|
From: <sv...@va...> - 2009-07-15 07:18:25
|
Author: njn Date: 2009-07-15 08:18:16 +0100 (Wed, 15 Jul 2009) New Revision: 10462 Log: Add details about an interior-pointer case that can occur with C++. Addresses bug 136230. Modified: trunk/memcheck/docs/mc-manual.xml Modified: trunk/memcheck/docs/mc-manual.xml =================================================================== --- trunk/memcheck/docs/mc-manual.xml 2009-07-15 06:39:15 UTC (rev 10461) +++ trunk/memcheck/docs/mc-manual.xml 2009-07-15 07:18:16 UTC (rev 10462) @@ -636,13 +636,31 @@ accessible client memory, including stacks.</para> <para>There are two ways a block can be reached. The first is with a -"start-pointer", i.e. a pointer to the start of the block. The second is -with an "interior-pointer", i.e. a pointer to the middle of the block. The -pointer might have originally been a start-pointer and have been moved -along, or it might be entirely unrelated, just a coincidence. It's unclear -whether such a pointer should be considered as genuinely pointing to the -block.</para> +"start-pointer", i.e. a pointer to the start of the block. The second is with +an "interior-pointer", i.e. a pointer to the middle of the block. There are +three possibilities we know of:</para> +<itemizedlist> + <listitem> + <para>The pointer might have originally been a start-pointer and have been + moved along deliberately (or not deliberately) by the program. + </listitem> + + <listitem> + <para>It might be a random junk value in memory, entirely unrelated, just + a coincidence.</para> + </listitem> + + <listitem> + <para>It might be a pointer to an array of C++ objects (which possess + destructors) allocated with <computeroutput>new[]</computeroutput>. In + this case, some compilers store a "magic cookie" containing the array + length at the start of the allocated block, and return a pointer to just + past that magic cookie, i.e. an interior-pointer. + See <ulink url="http://theory.uwinnipeg.ca/gnu/gcc/gxxint_14.html">this + page</ulink> for more information.</para> + </listitem> + <para>With that in mind, consider the nine possible cases described by the following figure.</para> |