Invalid Read from Valgrind

This is a discussion on Invalid Read from Valgrind within the C Programming forums, part of the General Programming Boards category; The following code intends to build a variable named 'f'. The following compilation sequence creates an error which corrupts f ...

  1. #1
    Registered User
    Join Date
    Oct 2010
    Posts
    1

    Invalid Read from Valgrind

    The following code intends to build a variable named 'f'.

    The following compilation sequence creates an error which corrupts f which is only detected by valgrind.
    gcc -O3 -pedantic -Wall -c -fmessage-length=0 -ansi -MMD -MP -MF"eg_weights.d" -MT"eg_weights.d" -o"eg_weights.o" "eg_weights.c"
    gcc -o"evenly_generated_weights" ./eg_weights.o
    valgrind -v ./evenly_generated_weights

    However, the following compilation sequence (with debug options) does not reproduce the error:
    gcc -O0 -g3 -pedantic -Wall -c -fmessage-length=0 -ansi -MMD -MP -MF"eg_weights.d" -MT"eg_weights.d" -o"eg_weights.o" "eg_weights.c"
    gcc -o"evenly_generated_weights" ./eg_weights.o
    valgrind -v ./evenly_generated_weights

    The question is why??
    This is taking me many hours
    My compiler is gcc (Debian 4.3.2-1.1) 4.3.2.

    Code:
    /* eg_weights.c */
    
    #include <stdio.h>
    #include <stdlib.h>
    
    int trisize(int lsize, int M);
    void addone(int* counter, int csize, int* limit);
    
    int main() {
    
    	int i,j,k;
    	int unit, M;
    	int lsize;
    	double l_counter;
    	double* a;
    	double ** f;
    	int* counter;
    	int npoints;
    	int position;
    	int* limit;
    
    	unit=5; M=3;
    	lsize=unit+1;
    
    	a=malloc(lsize*sizeof(double));
    	counter=malloc((M-1)*sizeof(int));
    	for(i=0;i<(M-1);i++)
    		counter[i]=0;
    
    	npoints=trisize(lsize,M);
    
    	f=malloc(npoints*sizeof(double*));
    	for(i=0;i<npoints;i++)
    		f[i]=malloc(M*sizeof(double));
    
    	limit=malloc((M-1)*sizeof(int));
    	for(i=0;i<(M-1);i++)
    		limit[i]=lsize-1;
    
    	l_counter=0.0;
    	a[0]=l_counter;
    	for(i=1;i<lsize;i++) {
    		l_counter=l_counter+(double)1.0/((double)lsize-1.0);
    		a[i]=l_counter;
    	}
    
    	for(i=0;i<npoints;i++) {
    		position=lsize;
    		for(j=0;j<(M-1);j++) {
    			f[i][j]=a[counter[j]];
    			position-=counter[j];
    		}
    		f[i][M-1]=a[position-1];
    
    		limit[0]=lsize-1;
    		for(j=1;j<(M-1);j++) {
    			limit[j]=lsize-1;
    			for(k=0;k<j;k++)
    				limit[j]-=counter[k];
    		}
    		addone(counter,M-1,limit);
    	}
    
    	for(i=0;i<npoints;i++) {
    		for(j=0;j<M;j++)
    			printf("%f ",f[i][j]);
    		printf("\n");
    	}
    
    	free(limit);
    	for(i=0;i<npoints;i++)
    		free(f[i]);
    	free(f);
    	free(a);
    	free(counter);
    
    	return 0;
    
    }
    
    void addone(int* counter, int csize, int* limit) {
    
    	int i;
    
    	for(i=csize-1; i>=0; i--) {
    		if(counter[i] < limit[i] ) {
    			counter[i]=counter[i]+1;
    			return;
    		}
    		else {
    			counter[i]=0;
    		}
    	}
    
    	return;
    }
    
    int trisize(int lsize, int M) {
    
    	int f,i,k;
    	int* p;
    	int counter =1;
    
    	if(M<3)
    		return lsize;
    
    	p=malloc(lsize*sizeof(int));
    
    	for(i=0;i<lsize;i++) {
    		p[i]=counter;
    		counter++;
    	}
    
    	for(k=0;k<(M-3);k++) {
    		for(i=0;i<(lsize-1);i++)
    			p[i+1]+=p[i];
    	}
    
    	f=p[0];
    	for(i=0;i<lsize;i++)
    		f+=p[i];
    
