zenithsiz/ftmemsim-valgrind
1
0
Fork 0
mirror of https://github.com/Zenithsiz/ftmemsim-valgrind.git synced 2026-02-04 02:18:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ftmemsim-valgrind/include/pub_tool_errormgr.h
Philippe Waroquiers eb2b193943 Fix dangling ref in m_errormgr.c + report all uninit fields in a syscall param 
Some syscall verification code is allocating memory to generate 
the string used to build an error, e.g. syswrap-generic.c verifying fields of
e.g socket addresses (pre_mem_read_sockaddr) or sendmsg/recvmsg args 
(msghdr_foreachfield)

The allocated pointer was copied in the error created by VG_(maybe_record_error).

This was wrong for 2 reasons:
1. If the error is a new error, it is stored in a list of errors,
   but the string memory was freed by pre_mem_read_sockaddr, msghdr_foreachfield, ...
   This causes a dangling reference. Was at least visible when giving -v, which
   re-prints all errors at the end of execution.
   Probably this could have some consequences during run while generating new errors,
   and comparing for equality with a recorded error having a dangling reference.
2. the same allocated string is re-used for each piece/field of the verified struct.
   The code in mc_errors.c that checks that 2 errors are identical was then wrongly
   considereing that 2 successive errors for 2 different fields for the same syscall
   arg are identical, just because the error string happened to be produced at
   the same address.
(it is believed that initially, the error string was assumed to be a static
string, which is not the case anymore, causing the above 2 problems).

Changes:
* The fix consists in duplicating in m_errormgr.c the given error string when
  the error is recorded. In other words, the error string is now duplicated similarly
  to the (optional) extra component of the error.

* memcheck/tests/linux/rfcomm.c test modified as now an error is reported
  for each uninit field.

* socketaddr unknown family is also better reported (using sa_data field name,
  rather than an empty field name.

* minor reformatting in m_errormgr.c, to be below 80 characters.

Some notes:
1. the string is only duplicated if the error is recorded
   (ie. printed or the first time an error matches a suppression).
   The string is not duplicated for duplicated errors or following errors
   matching the first (suppressed) error.
   The string is also not duplicated for 'unique errors' (that are printed
   and then not recorded).
2. duplicating the string for each recorded error is not deemed to
   use a lot of memory:
     * error strings are usually NULL or short (often 10 bytes or so).
     * we expect no program has a huge number of errors
   If ever this string duplicate would be significant, having a DedupPoolAlloc
   in m_errormgr.c for these strings would reduce this memory (as we expect to
   have very few different strings, even with millions of errors).



git-svn-id: svn://svn.valgrind.org/valgrind/trunk@14214
2014-07-30 22:20:29 +00:00

