Re: [Valgrind-users] valgrind && sprintf arguments

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> ==17454== Conditional jump or move depends on uninitialised value(s)
> ==17454==    at 0x5921F10: strchrnul (in /lib/libc-2.11.3.so)
> ==17454==    by 0x58E55D6: vfprintf (in /lib/libc-2.11.3.so)

> the involved fuctions are shown below; the statement in question (see below)
> is
> 
>   sprintf (select_anw, sel_anw, name, name);      <********* sisisinst.c:1397
> 
> I have checked carefully the code and the 4 args to sprintf() are
> all correct defined on the stack; when I change the code to:
> 
> 
>   select_anw[0] = '\0';
>   sprintf (select_anw, sel_anw, name, name); 
> 	
> then is valgrind happy, i.e, does not raise the messages any more;

You say that all 4 args are on the stack.  What are their actual addresses?
Run with --db-attach=yes, say 'y' when asked, and use gdb to look around.

One possibility is that sel_anw (the format string) has been overwritten
because the string being built into select_anw (the buffer) has overflowed.

Try changing the code to use
	snprintf(select_anw, LEN_SELECT, sel_anw, name, name);
which is much safer.