- publishing free software manuals
Valgrind 3.3 - Advanced Debugging and Profiling for GNU/Linux applications
by J. Seward, N. Nethercote, J. Weidendorfer and the Valgrind Development Team
Paperback (6"x9"), 164 pages
ISBN 0954612051
RRP £12.95 ($19.95)

Get a printed copy>>>

5.3.5 Passing system call parameters with inadequate read/write permissions

Memcheck checks all parameters to system calls:

After the system call, Memcheck updates its tracked information to precisely reflect any changes in memory permissions caused by the system call.

Here's an example of two system calls with invalid parameters:

#include <stdlib.h>
#include <unistd.h>
int main( void )
{
  char* arr  = malloc(10);
  int*  arr2 = malloc(sizeof(int));
  write( 1 /* stdout */, arr, 10 );
  exit(arr2[0]);
}

You get these complaints ...

Syscall param write(buf) points to uninitialised byte(s)
   at 0x25A48723: __write_nocancel (in
                    /lib/tls/libc-2.3.3.so)
   by 0x259AFAD3: __libc_start_main (in
                    /lib/tls/libc-2.3.3.so)
   by 0x8048348: (within a.out)
 Address 0x25AB8028 is 0 bytes
   inside a block of size 10 alloc'd
   at 0x259852B0: malloc (vg_replace_malloc.c:130)
   by 0x80483F1: main (a.c:5)

Syscall param exit(error_code) contains uninitialised byte(s)
   at 0x25A21B44: __GI__exit (in /lib/tls/libc-2.3.3.so)
   by 0x8048426: main (a.c:8)

... because the program has (a) tried to write uninitialised junk from the malloc'd block to the standard output, and (b) passed an uninitialised value to exit. Note that the first error refers to the memory pointed to by ‘buf’ (not ‘buf’ itself), but the second error refers directly to ‘exit’'s argument ‘arr2[0]’.

ISBN 0954612051Valgrind 3.3 - Advanced Debugging and Profiling for GNU/Linux applicationsSee the print edition