New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 595158 link

Starred by 4 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Mar 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug

Blocking:
issue 440500



Sign in to add a comment

Universal CRT's wcsnlen() reads past the end of the buffer.

Project Member Reported by reillyg@chromium.org, Mar 15 2016

Issue description

Dr. Memory is reporting what looks like bugs in the new Universal CRT's implementation of wcsnlen():

In this case the buffer passed to wputenv_s is valid but wcsnlen reads beyond it.

UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02a662ea-0x02a662f0 6 byte(s) within 0x02a662e0-0x02a662f0
# 0 ucrtbase.dll!wcsnlen                                                      +0x160    (0x6d329500 <ucrtbase.dll+0x39500>)
# 1 ucrtbase.dll!getenv_s                                                     +0x588    (0x6d3a6639 <ucrtbase.dll+0xb6639>)
# 2 ucrtbase.dll!getenv_s                                                     +0x363    (0x6d3a6414 <ucrtbase.dll+0xb6414>)
# 3 ucrtbase.dll!getenv_s                                                     +0x238    (0x6d3a62e9 <ucrtbase.dll+0xb62e9>)
# 4 ucrtbase.dll!wputenv_s                                                    +0x28     (0x6d3a6919 <ucrtbase.dll+0xb6919>)
# 5 base::`anonymous namespace'::FileUtilTest_GetTempDirTest_Test::TestBody    [base\files\file_util_unittest.cc:1661]
# 6 testing::internal::HandleExceptionsInMethodIfSupported<>                   [testing\gtest\src\gtest.cc:2458]
Note: @0:02:01.110 in thread 2200
Note: next higher malloc: 0x02a66320-0x02a66340
Note: refers to 0 byte(s) beyond last valid byte in prior malloc
Note: prev lower malloc:  0x02a662a0-0x02a662ea
Note: instruction: movaps (%edx) -> %xmm0


 
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 15 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/26ddffa8e68c6868c28b36b3061ba224585b3e84

commit 26ddffa8e68c6868c28b36b3061ba224585b3e84
Author: reillyg <reillyg@chromium.org>
Date: Tue Mar 15 23:58:37 2016

Add remaining suppressions for current Windows issues.

This should cover the rest of the suppressions needed to clean up the
Dr. Memory bots.

BUG= 595146 ,595149, 595156 , 595158 
TBR=thestig@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1807513003

Cr-Commit-Position: refs/heads/master@{#381355}

[modify] https://crrev.com/26ddffa8e68c6868c28b36b3061ba224585b3e84/tools/valgrind/drmemory/suppressions_full.txt

Comment 2 by thakis@chromium.org, Mar 18 2016

Blocking: 440500
 Issue 596208  has been merged into this issue.
Owner: bruening@chromium.org
Status: Started (was: Untriaged)
Optimized string routines often take such steps for better performance.  Dr. Memory is already avoiding false positives like this in other string routines by replacing them with simpler versions.  The issue here is that wcsnlen was not being replaced with the others.  Xref https://github.com/DynamoRIO/drmemory/issues/350 and
https://github.com/DynamoRIO/drmemory/issues/1869.

Project Member

Comment 6 by bugdroid1@chromium.org, Mar 20 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/899620623be8f7b5004cea13f7da96ff7ca80c27

commit 899620623be8f7b5004cea13f7da96ff7ca80c27
Author: bruening <bruening@chromium.org>
Date: Sun Mar 20 13:37:54 2016

Remove Dr. Memory suppressions and exclusions that are no longer needed.

Remove the suppressions and exclusions put in place to work around Dr. Memory bugs that are now fixed.

BUG= 594614 , 594618 , 594785 , 594618 , 594808 , 595158 , 595490 
TBR=reillyg,oshima
NOTRY=true

Review URL: https://codereview.chromium.org/1817853002

Cr-Commit-Position: refs/heads/master@{#382222}

[modify] https://crrev.com/899620623be8f7b5004cea13f7da96ff7ca80c27/tools/valgrind/drmemory/suppressions_full.txt
[modify] https://crrev.com/899620623be8f7b5004cea13f7da96ff7ca80c27/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt

Status: Fixed (was: Started)

Sign in to add a comment