public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "sam at gentoo dot org" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug string/30112] [bisected] glibc 2.37 fails to print IPv6 adresses since 642933158e7cf072d873231b1a9bb03291f2b989 Date: Mon, 13 Feb 2023 02:56:27 +0000 [thread overview] Message-ID: <bug-30112-131-yZOITYQl2v@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-30112-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=30112 --- Comment #2 from Sam James <sam at gentoo dot org> --- I think this might be UB in iproute2 instead. This output is from glibc-2.36, but I got the same w/ glibc-2.37: ``` $ valgrind ip -6 route ==122592== Memcheck, a memory error detector ==122592== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==122592== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info ==122592== Command: ip -6 route ==122592== ==122592== Source and destination overlap in strncpy(0x1ffefff283, 0x1ffefff283, 63) ==122592== at 0x48493DA: strncpy (vg_replace_strmem.c:604) ==122592== by 0x1200EC: strncpy (string_fortified.h:95) ==122592== by 0x1200EC: print_route (iproute.c:819) ==122592== by 0x17C3C5: rtnl_dump_filter_l (libnetlink.c:925) ==122592== by 0x17D8FF: rtnl_dump_filter_errhndlr_nc (libnetlink.c:987) ==122592== by 0x11E3D3: iproute_list_flush_or_save (iproute.c:1981) ==122592== by 0x113C54: do_cmd (ip.c:137) ==122592== by 0x1136F8: main (ip.c:327) ==122592== ::1 dev lo proto kernel metric 256 pref medium [my network bits here] ==122592== ==122592== HEAP SUMMARY: ==122592== in use at exit: 206 bytes in 3 blocks ==122592== total heap usage: 10 allocs, 7 frees, 165,174 bytes allocated ==122592== ==122592== LEAK SUMMARY: ==122592== definitely lost: 0 bytes in 0 blocks ==122592== indirectly lost: 0 bytes in 0 blocks ==122592== possibly lost: 0 bytes in 0 blocks ==122592== still reachable: 206 bytes in 3 blocks ==122592== suppressed: 0 bytes in 0 blocks ==122592== Rerun with --leak-check=full to see details of leaked memory ==122592== ==122592== For lists of detected and suppressed errors, rerun with: -s ==122592== ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 0 from 0) ``` And from ASAN: ``` ================================================================= ==108934==ERROR: AddressSanitizer: strncpy-param-overlap: memory ranges [0x7f3651200380,0x7f3651200384) and [0x7f3651200380, 0x7f3651200384) overlap #0 0x7f36533fe03c in __interceptor_strncpy /usr/src/debug/sys-devel/gcc-13.0.1_pre20230212/gcc-13-20230212/libsanitizer/asan/asan_interceptors.cpp:483 #1 0x5616e76ac5b2 in strncpy /usr/include/bits/string_fortified.h:95 #2 0x5616e76ac5b2 in print_route /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:819 #3 0x5616e7784705 in rtnl_dump_filter_l /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/lib/libnetlink.c:925 #4 0x5616e778a598 in rtnl_dump_filter_errhndlr_nc /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/lib/libnetlink.c:987 #5 0x5616e76a8e89 in iproute_list_flush_or_save /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:1981 #6 0x5616e76afcca in do_iproute /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:2358 #7 0x5616e768f3bf in do_cmd /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/ip.c:137 #8 0x5616e768d992 in main /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/ip.c:327 #9 0x7f365318274f (/usr/lib64/libc.so.6+0x2374f) #10 0x7f3653182808 in __libc_start_main (/usr/lib64/libc.so.6+0x23808) #11 0x5616e768f244 in _start (/usr/bin/ip+0x11244) Address 0x7f3651200380 is located in stack of thread T0 at offset 896 in frame #0 0x5616e76aa38f in print_route /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:746 This frame has 4 object(s): [48, 192) 'mxrta' (line 599) [256, 504) 'tb' (line 750) [576, 824) 'tb' (line 680) [896, 960) 'b1' (line 755) <== Memory access at offset 896 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) Address 0x7f3651200380 is located in stack of thread T0 at offset 896 in frame #0 0x5616e76aa38f in print_route /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:746 This frame has 4 object(s): [48, 192) 'mxrta' (line 599) [256, 504) 'tb' (line 750) [576, 824) 'tb' (line 680) [896, 960) 'b1' (line 755) <== Memory access at offset 896 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: strncpy-param-overlap /usr/src/debug/sys-devel/gcc-13.0.1_pre20230212/gcc-13-20230212/libsanitizer/asan/asan_interceptors.cpp:483 in __interceptor_strncpy ==108934==ABORTING ``` -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2023-02-13 2:56 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-10 21:15 [Bug string/30112] New: [bisected] glibc 2.37 fails to print IPv6 adresses freswa at archlinux dot org 2023-02-10 21:15 ` [Bug string/30112] " freswa at archlinux dot org 2023-02-11 19:25 ` vmlinuz386 at gmail dot com 2023-02-12 2:56 ` sam at gentoo dot org 2023-02-12 3:24 ` [Bug string/30112] [bisected] glibc 2.37 fails to print IPv6 adresses since 642933158e7cf072d873231b1a9bb03291f2b989 sam at gentoo dot org 2023-02-12 17:47 ` dilfridge at gentoo dot org 2023-02-12 21:21 ` flo at geekplace dot eu 2023-02-13 2:56 ` sam at gentoo dot org [this message] 2023-02-13 3:18 ` sam at gentoo dot org 2023-02-13 9:20 ` freswa at archlinux dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-30112-131-yZOITYQl2v@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).