[Bug string/30112] [bisected] glibc 2.37 fails to print IPv6 adresses since 642933158e7cf072d873231b1a9bb03291f2b989

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "sam at gentoo dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug string/30112] [bisected] glibc 2.37 fails to print IPv6 adresses since 642933158e7cf072d873231b1a9bb03291f2b989
Date: Mon, 13 Feb 2023 02:56:27 +0000	[thread overview]
Message-ID: <bug-30112-131-yZOITYQl2v@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-30112-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=30112

--- Comment #2 from Sam James <sam at gentoo dot org> ---
I think this might be UB in iproute2 instead.

This output is from glibc-2.36, but I got the same w/ glibc-2.37:
```
$ valgrind ip -6 route
==122592== Memcheck, a memory error detector
==122592== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==122592== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info
==122592== Command: ip -6 route
==122592==
==122592== Source and destination overlap in strncpy(0x1ffefff283,
0x1ffefff283, 63)
==122592==    at 0x48493DA: strncpy (vg_replace_strmem.c:604)
==122592==    by 0x1200EC: strncpy (string_fortified.h:95)
==122592==    by 0x1200EC: print_route (iproute.c:819)
==122592==    by 0x17C3C5: rtnl_dump_filter_l (libnetlink.c:925)
==122592==    by 0x17D8FF: rtnl_dump_filter_errhndlr_nc (libnetlink.c:987)
==122592==    by 0x11E3D3: iproute_list_flush_or_save (iproute.c:1981)
==122592==    by 0x113C54: do_cmd (ip.c:137)
==122592==    by 0x1136F8: main (ip.c:327)
==122592==
::1 dev lo proto kernel metric 256 pref medium
[my network bits here]
==122592==
==122592== HEAP SUMMARY:
==122592==     in use at exit: 206 bytes in 3 blocks
==122592==   total heap usage: 10 allocs, 7 frees, 165,174 bytes allocated
==122592==
==122592== LEAK SUMMARY:
==122592==    definitely lost: 0 bytes in 0 blocks
==122592==    indirectly lost: 0 bytes in 0 blocks
==122592==      possibly lost: 0 bytes in 0 blocks
==122592==    still reachable: 206 bytes in 3 blocks
==122592==         suppressed: 0 bytes in 0 blocks
==122592== Rerun with --leak-check=full to see details of leaked memory
==122592==
==122592== For lists of detected and suppressed errors, rerun with: -s
==122592== ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 0 from 0)
```

And from ASAN:
```
=================================================================
==108934==ERROR: AddressSanitizer: strncpy-param-overlap: memory ranges
[0x7f3651200380,0x7f3651200384) and [0x7f3651200380, 0x7f3651200384) overlap
    #0 0x7f36533fe03c in __interceptor_strncpy
/usr/src/debug/sys-devel/gcc-13.0.1_pre20230212/gcc-13-20230212/libsanitizer/asan/asan_interceptors.cpp:483
    #1 0x5616e76ac5b2 in strncpy /usr/include/bits/string_fortified.h:95
    #2 0x5616e76ac5b2 in print_route
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:819
    #3 0x5616e7784705 in rtnl_dump_filter_l
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/lib/libnetlink.c:925
    #4 0x5616e778a598 in rtnl_dump_filter_errhndlr_nc
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/lib/libnetlink.c:987
    #5 0x5616e76a8e89 in iproute_list_flush_or_save
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:1981
    #6 0x5616e76afcca in do_iproute
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:2358
    #7 0x5616e768f3bf in do_cmd
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/ip.c:137
    #8 0x5616e768d992 in main
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/ip.c:327
    #9 0x7f365318274f  (/usr/lib64/libc.so.6+0x2374f)
    #10 0x7f3653182808 in __libc_start_main (/usr/lib64/libc.so.6+0x23808)
    #11 0x5616e768f244 in _start (/usr/bin/ip+0x11244)

Address 0x7f3651200380 is located in stack of thread T0 at offset 896 in frame
    #0 0x5616e76aa38f in print_route
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:746

  This frame has 4 object(s):
    [48, 192) 'mxrta' (line 599)
    [256, 504) 'tb' (line 750)
    [576, 824) 'tb' (line 680)
    [896, 960) 'b1' (line 755) <== Memory access at offset 896 is inside this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
Address 0x7f3651200380 is located in stack of thread T0 at offset 896 in frame
    #0 0x5616e76aa38f in print_route
/usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:746

  This frame has 4 object(s):
    [48, 192) 'mxrta' (line 599)
    [256, 504) 'tb' (line 750)
    [576, 824) 'tb' (line 680)
    [896, 960) 'b1' (line 755) <== Memory access at offset 896 is inside this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: strncpy-param-overlap
/usr/src/debug/sys-devel/gcc-13.0.1_pre20230212/gcc-13-20230212/libsanitizer/asan/asan_interceptors.cpp:483
in __interceptor_strncpy
==108934==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next prev parent reply	other threads:[~2023-02-13  2:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-10 21:15 [Bug string/30112] New: [bisected] glibc 2.37 fails to print IPv6 adresses freswa at archlinux dot org
2023-02-10 21:15 ` [Bug string/30112] " freswa at archlinux dot org
2023-02-11 19:25 ` vmlinuz386 at gmail dot com
2023-02-12  2:56 ` sam at gentoo dot org
2023-02-12  3:24 ` [Bug string/30112] [bisected] glibc 2.37 fails to print IPv6 adresses since 642933158e7cf072d873231b1a9bb03291f2b989 sam at gentoo dot org
2023-02-12 17:47 ` dilfridge at gentoo dot org
2023-02-12 21:21 ` flo at geekplace dot eu
2023-02-13  2:56 ` sam at gentoo dot org [this message]
2023-02-13  3:18 ` sam at gentoo dot org
2023-02-13  9:20 ` freswa at archlinux dot org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-30112-131-yZOITYQl2v@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).