    	free(p);
    	return f-1;
    }
    Correct Output from compilation sequence with debug flags
    Code:
    gcc -O0 -g3 -pedantic -Wall -c -fmessage-length=0 -ansi -MMD -MP -MF"eg_weights.d" -MT"eg_weights.d" -o"eg_weights.o" "eg_weights.c"
    gcc  -o"evenly_generated_weights"  ./eg_weights.o
    valgrind -v ./evenly_generated_weights
    ==27817== Memcheck, a memory error detector.
    ==27817== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
    ==27817== Using LibVEX rev 1854, a library for dynamic binary translation.
    ==27817== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
    ==27817== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
    ==27817== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
    ==27817==
    --27817-- Command line
    --27817--    ./evenly_generated_weights
    --27817-- Startup, with flags:
    --27817--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
    --27817--    -v
    --27817-- Contents of /proc/version:
    --27817--   Linux version 2.6.26-2-amd64 (Debian 2.6.26-24) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Sun Jun 20 20:16:30 UTC 2010
    --27817-- Arch and hwcaps: AMD64, amd64-sse2
    --27817-- Page sizes: currently 4096, max supported 4096
    --27817-- Valgrind library directory: /usr/lib/valgrind
    --27817-- Reading syms from /home/jduro/test/evenly_generated_weights (0x400000)
    --27817-- Reading syms from /lib/ld-2.7.so (0x4000000)
    --27817-- Reading debug info from /lib/ld-2.7.so...
    --27817-- ... CRC mismatch (computed 864d13a2 wanted bd1f3f69)
    --27817-- Reading debug info from /usr/lib/debug/lib/ld-2.7.so...
    --27817-- Reading syms from /usr/lib/valgrind/amd64-linux/memcheck (0x38000000)
    --27817--    object doesn't have a dynamic symbol table
    --27817-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
    --27817-- Reading suppressions file: /usr/lib/valgrind/default.supp
    --27817-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_core.so (0x4A1D000)
    --27817-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so (0x4C1E000)
    --27817-- REDIR: 0x4014f10 (index) redirected to 0x4c22b00 (index)
    --27817-- REDIR: 0x40150c0 (strcmp) redirected to 0x4c230c0 (strcmp)
    --27817-- REDIR: 0x40151d0 (strlen) redirected to 0x4c22dc0 (strlen)
    --27817-- Reading syms from /usr/lib/debug/libc-2.7.so (0x4E26000)
    --27817-- REDIR: 0x4ea14c0 (rindex) redirected to 0x4c22960 (rindex)
    --27817-- REDIR: 0x4e9da40 (malloc) redirected to 0x4c22540 (malloc)
    --27817-- REDIR: 0x4e9ba40 (free) redirected to 0x4c21240 (free)
    --27817-- REDIR: 0x4ea3e70 (strchrnul) redirected to 0x4c23cd0 (strchrnul)
    --27817-- REDIR: 0x4ea1080 (strlen) redirected to 0x4c22d80 (strlen)
    --27817-- REDIR: 0x4ea25d0 (mempcpy) redirected to 0x4c23d30 (mempcpy)
    0.000000 0.000000 1.000000
    0.000000 0.200000 0.800000
    0.000000 0.400000 0.600000
    0.000000 0.600000 0.400000
    0.000000 0.800000 0.200000
    0.000000 1.000000 0.000000
    0.200000 0.000000 0.800000
    0.200000 0.200000 0.600000
    0.200000 0.400000 0.400000
    0.200000 0.600000 0.200000
    0.200000 0.800000 0.000000
    0.400000 0.000000 0.600000
    0.400000 0.200000 0.400000
    0.400000 0.400000 0.200000
    0.400000 0.600000 0.000000
    0.600000 0.000000 0.400000
    0.600000 0.200000 0.200000
    0.600000 0.400000 0.000000
    0.800000 0.000000 0.200000
    0.800000 0.200000 0.000000
    1.000000 0.000000 0.000000
    ==27817==
    ==27817== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 8 from 1)
    --27817--
    --27817-- supp:      8 dl-hack3-cond-1
    ==27817== malloc/free: in use at exit: 0 bytes in 0 blocks.
    ==27817== malloc/free: 26 allocs, 26 frees, 760 bytes allocated.
    ==27817==
    ==27817== All heap blocks were freed -- no leaks are possible.
    --27817--  memcheck: sanity checks: 0 cheap, 1 expensive
    --27817--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
    --27817--  memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
    --27817--  memcheck: auxmaps_L2: 0 searches, 0 nodes
    --27817--  memcheck: SMs: n_issued      = 13 (208k, 0M)
    --27817--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
    --27817--  memcheck: SMs: max_noaccess  = 524287 (8388592k, 8191M)
    --27817--  memcheck: SMs: max_undefined = 0 (0k, 0M)
    --27817--  memcheck: SMs: max_defined   = 116 (1856k, 1M)
    --27817--  memcheck: SMs: max_non_DSM   = 13 (208k, 0M)
    --27817--  memcheck: max sec V bit nodes:    0 (0k, 0M)
    --27817--  memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
    --27817--  memcheck: max shadow mem size:   4352k, 4M
    --27817-- translate:            fast SP updates identified: 1,234 ( 86.3%)
    --27817-- translate:   generic_known SP updates identified: 124 (  8.6%)
    --27817-- translate: generic_unknown SP updates identified: 71 (  4.9%)
    --27817--     tt/tc: 3,834 tt lookups requiring 3,881 probes
    --27817--     tt/tc: 3,834 fast-cache updates, 5 flushes
    --27817--  transtab: new        1,799 (42,858 -> 650,732; ratio 151:10) [0 scs]
    --27817--  transtab: dumped     0 (0 -> ??)
    --27817--  transtab: discarded  15 (319 -> ??)
    --27817-- scheduler: 45,611 jumps (bb entries).
    --27817-- scheduler: 0/2,151 major/minor sched events.
    --27817--    sanity: 1 cheap, 1 expensive checks.
    --27817--    exectx: 769 lists, 20 contexts (avg 0 per list)
    --27817--    exectx: 60 searches, 40 full compares (666 per 1000)
    --27817--    exectx: 0 cmp2, 28 cmp4, 0 cmpAll
    --27817--  errormgr: 8 supplist searches, 93 comparisons during search
    --27817--  errormgr: 8 errlist searches, 28 comparisons during search
    Output with the Error from compilation sequence without debug flags:
    Code:
    gcc -O3 -pedantic -Wall -c -fmessage-length=0 -ansi -MMD -MP -MF"eg_weights.d" -MT"eg_weights.d" -o"eg_weights.o" "eg_weights.c"
    gcc  -o"evenly_generated_weights"  ./eg_weights.o   
    valgrind -v ./evenly_generated_weights
    ==27646== Memcheck, a memory error detector.
    ==27646== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
    ==27646== Using LibVEX rev 1854, a library for dynamic binary translation.
    ==27646== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
    ==27646== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
    ==27646== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
    ==27646==
    --27646-- Command line
    --27646--    ./evenly_generated_weights
    --27646-- Startup, with flags:
    --27646--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
    --27646--    -v
    --27646-- Contents of /proc/version:
    --27646--   Linux version 2.6.26-2-amd64 (Debian 2.6.26-24) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Sun Jun 20 20:16:30 UTC 2010
    --27646-- Arch and hwcaps: AMD64, amd64-sse2
    --27646-- Page sizes: currently 4096, max supported 4096
    --27646-- Valgrind library directory: /usr/lib/valgrind
    --27646-- Reading syms from /home/jduro/test/evenly_generated_weights (0x400000)
    --27646-- Reading syms from /lib/ld-2.7.so (0x4000000)
    --27646-- Reading debug info from /lib/ld-2.7.so...
    --27646-- ... CRC mismatch (computed 864d13a2 wanted bd1f3f69)
    --27646-- Reading debug info from /usr/lib/debug/lib/ld-2.7.so...
    --27646-- Reading syms from /usr/lib/valgrind/amd64-linux/memcheck (0x38000000)
    --27646--    object doesn't have a dynamic symbol table
    --27646-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
    --27646-- Reading suppressions file: /usr/lib/valgrind/default.supp
    --27646-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_core.so (0x4A1D000)
    --27646-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so (0x4C1E000)
    --27646-- REDIR: 0x4014f10 (index) redirected to 0x4c22b00 (index)
    --27646-- REDIR: 0x40150c0 (strcmp) redirected to 0x4c230c0 (strcmp)
    --27646-- REDIR: 0x40151d0 (strlen) redirected to 0x4c22dc0 (strlen)
    --27646-- Reading syms from /usr/lib/debug/libc-2.7.so (0x4E26000)
    --27646-- REDIR: 0x4ea14c0 (rindex) redirected to 0x4c22960 (rindex)
    --27646-- REDIR: 0x4e9da40 (malloc) redirected to 0x4c22540 (malloc)
    --27646-- REDIR: 0x4e9ba40 (free) redirected to 0x4c21240 (free)
    ==27646== Invalid read of size 8
    ==27646==    at 0x400A58: main (in /home/jduro/test/evenly_generated_weights)
    ==27646==  Address 0x5179028 is 8 bytes before a block of size 48 alloc'd
    ==27646==    at 0x4C2260E: malloc (vg_replace_malloc.c:207)
    ==27646==    by 0x400837: main (in /home/jduro/test/evenly_generated_weights)
    --27646-- REDIR: 0x4ea3e70 (strchrnul) redirected to 0x4c23cd0 (strchrnul)
    --27646-- REDIR: 0x4ea1080 (strlen) redirected to 0x4c22d80 (strlen)
    --27646-- REDIR: 0x4ea25d0 (mempcpy) redirected to 0x4c23d30 (mempcpy)
