[TOOL] Valgrind, an Open-Source Memory Debugger for x86-GNU/Linux

From: SecuriTeam (support_at_securiteam.com)
Date: 10/22/03

  • Next message: SecuriTeam: "[NEWS] Apache Cocoon Directory Traversal Vulnerability" 
    To: list@securiteam.com
Date: 22 Oct 2003 19:09:50 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Valgrind, an Open-Source Memory Debugger for x86-GNU/Linux
    ------------------------------------------------------------------------

    DETAILS

    Valgrind is a GPL'd tool to help you find memory-management problems in
    your programs. When a program is run under Valgrind's supervision, all
    reads and writes of memory are checked, and calls to
    malloc/new/free/delete are intercepted. As a result, Valgrind can detect
    problems such as:

     * Use of uninitialised memory
     * Reading/writing memory after it has been free'd
     * Reading/writing off the end of malloc'd blocks
     * Reading/writing inappropriate areas on the stack
     * Memory leaks -- where pointers to malloc'd blocks are lost forever
     * Passing of uninitialised and/or unaddressible memory to system calls
     * Mismatched use of malloc/new/new [] vs free/delete/delete []
     * Some misuses of the POSIX pthreads API

    Valgrind tracks each byte of memory in the original program with nine
    status bits, one of which tracks addressability of that byte, while the
    other eight track the validity of the byte. As a result, it can detect the
    use of single uninitialised bits, and does not report spurious errors on
    bitfield operations.

    You can use it to debug more or less any dynamically linked ELF x86
    executable, without modification, recompilation, or anything. If you want,
    Valgrind can start GDB and attach it to your program at the point(s) where
    errors are detected, so that you can poke around and figure out what was
    going on at the time.

    Valgrind works well enough to debug many large x86-linux applications. To
    give you some idea of the scale of programs it can run: most of KDE3,
    Gnome stuff, Mozilla, OpenOffice, MySQL, Opera, KOffice-1.2beta1,
    emacs-21.2, xemacs-21.5(--pdump), Netscape-4.78, Gcc, AbiWord, etc, etc.
    KDE3 was extensively valgrinded in the two months prior to the KDE 3.0
    release. Valgrind is primarily a debugging tool for large, complex
    programs. It is not a toy or a research vehicle.

    Valgrind contains built-in support for doing very detailed cache
    profiling. Since we already intercept every read and write, and have all
    the debugging information for your program close to hand, it's not too
    hard to also do a detailed simulation of your CPU's L1-D, L1-I and unified
    L2 caches. The supplied vg_annotate program will show your source code
    with these counts attached to every line. The cache arrangement of your
    CPU is auto-detected using the CPUID instruction. If that does not work or
    you want to override it, you can specify custom cache parameters on the
    command line. The manual contains full documentation of this new feature.

    The cache profiling aspects (and much, much else) are due to the excellent
    hacking of Nick Nethercote. Please do try it out -- you just need to put
    valgrind --skin=cachegrind in front of your program invocations, rather
    than valgrind. We hope it will be a useful performance-analysis tool.

    ADDITIONAL INFORMATION

    The tool can be downloaded from: <http://developer.kde.org/~sewardj/>
    http://developer.kde.org/~sewardj/.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Apache Cocoon Directory Traversal Vulnerability"

    Relevant Pages

    • [NT]Microsoft Windows WRITE_ANDX SMB Command Handling Kernel DoS
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Windows Vista SP1 with latest security updates ... Invalid system memory was referenced. ... Srv.sys is the driver that will process the received SMB packet, ...
      (Securiteam)
    • [NT] Defeating Microsoft Windows XP SP2 Heap Protection and DEP Bypass
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... and bypassing DEP (Data Execution Prevention). ... Buffer overrun attacks are among the most common mechanisms, or vectors, ... a long string to an input stream or control longer than the memory ...
      (Securiteam)
    • Re: purge like utility in c
      ... As you well know valgrind can be used with any standard C program where as garbage collection cannot. ... Apart from that, on x86 and amd64, essentially all instructions are supported, up to and including SSE2. ... This will affect any use of synchronization via memory shared between processes. ... For each exception, two courses of action are defined by 754: either a user-defined exception handler may be called, or a default action is defined, which "fixes things up" and allows the computation to proceed without throwing an exception. ...
      (comp.lang.c)
    • [NEWS] Buffer Overflow in Mozilla Browser Firefox (Heap Corruption)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... corruption in the Mozilla browser as well as in Mozilla Firefox, ... The vulnerability specifically exists in string handling functions, ... pointing at a known memory location. ...
      (Securiteam)
    • [PATCH 1/6] base: Valgrind headers and Kconfig
      ... Valgrind header files that define the client request mechanism used to annotate programs plus a couple lines to integrate with Kconfig. ... the terms of the GNU General Public License, ... You can use these macros to manipulate and query memory permissions ... loss is negligible unless you plan to execute client requests ...
      (Linux-Kernel)