|
From: Jason G. <jga...@la...> - 2003-08-27 14:57:50
|
This is driving me crazy.
Maybe I just don't completely understand what I'm looking for. Can someone
offer an idea?
==20872== Conditional jump or move depends on uninitialised value(s)
==20872== at 0x81361A0: check_dispel (magic.c:246)
==20872== by 0x8123B6F: char_to_room (handler.c:1904)
==20872== by 0x81024BC: reset_room (db.c:2797)
==20872== by 0x8102B1B: reset_area (db.c:2990)
So,I look at reset_area:
void reset_area(AREA_DATA * pArea)
{
2997: long vnum=0;
2988: for (vnum = pArea->min_vnum; vnum <= pArea->max_vnum; vnum++) {
2989: if (pRoomArray[vnum]){
2990: reset_room(pRoomArray[vnum]);
}
}
return;
}
Obviously, I have initialized vnum to 0 here.
So does that mean pRoomArray is not initialized? It's a global array, and I
thought they were initialized to NULL.
|
|
From: Matthew J F. <mfl...@se...> - 2005-08-11 14:40:55
|
Hi
valgrind 3.0.0 (as did 2.4) reports the following,..
'Conditional jump or move depends on uninitialised value(s)'
for the following sample code, the line 'if ( *(Deflate + 8 ) == ';' )'
is the line for which the warning is given.
int main(void)
{
char *Deflate = strstr( "gzip,deflate", "deflate" );
if ( !Deflate )
return 0;
if ( *(Deflate + 8 ) == ';' )
return 1;
}
why ?, '\0' does not equal uninitialised does it ?
just out of interest purify and boundschecker on win32 dont have a problem
with this.
regards
---
Matthew J Fletcher
Embedded Software
Serck Controls Ltd
---
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: po...@se...
A subsidiary of Serck Controls Pty. Ltd. Reg. in England No. 4353634
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been checked by MessageLabs
******************************************************************
|
|
From: Arndt M. <amu...@is...> - 2005-08-11 15:09:26
Attachments:
amuehlen.vcf
|
Matthew J Fletcher wrote:
>Hi
>
>valgrind 3.0.0 (as did 2.4) reports the following,..
>
>'Conditional jump or move depends on uninitialised value(s)'
>
>for the following sample code, the line 'if ( *(Deflate + 8 ) == ';' )'
>is the line for which the warning is given.
>
>int main(void)
>{
> char *Deflate = strstr( "gzip,deflate", "deflate" );
> if ( !Deflate )
> return 0;
>
> if ( *(Deflate + 8 ) == ';' )
> return 1;
>}
>
>why ?, '\0' does not equal uninitialised does it ?
>
>
Looks like an off-by-one to me.
The String starts with Deflate[0] == 'd', therefore Deflate[7] == 0.
Deflate[8] is the next position after the trailing zero.
Greetings,
Arndt
|
|
From: Dennis L. <pla...@in...> - 2005-08-11 15:12:43
|
Can you tell us where exactly valgrind reports you an error ? If I
compile and run sour piece of code, I get of course this error:
==4041== Syscall param exit_group(exit_code) contains uninitialised
byte(s)
==4041== at 0x1B9AFC44: _Exit (in /lib/tls/libc.so.6)
==4041== by 0x1B93BE89: __libc_start_main (in /lib/tls/libc.so.6)
==4041== by 0x8048320: ??? (start.S:119)
because the return value isnt set/initialized. If I add a "return 2;" at
the end of main I don't get any error, or do you refer to the suppressed
errors ? What exact version of valgrind3 are you using ? (svn revision
of valgrind & vex) ?
greets
Dennis
Am Donnerstag, den 11.08.2005, 15:44 +0100 schrieb Matthew J Fletcher:
> Hi
>
> valgrind 3.0.0 (as did 2.4) reports the following,..
>
> 'Conditional jump or move depends on uninitialised value(s)'
>
> for the following sample code, the line 'if ( *(Deflate + 8 ) == ';' )'
> is the line for which the warning is given.
>
> int main(void)
> {
> char *Deflate = strstr( "gzip,deflate", "deflate" );
> if ( !Deflate )
> return 0;
>
> if ( *(Deflate + 8 ) == ';' )
> return 1;
> }
>
> why ?, '\0' does not equal uninitialised does it ?
