Peculiar and weird problem in C

**asadfx** · 06-26-2011

I have made an UDP server in C (Ubuntu 10.10). The server is quite large. When the server runs for the first time, it processes the data from the client correctly. But when another client comes along and sends some data, the program crashes with the following message:

Code:

MappingServer: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted

Now, I tried to use Valgrind to detect the problem. I used:

Code:

valgrind --leak-check=yes -v ./MappingServer

When I run the program like this, I have no more error (No matter how many clients!). What’s going on here? As far as I can understand, Valgrind is a debugging tool, it’s not suppose to fix anything, rather show me what’s wrong. Please someone explain. Also tell me about the original error message, what does it mean? Why does it crop up?

**rags_to_riches** · 06-26-2011

Good job on using valgrind. Now, what was the actual output of valgrind?

**Salem** · 06-26-2011

> Also tell me about the original error message, what does it mean? Why does it crop up?
With each block of memory you allocate, there is an associated block of memory telling the memory pool manager such things as the size of this block, and pointers to other blocks. Mostly, this is all used when it comes to free the block. There are also likely some guard values to assist with detecting whether this block has been trashed, and that is what you're seeing with the assert()

All in all, it seems like a nice case of trying to access ptr[-1] in your code.

> When I run the program like this, I have no more error (No matter how many clients!). What’s going on here?
You get a different allocation routine with valgrind, which probably has a different arrangement of data preceding the block allocation. A small buffer underrun probably trashes something else instead.

As an alternative, you might try Electric Fence with the EF_PROTECT_BELOW option. This will trap any buffer underrun. Run the code in the debugger to get an exact location in the code where the underrun happens.

**asadfx** · 06-26-2011

Originally Posted by rags_to_riches

Good job on using valgrind. Now, what was the actual output of valgrind?

Its a huge program. So bear with it. Also some of the errors might be because I didn't use free(). Its a research code. So Optimization is not a priority.

Code:

