Re: Valgrind: Detect access outside the range of malloc.

I have fixed the bug you reported when symbols were not printed.

As shown below, if the lower 12 bits of Virtual Address are 0 and File
Size is 0, then the a.out symbol will not be printed.

$ readelf -l a.out
</snip>
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
</snip>
LOAD 0x0000000000001000 0x0000000000003000 0x0000000000003000
0x0000000000000000 0x0000000000000055 RW 1000

From: Otto Moerbeek <otto@drijf.net>
Date: Tue, 5 Sep 2023 07:40:18 +0200

> On Tue, Sep 05, 2023 at 09:38:40AM +0900, Masato Asou wrote:
>
>> hi,
>>
>> I have fixed a bug in Valgrind. The Valgrind could not detect access
>> outside the range of malloc.
>>
>> comments, ok?
>
> This works much better that before. Thanks for working on this!
>
> It now detects out of bounds read and writes correctly. A double
> free is detected.
> Also, the spurious reports for accesses to errno are gone.
>
> It does not report proper locations though, even if I compile my test
> program with -g:
>
> ==23912== Invalid read of size 1
> ==23912== at 0x109B5D: ??? (in ./a.out)
> ==23912== by 0x1098D1: ??? (in ./a.out)
> ==23912== Address 0x4a42840 is 0 bytes after a block of size 10,240 alloc'd
> ==23912== at 0x493A3A9: malloc (vg_replace_malloc.c:435)
> ==23912== by 0x109B32: ??? (in ./a.out)
> ==23912== by 0x1098D1: ??? (in ./a.out)
> ==23912==
> 0

The a.out symbol is now printed as shown below:

$ cat malloctest.c
#include <stdlib.h>
#include <stdio.h>

int
main(int argc, char *argv[])
{
size_t sz = atoi(argv[1]);
unsigned char *p = malloc(sz);
printf("%p\n", p);
p[sz] = 0;
printf("%x\n", p[sz]);
free(p);
free(p);
return 0;
}
$ cc -g malloctest.c
$ valgrind ./a.out 128
==21074== Memcheck, a memory error detector
==21074== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==21074== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
==21074== Command: ./a.out 128
==21074==
==21074== Use of uninitialised value of size 8
==21074== at 0x49C34CD: write (sys/w_write.c:26)
==21074== by 0x4A150D2: __sflush (stdio/fflush.c:80)
==21074== by 0x49B99C8: __sfvwrite (stdio/fvwrite.c:191)
==21074== by 0x4979E4D: __sprint (stdio/vfprintf.c:108)
==21074== by 0x4979E4D: __vfprintf (stdio/vfprintf.c:1064)
==21074== by 0x4976B05: vfprintf (stdio/vfprintf.c:263)
==21074== by 0x49D6434: printf (stdio/printf.c:44)
==21074== by 0x109B48: main (malloctest.c:9)
==21074==
==21074== Use of uninitialised value of size 8
==21074== at 0x49C34DE: write (sys/w_write.c:26)
==21074== by 0x4A150D2: __sflush (stdio/fflush.c:80)
==21074== by 0x49B99C8: __sfvwrite (stdio/fvwrite.c:191)
==21074== by 0x4979E4D: __sprint (stdio/vfprintf.c:108)
==21074== by 0x4979E4D: __vfprintf (stdio/vfprintf.c:1064)
==21074== by 0x4976B05: vfprintf (stdio/vfprintf.c:263)
==21074== by 0x49D6434: printf (stdio/printf.c:44)
==21074== by 0x109B48: main (malloctest.c:9)

> ==23912== Invalid free() / delete / delete[] / realloc()
> ==23912== at 0x493C981: free (vg_replace_malloc.c:978)
> ==23912== by 0x109B80: ??? (in ./a.out)
> ==23912== by 0x1098D1: ??? (in ./a.out)
> ==23912== Address 0x4a40040 is 0 bytes inside a block of size 10,240 free'd
> ==23912== at 0x493C981: free (vg_replace_malloc.c:978)
> ==23912== by 0x109B77: ??? (in ./a.out)
> ==23912== by 0x1098D1: ??? (in ./a.out)
> ==23912== Block was alloc'd at
> ==23912== at 0x493A3A9: malloc (vg_replace_malloc.c:435)
> ==23912== by 0x109B32: ??? (in ./a.out)
> ==23912== by 0x1098D1: ??? (in ./a.out)
>
> addr2line -e ./a.out 0x109B80 also does not succeed in translating the address.

Address reported by Valgrind cannot be used for addr2line. Because
the address is the address of the area where Valgrind mapped a.out
with mmap().


The Makefile and patch-coregrind_m_replacemalloc_vg_replace_malloc_c
in the following diff are the same as the first reported diff.

ok, comments?
--
ASOU Masato

Index: devel/valgrind/Makefile
===================================================================
RCS file: /cvs/ports/devel/valgrind/Makefile,v
retrieving revision 1.32
diff -u -p -r1.32 Makefile
--- devel/valgrind/Makefile 21 Sep 2023 09:50:07 -0000 1.32
+++ devel/valgrind/Makefile 29 Sep 2023 09:44:46 -0000
@@ -5,7 +5,7 @@ CATEGORIES = devel

V = 3.21.0
DISTNAME = valgrind-${V}
-REVISION = 0
+REVISION = 1
EXTRACT_SUFX = .tar.bz2

SITES = https://sourceware.org/pub/valgrind/
Index: devel/valgrind/patches/patch-coregrind_m_aspacemgr_aspacemgr_linux_c
===================================================================
RCS file: /cvs/ports/devel/valgrind/patches/patch-coregrind_m_aspacemgr_aspacemgr_linux_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-coregrind_m_aspacemgr_aspacemgr_linux_c
--- devel/valgrind/patches/patch-coregrind_m_aspacemgr_aspacemgr_linux_c 18 Jul 2023 06:17:15 -0000 1.1
+++ devel/valgrind/patches/patch-coregrind_m_aspacemgr_aspacemgr_linux_c 29 Sep 2023 09:44:46 -0000
@@ -18,7 +18,41 @@
= (Addr) 0x04000000; // 64M
#else