Last active
September 23, 2023 01:06
-
-
Save charmoniumQ/c5a0a1dbec4452a203e9dd8ec20a3458 to your computer and use it in GitHub Desktop.
Bash crashes in Valgrind when LC_CTYPE is set to C.UTF-8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"nodes": { | |
"nixpkgs": { | |
"locked": { | |
"lastModified": 1695227375, | |
"narHash": "sha256-76WTkeCu3npPZDkay2hB2Dj3cOuCiF0P41dbmXWUKtA=", | |
"owner": "NixOS", | |
"repo": "nixpkgs", | |
"rev": "fe977679240ac2027b151ecca1bc6ce808c2e8af", | |
"type": "github" | |
}, | |
"original": { | |
"id": "nixpkgs", | |
"type": "indirect" | |
} | |
}, | |
"root": { | |
"inputs": { | |
"nixpkgs": "nixpkgs" | |
} | |
} | |
}, | |
"root": "root", | |
"version": 7 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
outputs = { self, nixpkgs }: | |
let | |
system = "x86_64-linux"; | |
pkgs = nixpkgs.legacyPackages.${system}; | |
bash = pkgs.enableDebugging pkgs.bash; | |
in { | |
apps."${system}".default = { | |
# This program crashes reliably! | |
# Taking out the valgrind causes it to not crash. | |
# Taking out LC_CTYPE causes it to not crash (but still has an invalid free()) | |
type = "app"; | |
program = "${pkgs.writeShellScript "test.sh" '' | |
${pkgs.toybox}/bin/env - foo=bar LC_CTYPE=C.UTF-8 ${pkgs.valgrind}/bin/valgrind ${bash}/bin/bash -c 'echo ''${foo#baz}' | |
''}"; | |
}; | |
}; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ nix run | |
==2917070== Memcheck, a memory error detector | |
==2917070== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. | |
==2917070== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info | |
==2917070== Command: /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c echo\ ${foo#ba} | |
==2917070== | |
==2917070== Invalid read of size 1 | |
==2917070== at 0x4A0DCD: internal_free (malloc.c:967) | |
==2917070== by 0x4A1BBA: sh_free (malloc.c:1457) | |
==2917070== by 0x4743A7: sh_xfree (xmalloc.c:223) | |
==2917070== by 0x44D7D2: remove_pattern (subst.c:5336) | |
==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904) | |
==2917070== by 0x459428: parameter_brace_expand (subst.c:10090) | |
==2917070== by 0x459EB2: param_expand (subst.c:10538) | |
==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236) | |
==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816) | |
==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000) | |
==2917070== by 0x4605C1: expand_words (subst.c:12280) | |
==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506) | |
==2917070== Address 0x4a9fac0 is 16 bytes before a block of size 128 alloc'd | |
==2917070== at 0x48477FC: realloc (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) | |
==2917070== by 0x492FE2: xdupmbstowcs2 (xmbsrtowcs.c:210) | |
==2917070== by 0x4932F0: xdupmbstowcs (xmbsrtowcs.c:298) | |
==2917070== by 0x44D789: remove_pattern (subst.c:5318) | |
==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904) | |
==2917070== by 0x459428: parameter_brace_expand (subst.c:10090) | |
==2917070== by 0x459EB2: param_expand (subst.c:10538) | |
==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236) | |
==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816) | |
==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000) | |
==2917070== by 0x4605C1: expand_words (subst.c:12280) | |
==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506) | |
==2917070== | |
==2917070== Invalid read of size 1 | |
==2917070== at 0x4A0DDC: internal_free (malloc.c:978) | |
==2917070== by 0x4A1BBA: sh_free (malloc.c:1457) | |
==2917070== by 0x4743A7: sh_xfree (xmalloc.c:223) | |
==2917070== by 0x44D7D2: remove_pattern (subst.c:5336) | |
==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904) | |
==2917070== by 0x459428: parameter_brace_expand (subst.c:10090) | |
==2917070== by 0x459EB2: param_expand (subst.c:10538) | |
==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236) | |
==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816) | |
==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000) | |
==2917070== by 0x4605C1: expand_words (subst.c:12280) | |
==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506) | |
==2917070== Address 0x4a9fac0 is 16 bytes before a block of size 128 alloc'd | |
==2917070== at 0x48477FC: realloc (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) | |
==2917070== by 0x492FE2: xdupmbstowcs2 (xmbsrtowcs.c:210) | |
==2917070== by 0x4932F0: xdupmbstowcs (xmbsrtowcs.c:298) | |
==2917070== by 0x44D789: remove_pattern (subst.c:5318) | |
