From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 1BF7C3858C83; Mon, 13 Feb 2023 02:56:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1BF7C3858C83 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1676256988; bh=+5nNygDpx+zS/FEFzEXBBVIzdS9OcXW7yYgPg3tTMXE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=bH4sFkgSh1WglU/G9oAfj6PX9BegxD6SWNn4/h/qUU5yZE0Aq7ZUluaZUCSE/0VFX Gy4yL3FgmQlU4PjTtF5s1xuAYwVSCohLvs0dNonu7SULBXHzm4kORnaQ2uAojr81YT 9dWIcJOaDjIqStCz5uo/v5w3CwzCsDmdX+4AVh1E= From: "sam at gentoo dot org" To: glibc-bugs@sourceware.org Subject: [Bug string/30112] [bisected] glibc 2.37 fails to print IPv6 adresses since 642933158e7cf072d873231b1a9bb03291f2b989 Date: Mon, 13 Feb 2023 02:56:27 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: string X-Bugzilla-Version: 2.37 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sam at gentoo dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30112 --- Comment #2 from Sam James --- I think this might be UB in iproute2 instead. This output is from glibc-2.36, but I got the same w/ glibc-2.37: ``` $ valgrind ip -6 route =3D=3D122592=3D=3D Memcheck, a memory error detector =3D=3D122592=3D=3D Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward= et al. =3D=3D122592=3D=3D Using Valgrind-3.20.0 and LibVEX; rerun with -h for copy= right info =3D=3D122592=3D=3D Command: ip -6 route =3D=3D122592=3D=3D =3D=3D122592=3D=3D Source and destination overlap in strncpy(0x1ffefff283, 0x1ffefff283, 63) =3D=3D122592=3D=3D at 0x48493DA: strncpy (vg_replace_strmem.c:604) =3D=3D122592=3D=3D by 0x1200EC: strncpy (string_fortified.h:95) =3D=3D122592=3D=3D by 0x1200EC: print_route (iproute.c:819) =3D=3D122592=3D=3D by 0x17C3C5: rtnl_dump_filter_l (libnetlink.c:925) =3D=3D122592=3D=3D by 0x17D8FF: rtnl_dump_filter_errhndlr_nc (libnetlink= .c:987) =3D=3D122592=3D=3D by 0x11E3D3: iproute_list_flush_or_save (iproute.c:19= 81) =3D=3D122592=3D=3D by 0x113C54: do_cmd (ip.c:137) =3D=3D122592=3D=3D by 0x1136F8: main (ip.c:327) =3D=3D122592=3D=3D ::1 dev lo proto kernel metric 256 pref medium [my network bits here] =3D=3D122592=3D=3D =3D=3D122592=3D=3D HEAP SUMMARY: =3D=3D122592=3D=3D in use at exit: 206 bytes in 3 blocks =3D=3D122592=3D=3D total heap usage: 10 allocs, 7 frees, 165,174 bytes al= located =3D=3D122592=3D=3D =3D=3D122592=3D=3D LEAK SUMMARY: =3D=3D122592=3D=3D definitely lost: 0 bytes in 0 blocks =3D=3D122592=3D=3D indirectly lost: 0 bytes in 0 blocks =3D=3D122592=3D=3D possibly lost: 0 bytes in 0 blocks =3D=3D122592=3D=3D still reachable: 206 bytes in 3 blocks =3D=3D122592=3D=3D suppressed: 0 bytes in 0 blocks =3D=3D122592=3D=3D Rerun with --leak-check=3Dfull to see details of leaked = memory =3D=3D122592=3D=3D =3D=3D122592=3D=3D For lists of detected and suppressed errors, rerun with:= -s =3D=3D122592=3D=3D ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 0 f= rom 0) ``` And from ASAN: ``` =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D108934=3D=3DERROR: AddressSanitizer: strncpy-param-overlap: memory ra= nges [0x7f3651200380,0x7f3651200384) and [0x7f3651200380, 0x7f3651200384) overlap #0 0x7f36533fe03c in __interceptor_strncpy /usr/src/debug/sys-devel/gcc-13.0.1_pre20230212/gcc-13-20230212/libsanitize= r/asan/asan_interceptors.cpp:483 #1 0x5616e76ac5b2 in strncpy /usr/include/bits/string_fortified.h:95 #2 0x5616e76ac5b2 in print_route /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:819 #3 0x5616e7784705 in rtnl_dump_filter_l /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/lib/libnetlink.c:925 #4 0x5616e778a598 in rtnl_dump_filter_errhndlr_nc /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/lib/libnetlink.c:987 #5 0x5616e76a8e89 in iproute_list_flush_or_save /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:1981 #6 0x5616e76afcca in do_iproute /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:2358 #7 0x5616e768f3bf in do_cmd /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/ip.c:137 #8 0x5616e768d992 in main /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/ip.c:327 #9 0x7f365318274f (/usr/lib64/libc.so.6+0x2374f) #10 0x7f3653182808 in __libc_start_main (/usr/lib64/libc.so.6+0x23808) #11 0x5616e768f244 in _start (/usr/bin/ip+0x11244) Address 0x7f3651200380 is located in stack of thread T0 at offset 896 in fr= ame #0 0x5616e76aa38f in print_route /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:746 This frame has 4 object(s): [48, 192) 'mxrta' (line 599) [256, 504) 'tb' (line 750) [576, 824) 'tb' (line 680) [896, 960) 'b1' (line 755) <=3D=3D Memory access at offset 896 is insid= e this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) Address 0x7f3651200380 is located in stack of thread T0 at offset 896 in fr= ame #0 0x5616e76aa38f in print_route /usr/src/debug/sys-apps/iproute2-6.1.0/iproute2-6.1.0/ip/iproute.c:746 This frame has 4 object(s): [48, 192) 'mxrta' (line 599) [256, 504) 'tb' (line 750) [576, 824) 'tb' (line 680) [896, 960) 'b1' (line 755) <=3D=3D Memory access at offset 896 is insid= e this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: strncpy-param-overlap /usr/src/debug/sys-devel/gcc-13.0.1_pre20230212/gcc-13-20230212/libsanitize= r/asan/asan_interceptors.cpp:483 in __interceptor_strncpy =3D=3D108934=3D=3DABORTING ``` --=20 You are receiving this mail because: You are on the CC list for the bug.=