146 lines
6.3 KiB
C
Raw Blame History

/*--------------------------------------------------------------------*/
/*--- ErrorMgr: management of errors and suppressions. ---*/
/*--- pub_tool_errormgr.h ---*/
/*--------------------------------------------------------------------*/
/*
This file is part of Valgrind, a dynamic binary instrumentation
framework.
Copyright (C) 2000-2013 Julian Seward
jseward@acm.org
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307, USA.
The GNU General Public License is contained in the file COPYING.
*/
#ifndef __PUB_TOOL_ERRORMGR_H
#define __PUB_TOOL_ERRORMGR_H
#include "pub_tool_execontext.h"
/* ------------------------------------------------------------------ */
/* Error records contain enough info to generate an error report. The idea
is that (typically) the same few points in the program generate thousands
of errors, and we don't want to spew out a fresh error message for each
one. Instead, we use these structures to common up duplicates.
*/
typedef
Int /* Do not make this unsigned! */
ErrorKind;
/* The tool-relevant parts of an Error are:
kind: what kind of error; must be in the range (0..)
addr: use is optional. 0 by default.
string: use is optional. NULL by default.
extra: use is optional. NULL by default. void* so it's extensible.
*/
typedef
struct _Error
Error;
/* Useful in VG_(tdict).tool_error_matches_suppression(),
* VG_(tdict).tool_pp_Error(), etc */
ExeContext* VG_(get_error_where) ( Error* err );
ErrorKind VG_(get_error_kind) ( Error* err );
Addr VG_(get_error_address) ( Error* err );
const HChar* VG_(get_error_string) ( Error* err );
void* VG_(get_error_extra) ( Error* err );
/* Call this when an error occurs. It will be recorded if it hasn't been
seen before. If it has, the existing error record will have its count
incremented.
'tid' can be found as for VG_(record_ExeContext)(). The `s' string
and `extra' field can be stack-allocated; they will be copied by the core
if needed (but it won't be copied if it's NULL).
Note that `ekind' and `s' are also used to generate a suppression.
`s' should therefore not contain data depending on the specific
execution (such as addresses, values) but should rather contain
e.g. a system call parameter symbolic name.
`extra' is also (optionally) used for generating a suppression
(see pub_tool_tooliface.h print_extra_suppression_info).
If no 'a', 's' or 'extra' of interest needs to be recorded, just use
NULL for them. */
extern void VG_(maybe_record_error) ( ThreadId tid, ErrorKind ekind,
Addr a, const HChar* s, void* extra );
/* Similar to VG_(maybe_record_error)(), except this one doesn't record the
error -- useful for errors that can only happen once. The errors can be
suppressed, though. Return value is True if it was suppressed.
'print_error' dictates whether to print the error, which is a bit of a
hack that's useful sometimes if you just want to know if the error would
be suppressed without possibly printing it. 'count_error' dictates
whether to add the error in the error total count (another mild hack). */
extern Bool VG_(unique_error) ( ThreadId tid, ErrorKind ekind,
Addr a, const HChar* s, void* extra,
ExeContext* where, Bool print_error,
Bool allow_GDB_attach, Bool count_error );
/* Gets from fd (an opened suppression file) a non-blank, non-comment
line containing suppression extra information (e.g. the syscall
line for the Param memcheck suppression kind. bufpp is a pointer
to a pointer to a buffer that must be allocated with VG_(malloc);
nBufp is a pointer to size_t holding its size; if the buffer is too
small for the line, it will be realloc'd until big enough (updating
*bufpp and *nBufp in the process). (It will bomb out if the size
gets ridiculous). Skips leading spaces on the line. Increments
lineno with the number of lines read if lineno is non-NULL. Returns
True if no extra information line could be read. */
extern Bool VG_(get_line) ( Int fd, HChar** bufpp, SizeT* nBufp, Int* lineno );
/* ------------------------------------------------------------------ */
/* Suppressions describe errors which we want to suppress, ie, not
show the user, usually because it is caused by a problem in a library
which we can't fix, replace or work around. Suppressions are read from
a file at startup time. This gives flexibility so that new
suppressions can be added to the file as and when needed.
*/
typedef
Int /* Do not make this unsigned! */
SuppKind;
/* The tool-relevant parts of a suppression are:
kind: what kind of suppression; must be in the range (0..)
string: use is optional. NULL by default.
extra: use is optional. NULL by default. void* so it's extensible.
*/
typedef
struct _Supp
Supp;
/* Useful in VG_(tdict).tool_error_matches_suppression() */
SuppKind VG_(get_supp_kind) ( Supp* su );
HChar* VG_(get_supp_string) ( Supp* su );
void* VG_(get_supp_extra) ( Supp* su );
/* Must be used in VG_(recognised_suppression)() */
void VG_(set_supp_kind) ( Supp* su, SuppKind suppkind );
/* May be used in VG_(read_extra_suppression_info)() */
void VG_(set_supp_string) ( Supp* su, HChar* string );
void VG_(set_supp_extra) ( Supp* su, void* extra );
#endif // __PUB_TOOL_ERRORMGR_H
/*--------------------------------------------------------------------*/
/*--- end ---*/
/*--------------------------------------------------------------------*/
Reference in New Issue View Git Blame Copy Permalink