memcheck/tests/thread_alloca.c

   1 /* Reproduces bug 321960 (based on test from Daniel Stodden).
   2    At least on Ubuntu 12 and 13, causes invalid write errors
   3    in __yell or the memset call (due to some part of the main
   4    stack being marked as not addressable in memcheck).
   5    Bug seems extremely sensitive to initial conditions:
   6    Depending on the size of the env, bug is triggered or not.
   7    Also, a high nr of threads in thr[] is needed to get
   8    the problem. */
   9 #include <pthread.h>
  10 #if !defined(__FreeBSD__)
  11 #include <alloca.h>
  12 #endif
  13 #include <assert.h>
  14 #include <string.h>
  15 #include <stdio.h>
  16 #include <unistd.h>
  17 #include <stdlib.h>
  18
  19 void *
  20 nop(void *nil)
  21 {
  22     return NULL;
  23 }
  24
  25 void
  26 __yell(void)
  27 {
  28     char buf[256];
  29     memset(buf, 0, sizeof(buf));
  30 }
  31
  32 /* Without argument, executes once.
  33    Otherwise first arg indicates nr of times the process will exec
  34    itself, each time increasing the size of the environment
  35    by about 50 characters. */
  36 int main(int argc, char **argv, char** envp)
  37 {
  38     pthread_t thr[50];
  39     int i, err;
  40
  41     for (i = 0; i < sizeof(thr) / sizeof(*thr); i++) {
  42         err = pthread_create(&thr[i], NULL, nop, NULL);
  43         assert(!err);
  44     }
  45
  46     alloca(4096);
  47     __yell();
  48
  49     for (i = 0; i < sizeof(thr) / sizeof(*thr); i++)
  50         pthread_join(thr[i], NULL);
  51
  52     if ( argc == 2 && atoi(argv[1]) > 0) {
  53        /* exec ourselves with some more env */
  54        char** new_env;
  55        char more_env[100];
  56        char n[10];
  57        int j;
  58
  59        sprintf(more_env, "N%d=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",  atoi(argv[1]));
  60        for (j = 0; envp[j]; j++)
  61           ;
  62        new_env = malloc((j+2) * sizeof(char*));
  63        assert (new_env != NULL);
  64        for (i = 0; i < j; i++)
  65           new_env[i] = envp[i];
  66        new_env[i++] = more_env;
  67        new_env[i++] = NULL;
  68        assert(i == j+2);
  69        sprintf (n, "%d",  atoi(argv[1]) - 1);
  70        // system ("env | wc");
  71        execle(argv[0], argv[0], n, (char *) NULL, new_env);
  72        assert(0);
  73     } else
  74        return 0;
  75 }