    0.000000 0.000000 1.000000
    0.000000 0.200000 0.800000
    0.000000 0.400000 0.600000
    0.000000 0.600000 0.400000
    0.000000 0.800000 0.200000
    0.000000 1.000000 0.000000
    0.200000 0.000000 0.800000
    0.200000 0.200000 0.600000
    0.200000 0.400000 0.400000
    0.200000 0.600000 0.200000
    0.200000 0.800000 0.000000
    0.200000 1.000000 0.000000
    0.400000 0.000000 0.600000
    0.400000 0.200000 0.400000
    0.400000 0.400000 0.200000
    0.400000 0.600000 0.000000
    0.400000 0.800000 0.000000
    0.400000 1.000000 0.000000
    0.600000 0.000000 0.400000
    0.600000 0.200000 0.200000
    0.600000 0.400000 0.000000
    ==27646==
    ==27646== ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 8 from 1)
    ==27646==
    ==27646== 3 errors in context 1 of 1:
    ==27646== Invalid read of size 8
    ==27646==    at 0x400A58: main (in /home/jduro/test/evenly_generated_weights)
    ==27646==  Address 0x5179028 is 8 bytes before a block of size 48 alloc'd
    ==27646==    at 0x4C2260E: malloc (vg_replace_malloc.c:207)
    ==27646==    by 0x400837: main (in /home/jduro/test/evenly_generated_weights)
    --27646--
    --27646-- supp:      8 dl-hack3-cond-1
    ==27646==
    ==27646== IN SUMMARY: 3 errors from 1 contexts (suppressed: 8 from 1)
    ==27646==
    ==27646== malloc/free: in use at exit: 0 bytes in 0 blocks.
    ==27646== malloc/free: 26 allocs, 26 frees, 760 bytes allocated.
    ==27646==
    ==27646== All heap blocks were freed -- no leaks are possible.
    --27646--  memcheck: sanity checks: 0 cheap, 1 expensive
    --27646--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
    --27646--  memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
    --27646--  memcheck: auxmaps_L2: 0 searches, 0 nodes
    --27646--  memcheck: SMs: n_issued      = 13 (208k, 0M)
    --27646--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
    --27646--  memcheck: SMs: max_noaccess  = 524287 (8388592k, 8191M)
    --27646--  memcheck: SMs: max_undefined = 0 (0k, 0M)
    --27646--  memcheck: SMs: max_defined   = 116 (1856k, 1M)
    --27646--  memcheck: SMs: max_non_DSM   = 13 (208k, 0M)
    --27646--  memcheck: max sec V bit nodes:    0 (0k, 0M)
    --27646--  memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
    --27646--  memcheck: max shadow mem size:   4352k, 4M
    --27646-- translate:            fast SP updates identified: 1,239 ( 86.6%)
    --27646-- translate:   generic_known SP updates identified: 123 (  8.6%)
    --27646-- translate: generic_unknown SP updates identified: 68 (  4.7%)
    --27646--     tt/tc: 3,798 tt lookups requiring 3,845 probes
    --27646--     tt/tc: 3,798 fast-cache updates, 5 flushes
    --27646--  transtab: new        1,781 (42,428 -> 642,808; ratio 151:10) [0 scs]
    --27646--  transtab: dumped     0 (0 -> ??)
    --27646--  transtab: discarded  15 (319 -> ??)
    --27646-- scheduler: 45,176 jumps (bb entries).
    --27646-- scheduler: 0/2,133 major/minor sched events.
    --27646--    sanity: 1 cheap, 1 expensive checks.
    --27646--    exectx: 769 lists, 21 contexts (avg 0 per list)
    --27646--    exectx: 63 searches, 42 full compares (666 per 1000)
    --27646--    exectx: 0 cmp2, 30 cmp4, 0 cmpAll
    --27646--  errormgr: 9 supplist searches, 183 comparisons during search
    --27646--  errormgr: 11 errlist searches, 38 comparisons during search

  2. #2
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,443
    Code:
    		position=lsize;
    		for(j=0;j<(M-1);j++) {
    			f[i][j]=a[counter[j]];
    			position-=counter[j];
    		}
    		f[i][M-1]=a[position-1];
    What keeps position in bounds with all that variable decrementing?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. How can I know the actual bytes read in a file read
    By pliang in forum C++ Programming
    Replies: 1
    Last Post: 06-08-2005, 04:23 PM
  2. Replies: 3
    Last Post: 03-04-2005, 01:46 PM
  3. Flood of errors when include .h
    By erik2004 in forum C++ Programming
    Replies: 14
    Last Post: 12-07-2002, 06:37 AM
  4. Read Array pro!!Plz help!!
    By Supra in forum C Programming
    Replies: 2
    Last Post: 03-04-2002, 02:49 PM
  5. Help! Can't read decimal number
    By Unregistered in forum C Programming
    Replies: 2
    Last Post: 09-07-2001, 02:09 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21