>
> just out of interest purify and boundschecker on win32 dont have a problem
> with this.
>
> regards
> ---
> Matthew J Fletcher
|
|
From: Dennis L. <pla...@in...> - 2005-08-11 15:22:22
|
whoops, ok, you said that it was in the if statement, sorry...
but, Deflate will point to deflate thus...
*(Deflate + 0) == 'd'
*(Deflate + 1) == 'e'
*(Deflate + 2) == 'f'
*(Deflate + 3) == 'l'
*(Deflate + 4) == 'a'
*(Deflate + 5) == 't'
*(Deflate + 6) == 'e'
*(Deflate + 7) == '\0'
*(Deflate + 8) == '<undefined>'
or am I completely missing something ? (btw why doesnt valgrind then
report this here...)
going to get a coffee...
Am Donnerstag, den 11.08.2005, 17:12 +0200 schrieb Dennis Lubert:
> Can you tell us where exactly valgrind reports you an error ? If I
> compile and run sour piece of code, I get of course this error:
>
> ==4041== Syscall param exit_group(exit_code) contains uninitialised
> byte(s)
> ==4041== at 0x1B9AFC44: _Exit (in /lib/tls/libc.so.6)
> ==4041== by 0x1B93BE89: __libc_start_main (in /lib/tls/libc.so.6)
> ==4041== by 0x8048320: ??? (start.S:119)
>
> because the return value isnt set/initialized. If I add a "return 2;" at
> the end of main I don't get any error, or do you refer to the suppressed
> errors ? What exact version of valgrind3 are you using ? (svn revision
> of valgrind & vex) ?
>
> greets
>
> Dennis
> Am Donnerstag, den 11.08.2005, 15:44 +0100 schrieb Matthew J Fletcher:
> > Hi
> >
> > valgrind 3.0.0 (as did 2.4) reports the following,..
> >
> > 'Conditional jump or move depends on uninitialised value(s)'
> >
> > for the following sample code, the line 'if ( *(Deflate + 8 ) == ';' )'
> > is the line for which the warning is given.
> >
> > int main(void)
> > {
> > char *Deflate = strstr( "gzip,deflate", "deflate" );
> > if ( !Deflate )
> > return 0;
> >
> > if ( *(Deflate + 8 ) == ';' )
> > return 1;
> > }
> >
> > why ?, '\0' does not equal uninitialised does it ?
> >
> > just out of interest purify and boundschecker on win32 dont have a problem
> > with this.
> >
> > regards
> > ---
> > Matthew J Fletcher
|
|
From: Nicholas N. <nj...@cs...> - 2005-08-11 15:37:21
|
On Thu, 11 Aug 2005, Dennis Lubert wrote: > whoops, ok, you said that it was in the if statement, sorry... > but, Deflate will point to deflate thus... > > *(Deflate + 0) == 'd' > *(Deflate + 1) == 'e' > *(Deflate + 2) == 'f' > *(Deflate + 3) == 'l' > *(Deflate + 4) == 'a' > *(Deflate + 5) == 't' > *(Deflate + 6) == 'e' > *(Deflate + 7) == '\0' > *(Deflate + 8) == '<undefined>' > > or am I completely missing something ? (btw why doesnt valgrind then > report this here...) I think the string will be in static memory which is auto-zeroed, not undefined. So from Memcheck's point of view everything is ok. At least, I also don't get an error for this program -- Matthew, can you post the full Valgrind output you get for this program? Nick |
|
From: Matthew J F. <mfl...@se...> - 2005-08-12 08:21:53
|
On Thursday 11 Aug 2005 4:36 pm, Nicholas Nethercote wrote:
> On Thu, 11 Aug 2005, Dennis Lubert wrote:
> > whoops, ok, you said that it was in the if statement, sorry...
> > but, Deflate will point to deflate thus...
> >
> > *(Deflate + 0) == 'd'
> > *(Deflate + 1) == 'e'
> > *(Deflate + 2) == 'f'
> > *(Deflate + 3) == 'l'
> > *(Deflate + 4) == 'a'
> > *(Deflate + 5) == 't'
> > *(Deflate + 6) == 'e'
> > *(Deflate + 7) == '\0'
> > *(Deflate + 8) == '<undefined>'
> >
> > or am I completely missing something ? (btw why doesnt valgrind then
> > report this here...)
>
> I think the string will be in static memory which is auto-zeroed, not
> undefined. So from Memcheck's point of view everything is ok. At least,
> I also don't get an error for this program -- Matthew, can you post the
> full Valgrind output you get for this program?
>
> Nick
---- test.c ----
int main(void)
{
char *Deflate = strstr( "gzip,deflate", "deflate" );
if ( !Deflate )
return 0;
if ( *(Deflate + 8 ) == ';' )
return 1;
return 2;
}
gcc-3.4.1 -g -ggdb test.c -o test
[mfletcher@dangermouse mfletcher]$ valgrind --tool=memcheck --num-callers=8
--leak-check=yes test
==3326== Memcheck, a memory error detector.
==3326== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==3326== Using LibVEX rev 1313, a library for dynamic binary translation.
==3326== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==3326== Using valgrind-3.0.0, a dynamic binary instrumentation framework.
==3326== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==3326== For more details, rerun with: -v
==3326==
==3326==
==3326== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 16 from 1)
==3326== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3326== malloc/free: 103 allocs, 103 frees, 7989 bytes allocated.
==3326== For counts of detected errors, rerun with: -v
==3326== No malloc'd blocks -- no leaks are possible.
ok, the code is clearly wrong and is accessing space past the end of a
staticly allocated buffer. For some reason valgrind, is not finding this.
----- test1.c -----
int main(void)
{
char *String;
char *Deflate;
String = malloc(13);
strcpy(String,"gzip,deflate");
Deflate = strstr( String, "deflate" );
if ( !Deflate )
goto exit;
if ( *(Deflate + 8 ) == ';' )
//goto exit;
return 1;
exit:
free(String);
return 0;
}
gcc-3.4.1 -g -ggdb test1.c -o test1
[mfletcher@dangermouse mfletcher]$ valgrind --tool=memcheck --num-callers=8
--leak-check=yes ./test1
==3979== Memcheck, a memory error detector.
==3979== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==3979== Using LibVEX rev 1313, a library for dynamic binary translation.
==3979== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==3979== Using valgrind-3.0.0, a dynamic binary instrumentation framework.
==3979== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==3979== For more details, rerun with: -v
==3979==
==3979== Invalid read of size 1
==3979== at 0x804846F: main (test.c:15)
==3979== Address 0x1BA37035 is 0 bytes after a block of size 13 alloc'd
==3979== at 0x1B8FD896: malloc (vg_replace_malloc.c:149)
==3979== by 0x8048431: main (test.c:7)
==3979==
==3979== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 16 from 1)
==3979== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3979== malloc/free: 1 allocs, 1 frees, 13 bytes allocated.
==3979== For counts of detected errors, rerun with: -v
==3979== No malloc'd blocks -- no leaks are possible.
ok, this time valgrind is correctly telling me that i am reading past the end
of the malloc'd array.
----- test2.c ------
int main(void)
{
char *String;
char *Deflate;
String = malloc(13);
strcpy(String,"gzip,deflate");
Deflate = strstr( String, "deflate" );
if ( !Deflate )
goto exit;
if ( *(Deflate + 8 ) == ';' )
goto exit;
// return 1;
exit:
free(String);
return 0;
}
gcc-3.4.1 -g -ggdb test2.c -o test2
valgrind --tool=memcheck --num-callers=8 --leak-check=yes ./test2
==4087== Memcheck, a memory error detector.
==4087== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==4087== Using LibVEX rev 1313, a library for dynamic binary translation.
==4087== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==4087== Using valgrind-3.0.0, a dynamic binary instrumentation framework.
==4087== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==4087== For more details, rerun with: -v
==4087==
==4087==
==4087== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 16 from 1)
==4087== malloc/free: in use at exit: 0 bytes in 0 blocks.
==4087== malloc/free: 1 allocs, 1 frees, 13 bytes allocated.
==4087== For counts of detected errors, rerun with: -v
==4087== No malloc'd blocks -- no leaks are possible.
oops, no error report this time, valgrind does not like goto's, which i
suppose i should take as a hint.
regards
---
Matthew J Fletcher
Embedded Software
Serck Controls Ltd
---
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: po...@se...
A subsidiary of Serck Controls Pty. Ltd. Reg. in England No. 4353634
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been checked by MessageLabs
******************************************************************
|
|
From: Matthew J F. <mfl...@se...> - 2005-08-12 12:16:33
|
On Friday 12 Aug 2005 10:08 am, Josef Weidendorfer wrote:
> On Friday 12 August 2005 10:23, Matthew J Fletcher wrote:
> > ---- test.c ----
> > int main(void)
> > {
> > char *Deflate = strstr( "gzip,deflate", "deflate" );
> > if ( !Deflate )
> > return 0;
> >
> > if ( *(Deflate + 8 ) == ';' )
> > return 1;
> >
> > return 2;
> > }
> > ...
> > ok, the code is clearly wrong and is accessing space past the end of a
> > staticly allocated buffer. For some reason valgrind, is not finding this.
>
> But obviously the space after the staticly allocated buffer is defined and
> valid, so VG has no way to regard this as error.
"gzip,deflate" is a unique symbol to a constant string in the elf, the pointer
Deflate points (after the strstr) to an address 6 bytes into that symbol.
When you add 8 to the address of the Deflate pointer the address reached is
beyond the end of the symbol and will either point into the next constant
string symbol or off the end of the section.
> > if ( *(Deflate + 8 ) == ';' )
> > goto exit;
> > // return 1;
> >
> > exit:
> > free(String);
> > return 0;
> >...
> > oops, no error report this time, valgrind does not like goto's, which i
> > suppose i should take as a hint.
>
> No. It seems that the compiler optimizes away the if. So there is no
> problem in the produced code.
>
> Josef
at -O0 gcc 3.4.x does not do any dead code optimisations.
regards
---
Matthew J Fletcher
Embedded Software
Serck Controls Ltd
---
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: po...@se...
A subsidiary of Serck Controls Pty. Ltd. Reg. in England No. 4353634
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been checked by MessageLabs
******************************************************************
|
|
From: Nicholas N. <nj...@cs...> - 2005-08-12 13:20:57
|
On Fri, 12 Aug 2005, Matthew J Fletcher wrote:
>> But obviously the space after the staticly allocated buffer is defined and
>> valid, so VG has no way to regard this as error.
>
> "gzip,deflate" is a unique symbol to a constant string in the elf, the pointer
> Deflate points (after the strstr) to an address 6 bytes into that symbol.
> When you add 8 to the address of the Deflate pointer the address reached is
> beyond the end of the symbol and will either point into the next constant
> string symbol or off the end of the section.
Yes, but from Memcheck's point of view, that memory is (a) addressable and
(b) initialised, so it does not complain. From the FAQ.txt:
5.2. Why doesn't Memcheck find the array overruns in this program?
int static[5];
int main(void)
{
int stack[5];
static[5] = 0;
stack [5] = 0;
return 0;
}
Unfortunately, Memcheck doesn't do bounds checking on static or stack
arrays. We'd like to, but it's just not possible to do in a reasonable
way that fits with how Memcheck works. Sorry.
N
|
|
From: rak <ra...@ho...> - 2006-03-31 16:29:39
|
I am attaching a small piece of code which report "Conditional jump or move
depends on uninitialised value(s)".
Is it posible to report the location where the variable actully got assigned
the uninitialised value when the value gets used eg
==3926== Conditional jump or move depends on uninitialised value(s)
==3926== at 0x4005E8: main (test.cpp:13)
==3926== assigned at 0x******: (test.cpp:6)
I am asking this because it becomes very difficult if the function test is some
library supplied by third person(i mean when i dont have the source code). Also
this looks like a false error report when look at output, which infact is true
error.
If this is currently available in valgrind by setting some flag then please let
me know. If not, Please consider as an enhancement request for your next release
(if it is easy enough to implement).
