|
From: Stephanie S. <ste...@sa...> - 2011-06-17 15:46:04
|
Thanks for the fast replies :)
Am 17.06.2011 15:17, schrieb WAROQUIERS Philippe:
>
>> My program calls malloc(x) several times, where x is never negative nor
>> 0. But on one particular malloc() it always crashes.
>>
>> running my program with valgrind gives me the following hints:
>>
>>
>> - --15446-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11
>> (SIGSEGV) - exiting
>> - --15446-- si_code=1; Faulting address: 0x2D11153860; sp:
>> 0x40317bdd0
>>
>> valgrind: the 'impossible' happened:
>> Killed by fatal signal
>> ==15446== at 0x38032A94: unlinkBlock (m_mallocfree.c:245)
>> ==15446== by 0x3803453D: vgPlain_arena_malloc (m_mallocfree.c:1381)
>> ==15446== by 0x3800292E: vgMemCheck_new_block
>> (mc_malloc_wrappers.c:201)
>> ==15446== by 0x38002C98: vgMemCheck_malloc
>> (mc_malloc_wrappers.c:238)
>> ==15446== by 0x3806140E: vgPlain_scheduler (scheduler.c:1394)
>> ==15446== by 0x3808598A: run_a_thread_NORETURN (syswrap-linux.c:94)
>>
>> sched status:
>> running_tid=1
>>
>> Thread 1: status = VgTs_Runnable
>> ==15446== at 0x4C2668A: malloc (vg_replace_malloc.c:236)
>> ==15446== by 0x4058CD: sort(unsigned int**, unsigned int, unsigned
>> int) (facedetect.cpp:288)
>> ==15446== by 0x407F31: findScrambledArea(cv::Mat&)
>> (facedetect.cpp:312)
>> ==15446== by 0x40AFED: runOperation(Mode, CryptoKey const&,
>> DetectorParams&, std::string, std::string, std::string, bool)
>> (facedetect.cpp:625)
>> ==15446== by 0x40BCC8: main (facedetect.cpp:700)
>>
>>
>>
>> The code in line 288 of facedetect.cpp looks harmless:
>>
>> int* data = (int*) malloc(10);
>> I tried to run it without valgrind, and for sizes smaller than ~800 my
>> program seems to run. For anything bigger I get a glibc error.
>>
>>
>>
>> *** glibc detected *** ./facescramble: malloc(): memory corruption:
>> 0x000000000062b3a0 ***
>> ======= Backtrace: =========
>> /lib64/libc.so.6(+0x72f66)[0x7f47a5066f66]
>> /lib64/libc.so.6(+0x75ffb)[0x7f47a5069ffb]
>> /lib64/libc.so.6(__libc_malloc+0x70)[0x7f47a506bde0]
>> ./facescramble[0x4058ce]
>> ./facescramble[0x407f32]
>> ./facescramble[0x40afee]
>> ./facescramble[0x40bcc9]
>> /lib64/libc.so.6(__libc_start_main+0xfd)[0x7f47a5012d2d]
>> ./facescramble[0x4041e9]
>>
>>
>> Does anyone have any ideas why that might occur?!
>> My glibc version is: sys-libs/glibc-2.12.2
>> and I just recompiled it on gentoo to enable the splitdebug feature
>> which is necessary to run valgrind.
>
> Your program seems to have a bug where it corrupts its memory
> (e.g. writes past an allocated block or so).
> This seems to be detected by both Valgrind (through this internal error)
> and by glibc (reporting a memory corruption).
>
> Is Valgrind reporting other errors before ? Then you should fix these.
