valgrind questions

Matthias Andree matthias.andree at gmx.de
Sun Jan 12 03:06:12 CET 2003 

David Relson <relson at osagesoftware.com> writes:

> Given that valgrind seems to be identifying problems within the
> libraries we use, i.e. libc and libdb3, there seems to be little for
> us to fix - unless we find it necessary to become db3 or libc
> contributors :-)

Not quite. If you pass e. g. a wrong buffer length to fgets, it's a
library that does monkey business, but on your program's behalf.

One thing that might warrant closer inspection is our treatment of the
data. We do not use C strings everywhere, for example, our keys are not
NUL-terminated. DB should cope with that.

Imagine this program, try-valgrind.c:

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main() {
    char *x = malloc(4);
    FILE *f = fopen("/dev/zero", "r");
    fgets(x, 7, f);
    fclose(f);
    free(x);
    exit(0);
}

Compile with gcc -g -o try-valgrind try-valgrind.c and run it under
valgrind supervision. I believe we agree that that our program is wrong,
but still the problematic write happens in a libc function (no, the PID
was not made up):

==666== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==666== Copyright (C) 2002, and GNU GPL'd, by Julian Seward.
==666== Using valgrind-1.9.3, a program instrumentation system for x86-linux.
==666== Copyright (C) 2000-2002, and GNU GPL'd, by Julian Seward.
==666== Estimated CPU clock rate is 705 MHz
==666== For more details, rerun with: -v
==666== 
==666== Invalid write of size 1
==666==    at 0x4015DE6C: memcpy (vg_clientfuncs.c:515)
==666==    by 0x40280A36: _IO_getline_info (in /lib/libc.so.6)
==666==    by 0x402809A2: _IO_getline (in /lib/libc.so.6)
==666==    by 0x4027FA6D: _IO_fgets (in /lib/libc.so.6)
==666==    Address 0x40EF1028 is 0 bytes after a block of size 4 alloc'd
==666==    at 0x4015D50F: malloc (vg_clientfuncs.c:100)
==666==    by 0x8048475: main (try-valgrind.c:6)
==666==    by 0x402394A1: __libc_start_main (in /lib/libc.so.6)
==666==    by 0x80483C0: (within /home/emma/try-valgrind)
==666== 
==666== Invalid write of size 1
==666==    at 0x4015DE80: memcpy (vg_clientfuncs.c:519)
==666==    by 0x40280A36: _IO_getline_info (in /lib/libc.so.6)
==666==    by 0x402809A2: _IO_getline (in /lib/libc.so.6)
==666==    by 0x4027FA6D: _IO_fgets (in /lib/libc.so.6)
==666==    Address 0x40EF1029 is 1 bytes after a block of size 4 alloc'd
==666==    at 0x4015D50F: malloc (vg_clientfuncs.c:100)
==666==    by 0x8048475: main (try-valgrind.c:6)
==666==    by 0x402394A1: __libc_start_main (in /lib/libc.so.6)
==666==    by 0x80483C0: (within /home/emma/try-valgrind)
==666== 
==666== Invalid write of size 1
==666==    at 0x4027FAE6: _IO_fgets (in /lib/libc.so.6)
==666==    by 0x80484A3: main (try-valgrind.c:8)
==666==    by 0x402394A1: __libc_start_main (in /lib/libc.so.6)
==666==    by 0x80483C0: (within /home/emma/try-valgrind)
==666==    Address 0x40EF102A is 2 bytes after a block of size 4 alloc'd
==666==    at 0x4015D50F: malloc (vg_clientfuncs.c:100)
==666==    by 0x8048475: main (try-valgrind.c:6)
==666==    by 0x402394A1: __libc_start_main (in /lib/libc.so.6)
==666==    by 0x80483C0: (within /home/emma/try-valgrind)
==666== 
==666== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
==666== malloc/free: in use at exit: 0 bytes in 0 blocks.
==666== malloc/free: 2 allocs, 2 frees, 368 bytes allocated.
==666== For counts of detected errors, rerun with: -v
==666== No malloc'd blocks -- no leaks are possible.

-- 
Matthias Andree

More information about the bogofilter-dev mailing list