Thanks,
Rak
#include<stdio.h>
//g++ -g test.cpp
void test(int& i)
{
int j;
i=j;
}
int main()
{
int i=0;
test(i);
if(i)
puts("not zero");
else
puts("zero");
return 0;
}
xeon%valgrind a.out
==3926== Memcheck, a memory error detector.
==3926== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==3926== Using LibVEX rev 1575, a library for dynamic binary translation.
==3926== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==3926== Using valgrind-3.1.1, a dynamic binary instrumentation framework.
==3926== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==3926== For more details, rerun with: -v
==3926==
==3926== Conditional jump or move depends on uninitialised value(s)
==3926== at 0x4005E8: main (test.cpp:13)
zero
==3926==
==3926== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 5)
==3926== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3926== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==3926== For counts of detected errors, rerun with: -v
==3926== All heap blocks were freed -- no leaks are possible.
|
|
From: Lee K. <lki...@cs...> - 2003-08-27 15:17:31
|
You should be looking at the lowest levle, line 246 in magic.c - the
cause should be much more apparent there.
L.
Jason Gauthier writes:
> This is driving me crazy.
>
> Maybe I just don't completely understand what I'm looking for. Can someone
> offer an idea?
>
> ==20872== Conditional jump or move depends on uninitialised value(s)
> ==20872== at 0x81361A0: check_dispel (magic.c:246)
> ==20872== by 0x8123B6F: char_to_room (handler.c:1904)
> ==20872== by 0x81024BC: reset_room (db.c:2797)
> ==20872== by 0x8102B1B: reset_area (db.c:2990)
>
> So,I look at reset_area:
>
> void reset_area(AREA_DATA * pArea)
> {
> 2997: long vnum=0;
> 2988: for (vnum = pArea->min_vnum; vnum <= pArea->max_vnum; vnum++) {
> 2989: if (pRoomArray[vnum]){
> 2990: reset_room(pRoomArray[vnum]);
> }
> }
> return;
> }
>
> Obviously, I have initialized vnum to 0 here.
> So does that mean pRoomArray is not initialized? It's a global array, and I
> thought they were initialized to NULL.
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Valgrind-users mailing list
> Val...@li...
> https://lists.sourceforge.net/lists/listinfo/valgrind-users
|
|
From: Joerg B. <jo...@we...> - 2003-08-27 15:19:06
|
Jason Gauthier wrote:
> ==20872== Conditional jump or move depends on uninitialised value(s)
> ==20872== at 0x81361A0: check_dispel (magic.c:246)
> ==20872== by 0x8123B6F: char_to_room (handler.c:1904)
> ==20872== by 0x81024BC: reset_room (db.c:2797)
> ==20872== by 0x8102B1B: reset_area (db.c:2990)
>
> So,I look at reset_area:
>
> void reset_area(AREA_DATA * pArea)
> {
> 2997: long vnum=0;
> 2988: for (vnum = pArea->min_vnum; vnum <= pArea->max_vnum; vnum++) {
> 2989: if (pRoomArray[vnum]){
> 2990: reset_room(pRoomArray[vnum]);
> }
> }
> return;
> }
>
> Obviously, I have initialized vnum to 0 here.
only if pArea->min_vnum is initialized, else vnum has been initialized
and then was overwritten with some uninitialized.
> So does that mean pRoomArray is not initialized? It's a global array, and I
> thought they were initialized to NULL.
Joerg
|
|
From: Tom H. <th...@cy...> - 2003-08-27 15:23:05
|
In message <287...@se...>
Jason Gauthier <jga...@la...> wrote:
> Maybe I just don't completely understand what I'm looking for. Can someone
> offer an idea?
>
> ==20872== Conditional jump or move depends on uninitialised value(s)
> ==20872== at 0x81361A0: check_dispel (magic.c:246)
> ==20872== by 0x8123B6F: char_to_room (handler.c:1904)
> ==20872== by 0x81024BC: reset_room (db.c:2797)
> ==20872== by 0x8102B1B: reset_area (db.c:2990)
>
> So,I look at reset_area:
The first place you want to look is check_dispel, as that is the
innermost function in that stack trace.
Tom
--
Tom Hughes (th...@cy...)
Software Engineer, Cyberscience Corporation
http://www.cyberscience.com/
|