==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904) | |
==2917070== by 0x459428: parameter_brace_expand (subst.c:10090) | |
==2917070== by 0x459EB2: param_expand (subst.c:10538) | |
==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236) | |
==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816) | |
==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000) | |
==2917070== by 0x4605C1: expand_words (subst.c:12280) | |
==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506) | |
==2917070== | |
malloc: subst.c:5336: assertion botched | |
free: called with unallocated block argument | |
Aborting...==2917070== | |
==2917070== Process terminating with default action of signal 6 (SIGABRT): dumping core | |
==2917070== at 0x48DFA8C: __pthread_kill_implementation (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6) | |
==2917070== by 0x4890C85: raise (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6) | |
==2917070== by 0x487A8B9: abort (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6) | |
==2917070== by 0x4403A0: programming_error (error.c:175) | |
==2917070== by 0x4A0B8E: xbotch (malloc.c:390) | |
==2917070== by 0x4A0E1A: internal_free (malloc.c:984) | |
==2917070== by 0x4A1BBA: sh_free (malloc.c:1457) | |
==2917070== by 0x4743A7: sh_xfree (xmalloc.c:223) | |
==2917070== by 0x44D7D2: remove_pattern (subst.c:5336) | |
==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904) | |
==2917070== by 0x459428: parameter_brace_expand (subst.c:10090) | |
==2917070== by 0x459EB2: param_expand (subst.c:10538) | |
==2917070== | |
==2917070== HEAP SUMMARY: | |
==2917070== in use at exit: 153,368 bytes in 2,409 blocks | |
==2917070== total heap usage: 2,436 allocs, 27 frees, 211,978 bytes allocated | |
==2917070== | |
==2917070== LEAK SUMMARY: | |
==2917070== definitely lost: 0 bytes in 0 blocks | |
==2917070== indirectly lost: 0 bytes in 0 blocks | |
==2917070== possibly lost: 33,123 bytes in 1,052 blocks | |
==2917070== still reachable: 120,245 bytes in 1,357 blocks | |
==2917070== suppressed: 0 bytes in 0 blocks | |
==2917070== Rerun with --leak-check=full to see details of leaked memory | |
==2917070== | |
==2917070== For lists of detected and suppressed errors, rerun with: -s | |
==2917070== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) | |
/nix/store/sbf599f5q19cn7xm3l641irs6acg39zh-test.sh: line 2: 2917070 Aborted (core dumped) /nix/store/v45j2p2izb3pa2fxdw978bahhkb2ghza-toybox-0.8.10/bin/env - foo=bar LC_CTYPE=C.UTF-8 /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/bin/valgrind /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c 'echo ${foo#ba}' | |
$ echo $? | |
134 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ nix run | |
==2934752== Memcheck, a memory error detector | |
==2934752== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. | |
==2934752== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info | |
==2934752== Command: /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c echo\ ${foo#baz} | |
==2934752== | |
bar | |
==2934752== Invalid free() / delete / delete[] / realloc() | |
==2934752== at 0x4845154: free (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) | |
==2934752== by 0x474289: xfree (xmalloc.c:150) | |
==2934752== by 0x464B27: unwind_frame_run_internal (unwind_prot.c:326) | |
==2934752== by 0x4646D1: without_interrupts (unwind_prot.c:118) | |
==2934752== by 0x464C95: run_unwind_frame (unwind_prot.c:144) | |
==2934752== by 0x47AF1E: parse_and_execute (evalstring.c:577) | |
==2934752== by 0x41C0DF: run_one_command (shell.c:1473) | |
==2934752== by 0x41D77F: main (shell.c:763) | |
==2934752== Address 0x4042790 is in the brk data segment 0x4035000-0x404dfff | |
==2934752== | |
==2934752== | |
==2934752== HEAP SUMMARY: | |
==2934752== in use at exit: 29 bytes in 1 blocks | |
==2934752== total heap usage: 31 allocs, 31 frees, 21,419 bytes allocated | |
==2934752== | |
==2934752== LEAK SUMMARY: | |
==2934752== definitely lost: 0 bytes in 0 blocks | |
==2934752== indirectly lost: 0 bytes in 0 blocks | |
==2934752== possibly lost: 0 bytes in 0 blocks | |
==2934752== still reachable: 29 bytes in 1 blocks | |
==2934752== suppressed: 0 bytes in 0 blocks | |
==2934752== Rerun with --leak-check=full to see details of leaked memory | |
==2934752== | |
==2934752== For lists of detected and suppressed errors, rerun with: -s | |
==2934752== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) | |
$ echo $? | |
0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment