|
From: Russ F. <rus...@ho...> - 2003-10-23 19:32:54
|
Hello, I'm getting some strange message (aren't we all) that I'm having trouble with understanding. I'm doing a memset(0) on a pointer prior to calling free(). Valgrind complains it's an invalid write of size 4. However, if I reduce the memset by ONE byte, I don't get any invalid write at all. Here is the message: ==28655== Invalid write of size 4 ==28655== at 0x402E426D: memset (../sysdeps/i386/memset.c:65) ==28655== by 0x804C9F9: delete_foo (foo.c:80) ==28655== by 0x804B1ED: process_bar (bar.c:606) ==28655== Address 0x40D6DA00 is 0 bytes after a block of size 96 alloc'd ==28655== at 0x4002B905: malloc (vg_replace_malloc.c:153) ==28655== by 0x804C99F: new_foo (foo.c:66) ==28655== If I change the memset from memset(foo, 0, sizeof(foo_struct)) to memset(foo, 0, sizeof(foo_struct)-1), I get no error. I would expect to get "invalid write of size 3" if in fact this memset is the problem. Is this a case of a phantom memory error, where there's a memory error somewhere else but is being reported as an error with the memset? If so, what can I do about tracking this down? Can you suggest any strategies that have worked for you? Thanks, Russ _________________________________________________________________ See when your friends are online with MSN Messenger 6.0. Download it now FREE! http://msnmessenger-download.com |
|
From: Tom H. <th...@cy...> - 2003-10-23 21:01:22
|
In message <BAY...@ho...>
"Russ Fink" <rus...@ho...> wrote:
> I'm getting some strange message (aren't we all) that I'm having trouble
> with understanding. I'm doing a memset(0) on a pointer prior to calling
> free(). Valgrind complains it's an invalid write of size 4. However, if I
> reduce the memset by ONE byte, I don't get any invalid write at all. Here
> is the message:
>
> ==28655== Invalid write of size 4
> ==28655== at 0x402E426D: memset (../sysdeps/i386/memset.c:65)
> ==28655== by 0x804C9F9: delete_foo (foo.c:80)
> ==28655== by 0x804B1ED: process_bar (bar.c:606)
> ==28655== Address 0x40D6DA00 is 0 bytes after a block of size 96 alloc'd
> ==28655== at 0x4002B905: malloc (vg_replace_malloc.c:153)
> ==28655== by 0x804C99F: new_foo (foo.c:66)
> ==28655==
>
> If I change the memset from memset(foo, 0, sizeof(foo_struct)) to
> memset(foo, 0, sizeof(foo_struct)-1), I get no error. I would expect to get
> "invalid write of size 3" if in fact this memset is the problem.
When you subtract one from the size memset will have to write the
last three bytes a byte at a time. Without the subtraction it will
write the whole of the last word in one go. When valgrind reports
an invalid write of size 4 it means the instruction was trying to
write four bytes, but it doesn't mean all four bytes are invalid.
My guess is that you have malloced one byte to little, so the memset
is overrunning the end of the block by one byte.
Tom
--
Tom Hughes (th...@cy...)
Software Engineer, Cyberscience Corporation
http://www.cyberscience.com/
|
|
From: Jeremy F. <je...@go...> - 2003-10-25 19:54:18
|
On Thu, 2003-10-23 at 12:31, Russ Fink wrote: > Hello, > > I'm getting some strange message (aren't we all) that I'm having trouble > with understanding. I'm doing a memset(0) on a pointer prior to calling > free(). Valgrind complains it's an invalid write of size 4. However, if I > reduce the memset by ONE byte, I don't get any invalid write at all. Here > is the message: > > ==28655== Invalid write of size 4 > ==28655== at 0x402E426D: memset (../sysdeps/i386/memset.c:65) > ==28655== by 0x804C9F9: delete_foo (foo.c:80) > ==28655== by 0x804B1ED: process_bar (bar.c:606) > ==28655== Address 0x40D6DA00 is 0 bytes after a block of size 96 alloc'd > ==28655== at 0x4002B905: malloc (vg_replace_malloc.c:153) > ==28655== by 0x804C99F: new_foo (foo.c:66) > ==28655== > > If I change the memset from memset(foo, 0, sizeof(foo_struct)) to > memset(foo, 0, sizeof(foo_struct)-1), I get no error. I would expect to get > "invalid write of size 3" if in fact this memset is the problem. The "size 4" means that it was a 4-byte (ie 32-bit) store instruction. > Is this a case of a phantom memory error, where there's a memory error > somewhere else but is being reported as an error with the memset? > > If so, what can I do about tracking this down? Can you suggest any > strategies that have worked for you? This looks like you allocated too little memory for foo. Maybe you changed the definition of foo_struct, but you didn't recompile the code which allocates it, so the allocated block is a bit too small? Or it could be a bug in memset, (or it being a bit too clever). I thought we intercepted memset? J |