Closed vanhauser-thc closed 6 years ago
I wasn't able to reproduce this on my machine (Ubuntu x64). Could you run this debugging patch and paste the output here? Thanks
here is the full output:
/prg/tmp/valgrind-3.13.0/inst/bin # ./valgrind --tool=taintgrind --taint-network=yes -- nc -lnvp 80
==16327== Taintgrind, the taint analysis tool
==16327== Copyright (C) 2010-2014, and GNU GPL'd, by Wei Ming Khoo.
==16327== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==16327== Command: nc -lnvp 80
==16327==
check_reg: reg 864 >= 740
Taintgrind: tnt_main.c:2537 (check_reg): Assertion 'reg < RI_MAX' failed.
host stacktrace:
==16327== at 0x5802FA8A: show_sched_status_wrk (m_libcassert.c:355)
==16327== by 0x5802FBA4: report_and_quit (m_libcassert.c:426)
==16327== by 0x5802FD29: vgPlain_assert_fail (m_libcassert.c:492)
==16327== by 0x580001C2: check_reg.part.9 (tnt_main.c:2537)
==16327== by 0x5800D176: vgTaintgrind_h64_put_t (tnt_main.c:3107)
==16327== by 0x10055BACEF: ???
==16327== by 0x100315AF2F: ???
==16327== by 0x1C0F: ???
==16327== by 0x100200E56F: ???
==16327== by 0x100315AF17: ???
==16327== by 0x100315AF2F: ???
==16327== by 0x10C75: ???
==16327== by 0x10055BA7F7: ???
==16327== by 0x1688E: ???
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable (lwpid 16327)
==16327== at 0x109FCD: ??? (in /usr/local/bin/nc)
==16327== by 0x10C79C: ??? (in /usr/local/bin/nc)
==16327== by 0x4E50EBA: (below main) (libc-start.c:266)
btw when compiling I see these warnings, maybe its connected:
tnt_main.c: In function 'vgTaintgrind_h64_puti': tnt_main.c:3167:21: warning: right shift count >= width of type [-Wshift-count-overflow] UInt base = (tt1 >> 32) & 0xffffffff; ^~ tnt_main.c:3170:19: warning: right shift count >= width of type [-Wshift-count-overflow] UInt ix = (tt2 >> 32) & 0xffffffff;
that reminds me of this: https://gist.github.com/tkchia/7ba4f8fa3b5007bae48f193bd089d47e#file-taintgrind-ri-max-diff seems to try to take care of the same issue
The patch by @tkchia should work. @tkchia you want to send me a pull request? So I can credit you for the patch.
as it is fixed now I am closing the issue, thanks!
When using either the taint-stdin or taint-network option, taintgrind crashes for me:
valgrind --tool=taintgrind --taint-network=yes -- nc -lnvp 80 Taintgrind: tnt_main.c:3102 (vgTaintgrind_h64_put_t): Assertion 'reg < RI_MAX' failed.
this happens after around 1 second after starting, before netcat is receiving any data.
This is on both valgrind 3.13 and 3.12