NEWS b/NEWS index ea9fc7c868..09f8c71370 100644 --- a/NEWS +++ b/NEWS @@ -37,6 +37,7 @@ are not entered into bugzilla tend to get forgotten about or ignored. 469049 link failure on ppc64 (big endian) valgrind 3.20 469146 massif --ignore-fn does not ignore inlined functions 469768 Make it possible to install gdb scripts in a different location +470520 Multiple realloc zero errors crash in MC_(eq_Error) To see details of a given bug, visit https://bugs.kde.org/show_bug.cgi?id=XXXXXX diff --git a/memcheck/mc_errors.c b/memcheck/mc_errors.c index 00d6ec301e..65210a2209 100644 --- a/memcheck/mc_errors.c +++ b/memcheck/mc_errors.c @@ -1041,6 +1041,7 @@ Bool MC_(eq_Error) ( VgRes res, const Error* e1, const Error* e2 ) case Err_IllegalMempool: case Err_Overlap: case Err_Cond: + case Err_ReallocSizeZero: return True; case Err_FishyValue: diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am index 71c38acbaf..5a17fd35d4 100644 --- a/memcheck/tests/Makefile.am +++ b/memcheck/tests/Makefile.am @@ -291,8 +291,14 @@ EXTRA_DIST = \ realloc_size_zero.vgtest \ realloc_size_zero_yes.stderr.exp realloc_size_zero_yes.stdout.exp \ realloc_size_zero_yes.vgtest \ + realloc_size_zero_again_yes.stderr.exp \ + realloc_size_zero_again_yes.stdout.exp \ + realloc_size_zero_again_yes.vgtest \ realloc_size_zero_no.stderr.exp realloc_size_zero_no.stdout.exp \ realloc_size_zero_no.vgtest \ + realloc_size_zero_again_no.stderr.exp \ + realloc_size_zero_again_no.stdout.exp \ + realloc_size_zero_again_no.vgtest \ realloc_size_zero_off.stderr.exp realloc_size_zero_off.stdout.exp \ realloc_size_zero_off.vgtest \ realloc_size_zero_mismatch.stderr.exp \ @@ -459,6 +465,7 @@ check_PROGRAMS = \ posix_memalign \ post-syscall \ realloc_size_zero realloc_size_zero_mismatch \ + realloc_size_zero_again \ realloc1 realloc2 realloc3 \ recursive-merge \ resvn_stack \ diff --git a/memcheck/tests/realloc_size_zero_again.c b/memcheck/tests/realloc_size_zero_again.c new file mode 100644 index 0000000000..782d4bde5f --- /dev/null +++ b/memcheck/tests/realloc_size_zero_again.c @@ -0,0 +1,15 @@ +#include + +int +main () +{ + char *p = malloc (1024); + for (int i = 3; i >= 0; i--) + for (int j = 0; j <= 3; j++) + { + char *q = realloc (p, i * j * 512); + p = q; + } + + free (p); +} diff --git a/memcheck/tests/realloc_size_zero_again_no.stderr.exp b/memcheck/tests/realloc_size_zero_again_no.stderr.exp new file mode 100644 index 0000000000..b9c061d1ad --- /dev/null +++ b/memcheck/tests/realloc_size_zero_again_no.stderr.exp @@ -0,0 +1,18 @@ +realloc() with size 0 + at 0x........: realloc (vg_replace_malloc.c:...) + ... + Address 0x........ is 0 bytes inside a block of size 1,024 alloc'd + at 0x........: malloc (vg_replace_malloc.c:...) + ... + +ERROR SUMMARY: 7 errors from 1 contexts (suppressed: 0 from 0) + +7 errors in context 1 of 1: +realloc() with size 0 + at 0x........: realloc (vg_replace_malloc.c:...) + ... + Address 0x........ is 0 bytes inside a block of size 1,024 alloc'd + at 0x........: malloc (vg_replace_malloc.c:...) + ... + +ERROR SUMMARY: 7 errors from 1 contexts (suppressed: 0 from 0) diff --git a/memcheck/tests/realloc_size_zero_again_no.stdout.exp b/memcheck/tests/realloc_size_zero_again_no.stdout.exp new file mode 100644 index 0000000000..e69de29bb2 diff --git a/memcheck/tests/realloc_size_zero_again_no.vgtest b/memcheck/tests/realloc_size_zero_again_no.vgtest new file mode 100644 index 0000000000..f1757b6c19 --- /dev/null +++ b/memcheck/tests/realloc_size_zero_again_no.vgtest @@ -0,0 +1,2 @@ +prog: realloc_size_zero_again +vgopts: -q -s --realloc-zero-bytes-frees=no diff --git a/memcheck/tests/realloc_size_zero_again_yes.stderr.exp b/memcheck/tests/realloc_size_zero_again_yes.stderr.exp new file mode 100644 index 0000000000..d40aa24550 --- /dev/null +++ b/memcheck/tests/realloc_size_zero_again_yes.stderr.exp @@ -0,0 +1,18 @@ +realloc() with size 0 + at 0x........: realloc (vg_replace_malloc.c:...) + ... + Address 0x........ is 0 bytes inside a block of size 1,024 alloc'd + at 0x........: malloc (vg_replace_malloc.c:...) + ... + +ERROR SUMMARY: 5 errors from 1 contexts (suppressed: 0 from 0) + +5 errors in context 1 of 1: +realloc() with size 0 + at 0x........: realloc (vg_replace_malloc.c:...) + ... + Address 0x........ is 0 bytes inside a block of size 1,024 alloc'd + at 0x........: malloc (vg_replace_malloc.c:...) + ... + +ERROR SUMMARY: 5 errors from 1 contexts (suppressed: 0 from 0) diff --git a/memcheck/tests/realloc_size_zero_again_yes.stdout.exp b/memcheck/tests/realloc_size_zero_again_yes.stdout.exp new file mode 100644 index 0000000000..e69de29bb2 diff --git a/memcheck/tests/realloc_size_zero_again_yes.vgtest b/memcheck/tests/realloc_size_zero_again_yes.vgtest new file mode 100644 index 0000000000..215392ed62 --- /dev/null +++ b/memcheck/tests/realloc_size_zero_again_yes.vgtest @@ -0,0 +1,2 @@ +prog: realloc_size_zero_again +vgopts: -q -s --realloc-zero-bytes-frees=yes