On armhf, valgrind dies with a SIGSEGV when checking certain programs
built with either -fstack-clash-protection or -fstack-check.

The following example is a reproducer:

  // example.c
  void a_function() { char buf[8192]; }
  int main() { a_function(); }

The issue can be reproduced with:

  $ gcc -fstack-clash-protection example.c -o example && valgrind ./example
  ==2743356== Memcheck, a memory error detector
  ==2743356== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
  ==2743356== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info
  ==2743356== Command: ./example
  ==2743356==
  ==2743356==
  ==2743356== Process terminating with default action of signal 11 (SIGSEGV)
  ==2743356==  Access not within mapped region at address 0xFEF0CB04
  ==2743356==    at 0x1084EA: a_function (in /tmp/example)
  ==2743356==  If you believe this happened as a result of a stack
  ==2743356==  overflow in your program's main thread (unlikely but
  ==2743356==  possible), you can try to increase the size of the
  ==2743356==  main thread stack using the --main-stacksize= flag.
  ==2743356==  The main thread stack size used in this run was 8388608.
  ==2743356==
  ==2743356== HEAP SUMMARY:
  ==2743356==     in use at exit: 0 bytes in 0 blocks
  ==2743356==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
  ==2743356==
  ==2743356== All heap blocks were freed -- no leaks are possible
  ==2743356==
  ==2743356== For lists of detected and suppressed errors, rerun with: -s
  ==2743356== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 3 from 3)
  Segmentation fault

Control: affects -1 + libvorbis-dev
Control: block 1061501 by -1

This issue cause a failing autopkgtest with libvorbis.  I would much
prefer a fix in valgrind instead of disabling a autopkgtest check.

Hi Petter,

As an alternative to disabling the test, you could consider disabling
stack-clash-protection on armhf for libvorbis:

ifeq ($(DEB_TARGET_ARCH),armhf)
  export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-stackclash
else
  export DEB_BUILD_MAINT_OPTIONS = hardening=+all
endif

Hello,

Bug #1061496 in libvorbis reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/multimedia-team/libvorbis/-/commit/fb874ca6ceaa8cf4cc52b59f504d9a35aa963065
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1061496

We believe that the bug you reported is fixed in the latest version of
libvorbis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1061496@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dennis Braun <snd@debian.org> (supplier of updated libvorbis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 09 Mar 2024 20:18:21 +0100
Source: libvorbis
Architecture: source
Version: 1.3.7-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Dennis Braun <snd@debian.org>
Closes: 1061496
Changes:
 libvorbis (1.3.7-2) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
     Repository-Browse.
 .
   [ Dennis Braun ]
   * Disable test-coupling-segfault on armhf due to valgrind bug
     (Closes: #1061496) Thanks to Emanuele Rocca!
   * Bump Standards-Version to 4.6.2
   * Change my email address
Checksums-Sha1:
 70a6bed350aa440a29da2be63b47f6aee8f6327f 2377 libvorbis_1.3.7-2.dsc
 17d346ecee832f3044ac388015bd6cbacb832d30 11712 libvorbis_1.3.7-2.debian.tar.xz
 3d83725b38bc470511cb41119c465d6aa6e85a19 5969 libvorbis_1.3.7-2_source.buildinfo
Checksums-Sha256:
 cc3dc701dc50f23906d1454c1e58781c808541de09e0c8efcd12994dfdfc299e 2377 libvorbis_1.3.7-2.dsc
 90e2da0b515079d243db63e0657ac1e0434af5b0e3e7fd106d5d2472d284644b 11712 libvorbis_1.3.7-2.debian.tar.xz
 f0816759a552ea033a990f52271ee1f7c695b82f424cbc3001e6b2a0d4e719a6 5969 libvorbis_1.3.7-2_source.buildinfo
Files:
 8aff437837e657a5a81dfd27445b2d2b 2377 libs optional libvorbis_1.3.7-2.dsc
 b5b443776a943a052ebb6ad3be4afb57 11712 libs optional libvorbis_1.3.7-2.debian.tar.xz
 53021f418a14d7251d04944208be45a2 5969 libs optional libvorbis_1.3.7-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEPLfDAq+1fmGoxhfdY06lXZArmDYFAmXst0EPHHNuZEBkZWJp
YW4ub3JnAAoJEGNOpV2QK5g2eaYQAJutKXJQWVEXgeDYSl3oAMf63enGBp0TQFKc
IAHv+2CeB5rWdF0faIa32bWAA1/G32dJTO8H2X3SspfY7D+0M2BbEai7ZDfXty5X
2X4uSZgQEvcLDpoRZWG89LnB2LhHmJkid+1LefYx+L9KbmBCpClFw//Vsv2ZSptQ
Rk/2n3LFRe7nKulImhd7wsVjNVRzPhju2e3uJ84RvPlOtcJ/vm3T8sZdEsrLsi0U
rR54oakkEbmFZE6nDzc/RdoYlj/YAIufuE9Gf1aQgG/K7TR/qjk1NV3BNhRjhrz2
Z5e3CUmuSANYMAQ7d03PIVNrGHYaje8schslRk7+ROnl2RGjwjZAkSJz7/L8ZIHj
twKPpjBLTVUawLy+dq408OvE+GE8ms7xkWJfs7xnLWcTV8D30OvngAztE9G3NlVG
j7S/nb/H0mdieoV7GDcthy9ezNCVqzlx+QXhvRAKSKSvdb1nU//pOVKebFUuLri5
Wdi5WXjeYfoWeEBWHN0EATevqmcufZor/6m+qxdRav1UW7dF1mOPccn5vW9Uy650
QjsE4iAnoKEzUgFOUCNS6Hwm1VpKJCt3lD3xIW1BulnIbyx28yVg3mKRcvs7W3tA
xeV6VDY+OkYUr8t7+ZXHcZjHt6njC3FcdmLLrKS4+l7w80fRoHkHfK5v9c5wmB3T
KHKoS+cV
=l/Wm
-----END PGP SIGNATURE-----