>
I actually ignored three warnings. It's still a bit cryptic for me. For
example, I get the following msg:
Invalid write of size 4
==4427== at 0x405930: sort(unsigned int**, unsigned int, unsigned
int) (facedetect.cpp:293)
==4427== by 0x407EA9: findScrambledArea(cv::Mat&) (facedetect.cpp:536)
==4427== by 0x40AFFD: runOperation(Mode, CryptoKey const&,
DetectorParams&, std::string, std::string, std::string, bool)
(facedetect.cpp:625)
==4427== by 0x40BCD8: main (facedetect.cpp:700)
==4427== Address 0x11154010 is 0 bytes after a block of size 2,080 alloc'd
==4427== at 0x4C2668A: malloc (vg_replace_malloc.c:236)
==4427== by 0x4058CE: sort(unsigned int**, unsigned int, unsigned
int) (facedetect.cpp:287)
==4427== by 0x407EA9: findScrambledArea(cv::Mat&) (facedetect.cpp:536)
==4427== by 0x40AFFD: runOperation(Mode, CryptoKey const&,
DetectorParams&, std::string, std::string, std::string, bool)
(facedetect.cpp:625)
==4427== by 0x40BCD8: main (facedetect.cpp:700)
My code at that position looks like this:
284 static uint* sort(uint** matrix, uint width, uint height) {
285 uint* data = (uint*) malloc(width * height * sizeof(uint));
286 uint i,j=0;
287 for(i=0; i<height; i++) {
288 for(j=0; j<width; j++) {
289 data[j + i*height] = matrix[i][j];
290 }
291 }
...
I don't see why I'm using an invalid write of size 4. I'm retrieving an
uint and I'm writing an uint.
Furthermore, I get...
==4446== Use of uninitialised value of size 8
==4446== at 0x79CA8B2: ??? (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x79CF6D2: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char,
std::ostreambuf_iterator<char, std::char_traits<char> >
>::_M_insert_int<unsigned long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, unsigned long) const (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x79CF8CD: std::num_put<char,
std::ostreambuf_iterator<char, std::char_traits<char> >
>::do_put(std::ostreambuf_iterator<char, std::char_traits<char> >,
std::ios_base&, char, unsigned long) const (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x79E12B9: std::ostream& std::ostream::_M_insert<unsigned
long>(unsigned long) (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x405934: sort(unsigned int**, unsigned int, unsigned
int) (ostream:195)
==4446== by 0x407E39: findScrambledArea(cv::Mat&) (facedetect.cpp:531)
==4446== by 0x40AFFD: runOperation(Mode, CryptoKey const&,
DetectorParams&, std::string, std::string, std::string, bool)
(facedetect.cpp:620)
==4446== by 0x40BCD8: main (facedetect.cpp:695)
==4446==
==4446== Conditional jump or move depends on uninitialised value(s)
==4446== at 0x79CA8C0: ??? (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x79CF6D2: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char,
std::ostreambuf_iterator<char, std::char_traits<char> >
>::_M_insert_int<unsigned long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, unsigned long) const (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x79CF8CD: std::num_put<char,
std::ostreambuf_iterator<char, std::char_traits<char> >
>::do_put(std::ostreambuf_iterator<char, std::char_traits<char> >,
std::ios_base&, char, unsigned long) const (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x79E12B9: std::ostream& std::ostream::_M_insert<unsigned
long>(unsigned long) (in
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13)
==4446== by 0x405934: sort(unsigned int**, unsigned int, unsigned
int) (ostream:195)
==4446== by 0x407E39: findScrambledArea(cv::Mat&) (facedetect.cpp:531)
==4446== by 0x40AFFD: runOperation(Mode, CryptoKey const&,
DetectorParams&, std::string, std::string, std::string, bool)
(facedetect.cpp:620)
==4446== by 0x40BCD8: main (facedetect.cpp:695)
which looks like something I cannot influence.
And that's it. After that, my program seg faults.
> Otherwise, the line above seeems strange: you are allocating 10 bytes
> assuming this will be used by a pointer to "integer".
> I would expect that you would allocate a number of bytes multiple of 4
> (or 8 maybe). Allocating 10 bytes is strange if you will use this as a
> pointer
> to an array of int.
Right, actually I just wanted to try some simple calls. My actuall
malloc call (as you can also see above) is
int* data = (int*) malloc(width * height * sizeof(int))
In any case, the parameter should not affect the behavior, because it
crashes in the malloc function. I don't have a chance to go beyond it
and do something with the int*.
> Maybe this is the cause of the error somewhere else ?
>
> Philippe
Any other ideas?
cheers, Stephanie
>
> ____
>
> This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful.
>
> Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL, unless it is confirmed by appropriately signed hard copy.
>
> Any views expressed in this message are those of the sender.
|