MemorySanitizer: use-of-uninitialized-value in std::sys::unix::memchr::memchr

[tesuji]

Maybe a duplicate of #39610.

Consider this snippet:

fn main() {
    println!("Hello, world!");
}

When running that snippet with memory sanitizer on:

% RUSTFLAGS="-Z sanitizer=memory" cargo run --target x86_64-unknown-linux-gnu
    Finished dev [unoptimized + debuginfo] target(s) in 0.01s
     Running `/home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check`
Uninitialized bytes in __interceptor_memchr at offset 0 inside [0x701000000000, 4)
==6152==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x561a7db482ee in std::sys::unix::memchr::memchr::hc420bdb771a6961e /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/sys/unix/memchr.rs:6:8
    #1 0x561a7db482ee in std::memchr::memchr::hc0e7533a19fc78d4 /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/memchr.rs:25:4
    #2 0x561a7db482ee in std::ffi::c_str::CString::_new::h8aef808ac287a50c /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/ffi/c_str.rs:354:14
    #3 0x561a7db482ee in std::ffi::c_str::CString::new::he94f45d22dd5a91d /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/ffi/c_str.rs:350:8
    #4 0x561a7db482ee in std::thread::Thread::new::_$u7b$$u7b$closure$u7d$$u7d$::hdcec7d7bc3c21e50 /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/thread/mod.rs:1139:25
    #5 0x561a7db482ee in core::option::Option$LT$T$GT$::map::h9fb0e0d9124aaa10 /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libcore/option.rs:450:28
    #6 0x561a7db482ee in std::thread::Thread::new::hc0a5e03f9cf0ae44 /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/thread/mod.rs:1139:12
    #7 0x561a7db4ebd8 in std::rt::lang_start_internal::h9638ed9377af1d17 /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/rt.rs:44:21
    #8 0x561a7db4649d in std::rt::lang_start::h3cff588e75d30b01 /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/rt.rs:67:4
    #9 0x561a7db45f51 in main (/home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check+0x8ff51)
    #10 0x7fe11154809a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #11 0x561a7daea029 in _start (/home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check+0x34029)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /rustc/c2d141df59703393c0c683abc259f9a8c3be041a/src/libstd/sys/unix/memchr.rs:6:8 in std::sys::unix::memchr::memchr::hc420bdb771a6961e
Exiting

---

Meta:

• rustc 1.42.0-nightly (c2d141d 2020-01-24)

[tmiasko]

https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/sanitizer.html#memorysanitizer

[nagisa]

Please verify you can see this with an instrumented build of the standard library and fill a new issue if you continue seeing the issue.

[tesuji]

I got segmentation fault when building instrumented std:

% env RUSTFLAGS="-Zsanitizer=memory -Cllvm-args=-msan-track-origins=2" cargo -Zbuild-std build --target x86_64-unknown-linux-gnu
    Finished dev [unoptimized + debuginfo] target(s) in 0.08s
% rust-gdb -q /home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check                                           
Reading symbols from /home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check...done.
(gdb) r
Starting program: /home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
__sanitizer::internal_memset(void*, int, unsigned long) () at /checkout/src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:93
93      /checkout/src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc: No such file or directory.
(gdb) quit

 % valgrind -q /home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check 
==11856== Invalid write of size 1
==11856==    at 0x1CFD50: __sanitizer::internal_memset(void*, int, unsigned long) (src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:93)
==11856==    by 0x32601E: std::sys::unix::args::imp::ARGV_INIT_ARRAY::init_wrapper (args.rs:114)
==11856==    by 0x62E1E4: __libc_csu_init (in /home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check)
==11856==    by 0x48C6029: (below main) (libc-start.c:264)
==11856==  Address 0x501ffefffd20 is not stack'd, malloc'd or (recently) free'd
==11856== 
==11856== 
==11856== Process terminating with default action of signal 11 (SIGSEGV)
==11856==  Access not within mapped region at address 0x501FFEFFFD20
==11856==    at 0x1CFD50: __sanitizer::internal_memset(void*, int, unsigned long) (src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:93)
==11856==    by 0x32601E: std::sys::unix::args::imp::ARGV_INIT_ARRAY::init_wrapper (args.rs:114)
==11856==    by 0x62E1E4: __libc_csu_init (in /home/lzutao/.cargo/target_dir/x86_64-unknown-linux-gnu/debug/check)
==11856==    by 0x48C6029: (below main) (libc-start.c:264)
==11856==  If you believe this happened as a result of a stack
==11856==  overflow in your program's main thread (unlikely but
==11856==  possible), you can try to increase the size of the
==11856==  main thread stack using the --main-stacksize= flag.
==11856==  The main thread stack size used in this run was 8388608.