root@ahuq-kitchen:/home/ahuq/MappingServer# valgrind --leak-check=yes -v ./MappingServer
==2803== Memcheck, a memory error detector
==2803== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==2803== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==2803== Command: ./MappingServer
==2803== 
--2803-- Valgrind options:
--2803--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--2803--    --leak-check=yes
--2803--    -v
--2803-- Contents of /proc/version:
--2803--   Linux version 2.6.35-28-generic (buildd@rothera) (gcc version 4.4.5 (Ubuntu/Linaro 4.4.4-14ubuntu5) ) #50-Ubuntu SMP Fri Mar 18 19:00:26 UTC 2011
--2803-- Arch and hwcaps: X86, x86-sse1-sse2
--2803-- Page sizes: currently 4096, max supported 4096
--2803-- Valgrind library directory: /usr/lib/valgrind
--2803-- Reading syms from /lib/ld-2.12.1.so (0x4000000)
--2803--   Considering /lib/ld-2.12.1.so ..
--2803--   .. CRC mismatch (computed a82842cc wanted adb283ea)
--2803--   Considering /usr/lib/debug/lib/ld-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- Reading syms from /home/ahuq/MappingServer/MappingServer (0x8048000)
--2803-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux (0x38000000)
--2803--    object doesn't have a dynamic symbol table
--2803-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
--2803-- Reading suppressions file: /usr/lib/valgrind/default.supp
--2803-- REDIR: 0x4016c20 (index) redirected to 0x3803dce3 (vgPlain_x86_linux_REDIR_FOR_index)
--2803-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so (0x4020000)
--2803-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so (0x4023000)
==2803== WARNING: new redirection conflicts with existing -- ignoring it
--2803--     new: 0x04016c20 (index               ) R-> 0x0402690d index
--2803-- REDIR: 0x4016df0 (strlen) redirected to 0x4026ce7 (strlen)
--2803-- Reading syms from /usr/lib/libmysqlclient.so.16.0.0 (0x4039000)
--2803--    object doesn't have a symbol table
--2803-- Reading syms from /lib/libc-2.12.1.so (0x4229000)
--2803--   Considering /lib/libc-2.12.1.so ..
--2803--   .. CRC mismatch (computed 1993aa75 wanted 7fd9e165)
--2803--   Considering /usr/lib/debug/lib/libc-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- Reading syms from /lib/libpthread-2.12.1.so (0x4386000)
--2803--   Considering /lib/libpthread-2.12.1.so ..
--2803--   .. CRC mismatch (computed a98f3783 wanted 27bed21a)
--2803--   Considering /usr/lib/debug/lib/libpthread-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- Reading syms from /lib/libcrypt-2.12.1.so (0x43a0000)
--2803--   Considering /lib/libcrypt-2.12.1.so ..
--2803--   .. CRC mismatch (computed 19d04e6e wanted c3d8b057)
--2803--   Considering /usr/lib/debug/lib/libcrypt-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- Reading syms from /lib/libnsl-2.12.1.so (0x43d2000)
--2803--   Considering /lib/libnsl-2.12.1.so ..
--2803--   .. CRC mismatch (computed de220e2d wanted 5cc2cbff)
--2803--   Considering /usr/lib/debug/lib/libnsl-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- Reading syms from /lib/libm-2.12.1.so (0x43e9000)
--2803--   Considering /lib/libm-2.12.1.so ..
--2803--   .. CRC mismatch (computed bcd89a8a wanted 852f4467)
--2803--   Considering /usr/lib/debug/lib/libm-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- Reading syms from /lib/libz.so.1.2.3.4 (0x440f000)
--2803--   Considering /lib/libz.so.1.2.3.4 ..
--2803--   .. CRC mismatch (computed 72a91e5f wanted 8ab4f5d7)
--2803--    object doesn't have a symbol table
--2803-- REDIR: 0x429e520 (bcmp) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429e910 (memset) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x430c9e0 (__memcpy_chk) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429ef10 (memcpy) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429d700 (strlen) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429e850 (memmove) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429d9b0 (strncmp) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x430ca30 (__memmove_chk) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429d100 (strcmp) redirected to 0x402040c (_vgnU_ifunc_wrapper)
--2803-- REDIR: 0x429cf90 (index) redirected to 0x402687d (index)
--2803-- REDIR: 0x429e380 (memchr) redirected to 0x402731d (memchr)
--2803-- REDIR: 0x429dae0 (rindex) redirected to 0x402679a (rindex)
--2803-- REDIR: 0x4299ed0 (malloc) redirected to 0x4025b4e (malloc)
--2803-- REDIR: 0x4299df0 (free) redirected to 0x4025768 (free)
--2803-- REDIR: 0x42995d0 (calloc) redirected to 0x4024e32 (calloc)
--2803-- REDIR: 0x42a0280 (strchrnul) redirected to 0x4027fbf (strchrnul)

waiting for data on port UDP 4342

UDP payload size: 1204 

--2803-- REDIR: 0x429d1c0 (strcpy) redirected to 0x4026d1d (strcpy)
--2803-- REDIR: 0x429cde0 (strcat) redirected to 0x402699d (strcat)
number of records:  14
--2803-- REDIR: 0x429d7c0 (__GI_strlen) redirected to 0x4026ccc (__GI_strlen)
--2803-- REDIR: 0x429d740 (__strlen_sse2) redirected to 0x4026cb1 (strlen)
--2803-- REDIR: 0x4345490 (__strcmp_ssse3) redirected to 0x40271e5 (strcmp)
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicatewe need to send reply.
--2803-- REDIR: 0x429da00 (strncpy) redirected to 0x4026ed1 (strncpy)
temp_eid_prefix:81.130.29.0/255.255.255.0/
temp_rloc:10.10.30.1/ALL

temp_eid_prefix:120.14.64.0/255.255.192.0/
temp_rloc:10.10.30.1/ALL

--2803-- REDIR: 0x433c140 (__memset_sse2) redirected to 0x4027ef0 (memset)

Input for md5: md5 -s81.130.29.0/255.255.255.0/120.14.64.0/255.255.192.0/  
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026CBF: strlen (mc_replace_strmem.c:282)
==2803==    by 0x8049E00: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 
RLOC address: 10.10.30.1
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026CC8: strlen (mc_replace_strmem.c:282)
==2803==    by 0x8049FA4: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026CBF: strlen (mc_replace_strmem.c:282)
==2803==    by 0x8049FC3: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026D5D: strcpy (mc_replace_strmem.c:311)
==2803==    by 0x8049FF5: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026CC8: strlen (mc_replace_strmem.c:282)
==2803==    by 0x804A003: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026CC8: strlen (mc_replace_strmem.c:282)
==2803==    by 0x804A01F: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 

 Coomunity String:  =3d2b68ec1bfe0922dd0ebe31b524f6c6
=3d2b68ec1bfe0922dd0ebe31b524f6c6
 advertised_number:   2435
 AGAIN:   =3d2b68ec1bfe0922dd0ebe31b524f6c6
--2803-- REDIR: 0x433d250 (__memcpy_ssse3) redirected to 0x4027359 (memcpy)
remove input:vtysh -c "configure terminal" -c "router bgp 100" -c "no network 10.10.30.1/32" -c "no ip prefix-list PLIST1 permit 0.0.0.0/0 le 32"
modify_input:vtysh -c "configure terminal" -c "router bgp 100" -c "network 10.10.30.1/32" -c "neighbor 10.144.13.65 remote-as 7675" -c "ip prefix-list PLIST1 permit 0.0.0.0/0 le 32" -c "route-map OUTBOUND permit 10" -c "match ip address prefix-list PLIST1" -c "set community 2435:0 " -c "set aggregator as 7675 10.10.30.1"
==2803== Invalid read of size 1
==2803==    at 0x4026D37: strcpy (mc_replace_strmem.c:311)
==2803==    by 0x804A152: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803==  Address 0xbeef037c is not stack'd, malloc'd or (recently) free'd
==2803== 
==2803== Invalid read of size 1
==2803==    at 0x4026D58: strcpy (mc_replace_strmem.c:311)
==2803==    by 0x804A152: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803==  Address 0xbeef037d is not stack'd, malloc'd or (recently) free'd
==2803== 
we r here 
--2803-- REDIR: 0x42a3db0 (__GI_strncmp) redirected to 0x402717e (__GI_strncmp)
--2803-- REDIR: 0x429d150 (__GI_strcmp) redirected to 0x4027233 (__GI_strcmp)
--2803-- REDIR: 0x429ec00 (stpcpy) redirected to 0x4027c04 (stpcpy)
--2803-- Reading syms from /lib/libnss_files-2.12.1.so (0x402c000)
--2803--   Considering /lib/libnss_files-2.12.1.so ..
--2803--   .. CRC mismatch (computed 36795cc3 wanted 43a18808)
--2803--   Considering /usr/lib/debug/lib/libnss_files-2.12.1.so ..
--2803--   .. CRC is valid
--2803-- REDIR: 0x42a01b0 (rawmemchr) redirected to 0x4027fe6 (rawmemchr)
--2803-- REDIR: 0x4346900 (__strncmp_ssse3) redirected to 0x4027115 (strncmp)

 Correctly connected to MySQL! 
SSSSSSS :2435
81.130.29.0/255.255.255.0/10.10.30.1/ALL
81.130.29.0  255.255.255.0  10.10.30.1  ALL
  120.14.64.0/255.255.192.0/10.10.30.1/ALL
120.14.64.0  255.255.192.0  10.10.30.1  ALL
--2803-- REDIR: 0x429d880 (strnlen) redirected to 0x4026c50 (strnlen)
  
