bug-glibc
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug: realpath() calls strcpy(x, x)?


From: Dan Kegel
Subject: bug: realpath() calls strcpy(x, x)?
Date: Sat, 13 Sep 2003 15:55:34 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624

When running latest? valgrind on openoffice, I see
a whole bunch of source/destination overlap errors
inside the glibc function realpath() (see below).

I looked at the code in glibc-2.3.2 for realpath(), and sure enough,
it has a path where it does a strcpy(x, x) for some reason.

Question: is calling strcpy with the same value for both arguments
a bug worth fixing?

I wrote a little test case to tickle the bug:

main()
{
        char buf[256];
        char *p;

        buf[0] = 0;
        p = realpath("/doesnotexist", buf);
        printf("p %p buf %s\n", p, buf);
}

When I prepend the source for realpath() to that fragment, and compile it
into my test, I get what I expect when I run it under valgrind:

==12241== Source and destination overlap in strcpy(0xbfffdfd0, 0xbfffdfd0)
==12241==    at 0x400226E7: strcpy (mac_replace_strmem.c:87)
==12241==    by 0x8048ACF: __realpath (x.c:186)
==12241==    by 0x8048B22: main (x.c:198)
==12241==    by 0x4024C8C6: __libc_start_main (in /lib/libc-2.3.2.so)
p (nil) buf /doesnotexist

The following patchlet makes the warning go away:

--- glibc-2.3.2/stdlib/canonicalize.c.old       2003-09-13 14:16:50.000000000 
-0700
+++ glibc-2.3.2/stdlib/canonicalize.c   2003-09-13 14:17:25.000000000 -0700
@@ -207,9 +207,10 @@
   return resolved ? memcpy (resolved, rpath, dest - rpath + 1) : rpath;

 error:
-  if (resolved)
-    strcpy (resolved, rpath);
-  else
+  if (resolved) {
+    if (resolved != rpath)
+       strcpy (resolved, rpath);
+  } else
     free (rpath);
   return NULL;
 }

- Dan

p.s. Here are a few more similar errors seen when starting up 
openoffice1.1.0rc4 under valgrind with --skin=addrcheck:

4 errors in context 3 of 8:
Source and destination overlap in strcpy(0xbfffcc70, 0xbfffcc70)
   at 0x40021277: strcpy (mac_replace_strmem.c:87)
   by 0x414DBA4A: realpath@@GLIBC_2.3 (in /lib/libc-2.3.2.so)
   by 0x414DBDE9: address@hidden (in /lib/libc-2.3.2.so)
   by 0x415F152E: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libpsp645li.so)
   by 0x415F1A7C: psp::PrintFontManager::initialize(void*) (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libpsp645li.so)
   by 0x415EC724: psp::PrintFontManager::get() (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libpsp645li.so)
   ...

5 errors in context 4 of 8:
Source and destination overlap in memcpy(0xbfffcc70, 0xbfffcc70, 53)
   at 0x40021529: memcpy (mac_replace_strmem.c:95)
   by 0x414DBBF9: realpath@@GLIBC_2.3 (in /lib/libc-2.3.2.so)
   by 0x414DBDE9: address@hidden (in /lib/libc-2.3.2.so)
   by 0x415F152E: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libpsp645li.so)
   by 0x415F1A7C: psp::PrintFontManager::initialize(void*) (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libpsp645li.so)
   by 0x415EC724: psp::PrintFontManager::get() (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libpsp645li.so)
   ...

8 errors in context 5 of 8:
Source and destination overlap in memcpy(0x435cead0, 0x435cead0, 23)
   at 0x40021529: memcpy (mac_replace_strmem.c:95)
   by 0x414DBBF9: realpath@@GLIBC_2.3 (in /lib/libc-2.3.2.so)
   by 0x414DBDE9: address@hidden (in /lib/libc-2.3.2.so)
   by 0x40DB3480: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   by 0x40DB3391: osl_openProfile (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   ...

8 errors in context 6 of 8:
Source and destination overlap in strcpy(0xbfff8d50, 0xbfff8d50)
   at 0x40021277: strcpy (mac_replace_strmem.c:87)
   by 0x414DBA4A: realpath@@GLIBC_2.3 (in /lib/libc-2.3.2.so)
   by 0x414DBDE9: address@hidden (in /lib/libc-2.3.2.so)
   by 0x40DBBD45: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   by 0x40DBBF52: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   by 0x40DBC19A: osl_getAbsoluteFileURL (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   ...

25 errors in context 7 of 8:
Source and destination overlap in memcpy(0xbfffcfe0, 0xbfffcfe0, 52)
   at 0x40021529: memcpy (mac_replace_strmem.c:95)
   by 0x414DBBF9: realpath@@GLIBC_2.3 (in /lib/libc-2.3.2.so)
   by 0x414DBDE9: address@hidden (in /lib/libc-2.3.2.so)
   by 0x40DBCF43: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   by 0x40DBD2EB: osl_getExecutableFile (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   ...

236 errors in context 8 of 8:
Source and destination overlap in memcpy(0xbfff8e40, 0xbfff8e40, 2)
   at 0x40021529: memcpy (mac_replace_strmem.c:95)
   by 0x414DBBF9: realpath@@GLIBC_2.3 (in /lib/libc-2.3.2.so)
   by 0x414DBDE9: address@hidden (in /lib/libc-2.3.2.so)
   by 0x40DBBD45: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   by 0x40DBBF52: (within 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   by 0x40DBC19A: osl_getAbsoluteFileURL (in 
/opt/OpenOffice.org1.1.0rc4-pre/program/libsal.so.3.1.0)
   ...

--
Dan Kegel
http://www.kegel.com
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=78045






reply via email to

[Prev in Thread] Current Thread [Next in Thread]