Menu
▾
▴
Re: [Valgrind-users] Valgrind not finding issue with writing/reading past array?
|
From: Tom H. <to...@co...> - 2022-09-26 21:35:12
|
This is in fact documented in the FAQ here: https://valgrind.org/docs/manual/faq.html#faq.overruns The fact it's an array is not actually important - there is no overrun detection for any global or stack variables. The reason is that because valgrind is operating on an existing binary there is no way to insert guards between variables because the compiler has already fixed the layout - for the heap valgrind can replace the allocate with one that adds guards around each allocated block. The tool Philippe refers to tried to use debug information where possible to spot out of bounds writes but it wasn't very successful. Better is to use address sanitizer, which requires recompilation but because of that it is able to add guards around variables. Tom On 26/09/2022 21:20, Philippe Waroquiers wrote: > Valgrind does not check out of bound write in arrays, unless these arrays are malloc-ed > (and so valgrind can detect the write out of the limit of the malloc-ed block). > > Valgrind used to contain an experimental tool (sgcheck) that did such stack array checks, > but it had several limitations and problems, and was removed. > > Thanks > Philippe > > On Mon, 2022-09-26 at 14:13 -0600, Grant Schoep wrote: >> So I noticed something in my code that looked wrong to me, but valgrind didn't report >> anything. I made a small example of it, and still no findings. I'm sure this code is >> reading/writing past its array. But valgind doesn't say anything. >> >> I'm I not understanding something or is this a bug. >> >> Using: >> valgrind-3.19.0, gcc 4.8.5, CentOS 7 >> >> I also tried >> valgrind-3.19.0, gcc 7.3.1, Amazon Linux 2 >> >> Here is the code. >> ------ >> #include <string.h> >> #include <stdio.h> >> >> int main() >> { >> char retStr[32]; >> >> // this is bad right? 40 bytes when above was 32? >> memset(retStr, 'F', 40); >> >> // These are "writing" past the allocated memory? >> retStr[32] = 'A'; >> retStr[33] = 'B'; >> >> // These should be fine >> printf("*********** retStr is %c\n", retStr[30]); >> printf("*********** retStr is %c\n", retStr[31]); >> >> // These are reading past allocated memory? >> printf("*********** retStr is %c\n", retStr[32]); >> printf("*********** retStr is %c\n", retStr[33]); >> >> return 0; >> } >> --- >> >> >> Compiled: >> "gcc filename.cxx" >> >> Ran via this command >> "valgrind ./a.out" >> >> >> >> _______________________________________________ >> Valgrind-users mailing list >> Val...@li... >> https://lists.sourceforge.net/lists/listinfo/valgrind-users > > > > > _______________________________________________ > Valgrind-users mailing list > Val...@li... > https://lists.sourceforge.net/lists/listinfo/valgrind-users -- Tom Hughes (to...@co...) http://compton.nu/ |
