proxy70

                                        
                                   * * * * *
                                        
                   How to run valgrind on a CGI program in C
                                        
There was still one bug left with mod_blog [1]—it would crash with a memory
corruption error (thanks to checking in glibc [2] when doing a POST. I only
found the bug because I was using the old web interface to make sure I had
the right credentials when testing the PUT method [3]. How long had the bug
existed? At least six years—it's been seven sine I last used the web
interface (I checked).

It did not crash on the development server due to subtle differences between
the operating system and versions of glibc being used. But it is ultimately a
memory corruption, so the use of valgrind [4] would be instrumental in
finding the issue. The problem is—it only manefests itself when doing a POST,
which means testing the program under a web server. And a web server will
pass information about the request to the CGI (Common Gateway Interface)
program through environment variables, and any input comes in via stdin.

So just how do you run valgrind on a program meant to be run as a CGI
program?

After some thought, I figured out a way. I need to capture the environment
the CGI program runs under, so I added the following bit of code to mod_blog
to capture the environment:

-----[ C ]-----
extern char *envriron;
FILE *fp = fopen("/tmp/env.txt","w");
for (size_t i = 0 ; environ[i] != NULL ; i++)
  fprintf(fp,"export %s\n",environ[i]);
fclose(fp);
-----[ END OF LINE ]-----

I wasn't worried about error checking—this is temporary code anyway. I then
do a POST and I now have the environment variables in a file:

-----[ text ]-----
...
export GATEWAY_INTERFACE=CGI/1.1
export HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
export CONTENT_LENGTH=149
export CONTENT_TYPE=application/x-www-form-urlencoded
export REQUEST_METHOD=POST
...
-----[ END OF LINE ]-----

The reason I added “export” was to copy these environment variables to a
shell script where I can then run valgrind and debug the situation:

-----[ shell ]-----
...
export GATEWAY_INTERFACE=CGI/1.1
export HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,\*/\*\;q=0.8
export CONTENT_LENGTH=149
export CONTENT_TYPE=application/x-www-form-urlencoded
export REQUEST_METHOD=POST
...

valgrind $HOME/source/boston/src/main <r.stdin
-----[ END OF LINE ]-----

Of course, I had to escape some problematic characters like the asterisk or
semicolon, but there were only a few such characters and they could be done
by hand. And I had to create the input feed into stdin but that was easy
enough. From there, it's straightforward…ish enough to resolve the issues.

[1] https://github.com/spc476/mod_blog
[2] https://www.gnu.org/software/libc/
[3] gopher://gopher.conman.org/0Phlog:2024/08/23.1
[4] https://valgrind.org/
---

Discussions about this page

How to run valgrind on a CGI program in C | Lobsters
  https://lobste.rs/s/mittgy

How to run Valgrind on a CGI program in C | Hacker News
  https://news.ycombinator.com/item?id=41346001

Email author at sean@conman.org