|
From: Matthew J F. <mfl...@se...> - 2005-08-12 08:21:53
|
On Thursday 11 Aug 2005 4:36 pm, Nicholas Nethercote wrote:
> On Thu, 11 Aug 2005, Dennis Lubert wrote:
> > whoops, ok, you said that it was in the if statement, sorry...
> > but, Deflate will point to deflate thus...
> >
> > *(Deflate + 0) == 'd'
> > *(Deflate + 1) == 'e'
> > *(Deflate + 2) == 'f'
> > *(Deflate + 3) == 'l'
> > *(Deflate + 4) == 'a'
> > *(Deflate + 5) == 't'
> > *(Deflate + 6) == 'e'
> > *(Deflate + 7) == '\0'
> > *(Deflate + 8) == '<undefined>'
> >
> > or am I completely missing something ? (btw why doesnt valgrind then
> > report this here...)
>
> I think the string will be in static memory which is auto-zeroed, not
> undefined. So from Memcheck's point of view everything is ok. At least,
> I also don't get an error for this program -- Matthew, can you post the
> full Valgrind output you get for this program?
>
> Nick
---- test.c ----
int main(void)
{
char *Deflate = strstr( "gzip,deflate", "deflate" );
if ( !Deflate )
return 0;
if ( *(Deflate + 8 ) == ';' )
return 1;
return 2;
}
gcc-3.4.1 -g -ggdb test.c -o test
[mfletcher@dangermouse mfletcher]$ valgrind --tool=memcheck --num-callers=8
--leak-check=yes test
==3326== Memcheck, a memory error detector.
==3326== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==3326== Using LibVEX rev 1313, a library for dynamic binary translation.
==3326== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==3326== Using valgrind-3.0.0, a dynamic binary instrumentation framework.
==3326== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==3326== For more details, rerun with: -v
==3326==
==3326==
==3326== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 16 from 1)
==3326== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3326== malloc/free: 103 allocs, 103 frees, 7989 bytes allocated.
==3326== For counts of detected errors, rerun with: -v
==3326== No malloc'd blocks -- no leaks are possible.
ok, the code is clearly wrong and is accessing space past the end of a
staticly allocated buffer. For some reason valgrind, is not finding this.
----- test1.c -----
int main(void)
{
char *String;
char *Deflate;
String = malloc(13);
strcpy(String,"gzip,deflate");
Deflate = strstr( String, "deflate" );
if ( !Deflate )
goto exit;
if ( *(Deflate + 8 ) == ';' )
//goto exit;
return 1;
exit:
free(String);
return 0;
}
gcc-3.4.1 -g -ggdb test1.c -o test1
[mfletcher@dangermouse mfletcher]$ valgrind --tool=memcheck --num-callers=8
--leak-check=yes ./test1
==3979== Memcheck, a memory error detector.
==3979== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==3979== Using LibVEX rev 1313, a library for dynamic binary translation.
==3979== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==3979== Using valgrind-3.0.0, a dynamic binary instrumentation framework.
==3979== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==3979== For more details, rerun with: -v
==3979==
==3979== Invalid read of size 1
==3979== at 0x804846F: main (test.c:15)
==3979== Address 0x1BA37035 is 0 bytes after a block of size 13 alloc'd
==3979== at 0x1B8FD896: malloc (vg_replace_malloc.c:149)
==3979== by 0x8048431: main (test.c:7)
==3979==
==3979== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 16 from 1)
==3979== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3979== malloc/free: 1 allocs, 1 frees, 13 bytes allocated.
==3979== For counts of detected errors, rerun with: -v
==3979== No malloc'd blocks -- no leaks are possible.
ok, this time valgrind is correctly telling me that i am reading past the end
of the malloc'd array.
----- test2.c ------
int main(void)
{
char *String;
char *Deflate;
String = malloc(13);
strcpy(String,"gzip,deflate");
Deflate = strstr( String, "deflate" );
if ( !Deflate )
goto exit;
if ( *(Deflate + 8 ) == ';' )
goto exit;
// return 1;
exit:
free(String);
return 0;
}
gcc-3.4.1 -g -ggdb test2.c -o test2
valgrind --tool=memcheck --num-callers=8 --leak-check=yes ./test2
==4087== Memcheck, a memory error detector.
==4087== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==4087== Using LibVEX rev 1313, a library for dynamic binary translation.
==4087== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==4087== Using valgrind-3.0.0, a dynamic binary instrumentation framework.
==4087== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==4087== For more details, rerun with: -v
==4087==
==4087==
==4087== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 16 from 1)
==4087== malloc/free: in use at exit: 0 bytes in 0 blocks.
==4087== malloc/free: 1 allocs, 1 frees, 13 bytes allocated.
==4087== For counts of detected errors, rerun with: -v
==4087== No malloc'd blocks -- no leaks are possible.
oops, no error report this time, valgrind does not like goto's, which i
suppose i should take as a hint.
regards
---
Matthew J Fletcher
Embedded Software
Serck Controls Ltd
---
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: po...@se...
A subsidiary of Serck Controls Pty. Ltd. Reg. in England No. 4353634
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been checked by MessageLabs
******************************************************************
|