UDP payload size: 1204 

number of records:  7
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicate
No Duplicatewe need to send reply.
temp_eid_prefix:81.130.29.0/255.255.255.0/
temp_rloc:10.10.30.1/ALL

temp_eid_prefix:120.14.64.0/255.255.192.0/
temp_rloc:10.10.30.1/ALL

temp_eid_prefix:63.130.121.0/255.255.255.0/
temp_rloc:10.10.30.1/ALL


Input for md5: md5 -s81.130.29.0/255.255.255.0/120.14.64.0/255.255.192.0/63.130.121.0/255.255.255.0/  
==2803== Conditional jump or move depends on uninitialised value(s)
==2803==    at 0x4026CC8: strlen (mc_replace_strmem.c:282)
==2803==    by 0x8049E00: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803== 
RLOC address: 10.10.30.1

 Coomunity String:  =e938d589b93204b7eadd80abe9b0f8ee
=e938d589b93204b7eadd80abe9b0f8ee
 advertised_number:   2462
 AGAIN:   =e938d589b93204b7eadd80abe9b0f8ee
remove input:vtysh -c "configure terminal" -c "router bgp 100" -c "no network 10.10.30.1/32" -c "no ip prefix-list PLIST1 permit 0.0.0.0/0 le 32"
modify_input:vtysh -c "configure terminal" -c "router bgp 100" -c "network 10.10.30.1/32" -c "neighbor 10.144.13.65 remote-as 7675" -c "ip prefix-list PLIST1 permit 0.0.0.0/0 le 32" -c "route-map OUTBOUND permit 10" -c "match ip address prefix-list PLIST1" -c "set community 2462:0 " -c "set aggregator as 7675 10.10.30.1"
we r here 

 Correctly connected to MySQL! 
SSSSSSS :2462
81.130.29.0/255.255.255.0/10.10.30.1/ALL
81.130.29.0  255.255.255.0  10.10.30.1  ALL
  120.14.64.0/255.255.192.0/10.10.30.1/ALL
120.14.64.0  255.255.192.0  10.10.30.1  ALL
  63.130.121.0/255.255.255.0/10.10.30.1/ALL
63.130.121.0  255.255.255.0  10.10.30.1  ALL

**rags_to_riches** · 06-26-2011

This is where you should focus:

Code:

==2803== Invalid read of size 1
==2803==    at 0x4026D37: strcpy (mc_replace_strmem.c:311)
==2803==    by 0x804A152: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803==  Address 0xbeef037c is not stack'd, malloc'd or (recently) free'd
==2803== 
==2803== Invalid read of size 1
==2803==    at 0x4026D58: strcpy (mc_replace_strmem.c:311)
==2803==    by 0x804A152: route_advertise (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8049E79: route_to_file (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x804A3E0: route_aggregation_main (in /home/ahuq/MappingServer/MappingServer)
==2803==    by 0x8048EBF: main (in /home/ahuq/MappingServer/MappingServer)
==2803==  Address 0xbeef037d is not stack'd, malloc'd or (recently) free'd
==2803==

specifically

Code:

==2803==    by 0x804A152: route_advertise (in /home/ahuq/MappingServer/MappingServer)

**Salem** · 06-26-2011

==2803== Conditional jump or move depends on uninitialised value(s) ==2803== at 0x4026CC8: strlen (mc_replace_strmem.c:282)
All of this smacks of not adding a \0 on the end of your strings.
Or you're not allocating strlen(s)+1 bytes to begin with.

Thread: Peculiar and weird problem in C

Thread Tools

Search Thread

Display

Peculiar and weird problem in C

Similar Threads

A peculiar problem in displaying a file.

Peculiar Problem with typedef

Peculiar Problem with Printf

Peculiar Problem with Printf

Peculiar Problem with char variable in C Language

Tags for this Thread