Sorry wrong bug closed, i reopened it.

Hi Emanuele,

Does this hold for other packages as well? I forgot I disabled the
valgrind test on armhf in src:siridb-server and switched the test
Build-Depends from valgrind to valgrind-if-available and now the build
fails:
https://buildd.debian.org/status/fetch.php?pkg=siridb-server&arch=armhf&ver=2.0.53-1&stamp=1763196009&raw=0

Paul

Hi Paul,

Unfortunately this does not work in the case of siridb-server, given
that the segfaulting code is in a shared library. See 1068157#20.

I filed the (related, closed) bug #1102495 some time ago, and after being asked
to refile in various places I've got a message on Launchpad from Valgrind.
I think it's relevant to this conversation, but to be honest this is all
way over my head, so apologies if this is just noise :)

My read is that valgrind recommends disabling -fstack-clash-protection,
but I've probably misunderstood something.  Please see the full thread below
or at https://bugs.launchpad.net/raspbian/+bug/2106733 (which will soon have
a note about how I wrote this after 1102495-done@bugs.debian.org bounced).

----- Forwarded message from Andrew Sayers <2106733@bugs.launchpad.net> -----

Date: Mon, 17 Nov 2025 19:08:24 -0000
From: Andrew Sayers <2106733@bugs.launchpad.net>
To: andrew-bugs.launchpad.net@pileofstuff.org
Subject: [Bug 2106733] Re: dpkg-dev calls gcc with settings that break valgrind

CCing 1102495-done@bugs.debian.org, as I think some of this goes there.
(I'm just an ordinary valgrind user who stumbled over a bug)

Debian and Raspbian are unrelated projects, with Raspbian mostly downstream of
Debian.  It sounds like your libarmmem.so issue is aimed at Raspbian,
but your suppression file issue is aimed at Debian?

Note: Debian's "armhf" builds use ARMv7, Raspbian "armhf" builds use ARMv6.
I'm not sure whether that's part of this problem, but please be aware
the two projects use the same word to mean different things.

I think you're saying you're aware of the 2018 Procedure Call Standard
mentioned in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102495#11
but don't recognise it as an actual standard?
(not taking a position, just making sure we're on the same page)

I'm afraid the technology discussion goes beyond my understanding,
but it sounds like the conversation is heading towards the following:

1. close https://bugs.kde.org/show_bug.cgi?id=479699 as WONTFIX
2. disable stackclash in Debian
3. wait for the fix to naturally make its way into Raspbian

** Bug watch added: Debian Bug tracker #1102495
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102495

** Bug watch added: KDE Bug Tracking System #479699
https://bugs.kde.org/show_bug.cgi?id=479699

** Bug watch added: Debian Bug tracker #1061496
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061496

----- End forwarded message -----