arm-mem causes invalid read for simple program

[andrew-sayers]

I'm not sure how to describe this other than to show how to replicate it.

Compile the following program:

$ gcc -g -x c - <<EOF
#include <stdlib.h>
#include <string.h>

int main() {
  char *does_not_trigger_bug = malloc(16);
  char *triggers_bug = malloc(15);
  does_not_trigger_bug[0] = triggers_bug[0] = 0;
  return strlen(does_not_trigger_bug) + strlen(triggers_bug);
}
EOF

Run in valgrind with raspi-copies-and-fills installed:

$ sudo apt install raspi-copies-and-fills
...
$ valgrind ./a.out
==11562== Memcheck, a memory error detector
==11562== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==11562== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==11562== Command: ./a.out
==11562== 
==11562== Invalid read of size 8
==11562==    at 0x48531DC: ??? (in /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so)
==11562==  Address 0x49de070 is 8 bytes inside a block of size 15 alloc'd
==11562==    at 0x483271C: malloc (vg_replace_malloc.c:381)
==11562==    by 0x1047F: main (<stdin>:6)
==11562== 
==11562== 
==11562== HEAP SUMMARY:
==11562==     in use at exit: 31 bytes in 2 blocks
==11562==   total heap usage: 2 allocs, 0 frees, 31 bytes allocated
==11562== 
==11562== LEAK SUMMARY:
==11562==    definitely lost: 31 bytes in 2 blocks
==11562==    indirectly lost: 0 bytes in 0 blocks
==11562==      possibly lost: 0 bytes in 0 blocks
==11562==    still reachable: 0 bytes in 0 blocks
==11562==         suppressed: 0 bytes in 0 blocks
==11562== Rerun with --leak-check=full to see details of leaked memory
==11562== 
==11562== For lists of detected and suppressed errors, rerun with: -s
==11562== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Remove raspi-copies-and-fills and try again:

$ sudo apt -y remove raspi-copies-and-fills
...
$ valgrind ./a.out
==11606== Memcheck, a memory error detector
==11606== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==11606== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==11606== Command: ./a.out
==11606== 
==11606== 
==11606== HEAP SUMMARY:
==11606==     in use at exit: 31 bytes in 2 blocks
==11606==   total heap usage: 2 allocs, 0 frees, 31 bytes allocated
==11606== 
==11606== LEAK SUMMARY:
==11606==    definitely lost: 31 bytes in 2 blocks
==11606==    indirectly lost: 0 bytes in 0 blocks
==11606==      possibly lost: 0 bytes in 0 blocks
==11606==    still reachable: 0 bytes in 0 blocks
==11606==         suppressed: 0 bytes in 0 blocks
==11606== Rerun with --leak-check=full to see details of leaked memory
==11606== 
==11606== For lists of detected and suppressed errors, rerun with: -s
==11606== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Expected: no invalid read
Observed: invalid read when the package is installed

Tested on a Raspberry Pi 3B+ on Bookworm:

$ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 12 (bookworm)"
NAME="Raspbian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
$ cat /proc/cpuinfo
processor       : 0
model name      : ARMv7 Processor rev 4 (v7l)
BogoMIPS        : 38.40
Features        : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32 
CPU implementer : 0x41
CPU architecture: 7
CPU variant     : 0x0
CPU part        : 0xd03
CPU revision    : 4

processor       : 1
model name      : ARMv7 Processor rev 4 (v7l)
BogoMIPS        : 38.40
Features        : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32 
CPU implementer : 0x41
CPU architecture: 7
CPU variant     : 0x0
CPU part        : 0xd03
CPU revision    : 4

processor       : 2
model name      : ARMv7 Processor rev 4 (v7l)
BogoMIPS        : 38.40
Features        : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32 
CPU implementer : 0x41
CPU architecture: 7
CPU variant     : 0x0
CPU part        : 0xd03
CPU revision    : 4

processor       : 3
model name      : ARMv7 Processor rev 4 (v7l)
BogoMIPS        : 38.40
Features        : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32 
CPU implementer : 0x41
CPU architecture: 7
CPU variant     : 0x0
CPU part        : 0xd03
CPU revision    : 4

Hardware        : BCM2835
Revision        : a020d3
Serial          : 00000000451a6940
Model           : Raspberry Pi 3 Model B Plus Rev 1.3

[paulfloyd]

The same thing applies to this as to #14.