|
From: Tom H. <th...@cy...> - 2003-10-23 21:01:22
|
In message <BAY...@ho...>
"Russ Fink" <rus...@ho...> wrote:
> I'm getting some strange message (aren't we all) that I'm having trouble
> with understanding. I'm doing a memset(0) on a pointer prior to calling
> free(). Valgrind complains it's an invalid write of size 4. However, if I
> reduce the memset by ONE byte, I don't get any invalid write at all. Here
> is the message:
>
> ==28655== Invalid write of size 4
> ==28655== at 0x402E426D: memset (../sysdeps/i386/memset.c:65)
> ==28655== by 0x804C9F9: delete_foo (foo.c:80)
> ==28655== by 0x804B1ED: process_bar (bar.c:606)
> ==28655== Address 0x40D6DA00 is 0 bytes after a block of size 96 alloc'd
> ==28655== at 0x4002B905: malloc (vg_replace_malloc.c:153)
> ==28655== by 0x804C99F: new_foo (foo.c:66)
> ==28655==
>
> If I change the memset from memset(foo, 0, sizeof(foo_struct)) to
> memset(foo, 0, sizeof(foo_struct)-1), I get no error. I would expect to get
> "invalid write of size 3" if in fact this memset is the problem.
When you subtract one from the size memset will have to write the
last three bytes a byte at a time. Without the subtraction it will
write the whole of the last word in one go. When valgrind reports
an invalid write of size 4 it means the instruction was trying to
write four bytes, but it doesn't mean all four bytes are invalid.
My guess is that you have malloced one byte to little, so the memset
is overrunning the end of the block by one byte.
Tom
--
Tom Hughes (th...@cy...)
Software Engineer, Cyberscience Corporation
http://www.cyberscience.com/
|