glibc-audit 2.4-4 review

by on

glibc-audit is a modified version of glibc for application developers who check their code with an automatic memory access checker su

License: LGPL (GNU Lesser General Public License)
File size: 4285K
Developer: John Reiser
0 stars award from

glibc-audit is a modified version of glibc for application developers who check their code with an automatic memory access checker such as valgrind, Insure++, or Purify.

glibc-audit has been audited and cleaned up so that reports from the developer's use of a memory access checker are more likely to be interesting to the developer, with less "noise" from the C library itself. Typically, glibc-audit initializes all of its local variables and structs before use. Ordinary glibc uses uninitialized dummy variables that are "don't-care" to its logic but reported by the memory access checker.

Also, the r_debug.r_brk protocol has been enhanced to co-operate with a co-resident auditor. If the auditor sets .r_brk, then the runtime loader will call the auditor directly whenever a shared library event occurs.

This is much more convenient than using breakpoints. By default the old breakpoint protocol works just like before. The new protocol is binary compatible with the old on machines where a pointer to a function is the same size as an ordinary pointer. Platforms where a pointer to a function is larger (such as HP-PA RISC, Alpha processor, or PowerPC) are not binary backward compatible, and will have to increment r_debug.r_version. Exising clients (such as gdb) also will see an ignorable type mismatch error when they are built. But for now, it is worth more not to antagonize gdb at runtime on x86.

The patch modifies 91 files. Compared to glibc-2.3.2-27.9, the additional code occupies 18 more bytes of .text, and 24 fewer bytes in the .so. On a nano-scopic scale, the typical execution cost is 0 to 3 CPU cycles per affected routine; the estimated median total impact is less than 1 second per machine per day. In the case of *printf(), glibc-audit is faster than glibc because the cleaned-up source helps gcc-3.2 avoid generating atrocious code when initializing for parse_one_spec() in stdio-common/printf-parse.h.

Glibc-audit was constructed by running a memory access checker on the internal testcases of glibc, then analyzing the reported errors and modifying the source. The process revealed 10 memory access bugs in glibc-2.3.2-11.9. Seven were fixed in glibc-2.3.2-27.9, two more have been fixed in CVS, and one is a design flaw that probably will not be fixed.

Predecessor patches to glibc-audit-1 were submitted to the glibc project, but those patches were ignored [user "guest", password "guest"], declined, or rejected. There is enough improvement in usability and reliability to publish glibc-audit-1 separately.

The unmodified glibc-2.3.2-27.9.src.rpm is available from RedHat mirrors. rpmbuild -ba --target i686 took about 4 hours and 2.5GB of disk space on a machine with 1.1GHz CPU, 384MB RAM, UDMA100 disk.

What's New in This Release:
The patches were updated to glibc-2.4-4.
A glibc bug that interfered with gdb stop-on-solib-events was fixed.
On x86, x86-64, and PowerPC, the __NR_open system call was improved to avoid leaking information from the user to the kernel.

glibc-audit 2.4-4 keywords