Valgrind errors: valid, or false positives ?

Simple Simon

It's entirely possible that I'm completely in the wrong line of work,
but I don't see what Valgrind is complaining about in this code.

Invalid read/writes?

If I free the within main(), rather than within free_node_list( ),
Valgrind reports 0 leaks?

OS: SuSE 9.3 Linux 2.6.11.4-21.11-default i686 i386
GCC: 3.3.5 20050117

CODE:

#include <stdio.h>
#include <stdlib.h>

struct node_tag {
int value ;
struct node_tag * next ;
} ;
typedef struct node_tag node ;

struct node_list_tag {
node * first ;
node * last ;
} ;
typedef struct node_list_tag node_list ;

int populate_node_l ist( node_list *, int ) ;
int print_node_list ( node_list * ) ;
int free_node_list( node_list * ) ;

int
main(void) {
int i ;
node * n = NULL, * next = NULL ;
node_list nl = {0,0} ;
// populate
for ( i = 0 ; i < 100000 ; i++ )
{
populate_node_l ist( &nl, i ) ;
}
print_node_list ( &nl ) ;
free_node_list( &nl ) ;
printf( "free()'ed node list: %p, %p\n", nl.first, nl.last ) ;
return 0 ;
}

int
populate_node_l ist( node_list * nlp, int val )
{
node * nn = NULL ;
nn = calloc( 1, sizeof(int) ) ;
nn->value = val;
if ( nlp->first == NULL )
nlp->first = nlp->last = nn ;
else
{
nlp->last->next = nn ;
nlp->last = nn ;
}
return 0 ;
}

int
print_node_list ( node_list * nlp )
{
int i = 1 ;
node * nn = nlp->first ;

while ( nn )
{
//printf( "node: %.5d\tvalue: %.5d\n", i++, nn->value ) ;
if ( nn->next == NULL )
break ;

nn = nn->next ;
}
nlp->first = nlp->last = NULL ;

return 0 ;
}

int
free_node_list( node_list * nlp )
{
node * cur = nlp->first, * next ;
while ( cur )
{
next = cur->next ;
free( cur ) ;
cur = next ;
}
return 0 ;
}

Valgrind output (trimmed):

me@host:~/miscgcc -O0 -ggdb -o valtest valtest.c
me@host:~/miscvalgrind -v --leak-check=yes ./valtest
==21068== Memcheck, a memory error detector.
==21068== Using valgrind-3.2.1, a dynamic binary instrumentation
framework.
--21068-- Contents of /proc/version:
--21068-- Linux version 2.6.11.4-21.11-default (geeko@buildhos t)
(gcc version 3.3.5 20050117 (prerelease) (SUSE Linux)) #1 Thu Feb
2 20:54:26 UTC 2006
--21068-- Arch and hwcaps: X86, x86-sse1-sse2
==21068== WARNING: new redirection conflicts with existing --
ignoring it
--21068-- new: 0x04012B60 (index ) R-0x0401DFC0 index

==21068== Invalid write of size 4
==21068== at 0x8048502: populate_node_l ist (valtest.c:58)
==21068== by 0x8048474: main (valtest.c:40)
==21068== Address 0x415402C is 0 bytes after a block of size 4
alloc'd
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)
node: 00001 value: 00000
==21068==
==21068== Invalid read of size 4
==21068== at 0x8048553: print_node_list (valtest.c:73)
==21068== by 0x804848A: main (valtest.c:42)
==21068== Address 0x415402C is 0 bytes after a block of size 4
alloc'd
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)
==21068==
==21068== Invalid read of size 4
==21068== at 0x804855E: print_node_list (valtest.c:76)
==21068== by 0x804848A: main (valtest.c:42)
==21068== Address 0x415402C is 0 bytes after a block of size 4
alloc'd
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)

--21068-- REDIR: 0x40A1980 (strnlen) redirected to 0x401E200
(strnlen)
free()'ed node list: (nil), (nil)
--21068-- REDIR: 0x409C640 (free) redirected to 0x401D047 (free)
==21068==
==21068== ERROR SUMMARY: 299998 errors from 3 contexts (suppressed:
11 from 1)
==21068==
==21068== 99999 errors in context 1 of 3:
==21068== Invalid read of size 4
==21068== at 0x804855E: print_node_list (valtest.c:76)
==21068== by 0x804848A: main (valtest.c:42)
==21068== Address 0x415402C is 0 bytes after a block of size 4
alloc'd
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)
==21068==
==21068== 99999 errors in context 2 of 3:
==21068== Invalid write of size 4
==21068== at 0x8048502: populate_node_l ist (valtest.c:58)
==21068== by 0x8048474: main (valtest.c:40)
==21068== Address 0x415402C is 0 bytes after a block of size 4
alloc'd
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)
==21068==
==21068== 100000 errors in context 3 of 3:
==21068== Invalid read of size 4
==21068== at 0x8048553: print_node_list (valtest.c:73)
==21068== by 0x804848A: main (valtest.c:42)
==21068== Address 0x415402C is 0 bytes after a block of size 4
alloc'd
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)
--21068--
--21068-- supp: 11 Ubuntu-stripped-ld.so
==21068==
==21068== IN SUMMARY: 299998 errors from 3 contexts (suppressed: 11
from 1)
==21068==
==21068== malloc/free: in use at exit: 400,000 bytes in 100,000
blocks.
==21068== malloc/free: 100,000 allocs, 0 frees, 400,000 bytes
allocated.
==21068==
==21068== searching for pointers to 100,000 not-freed blocks.
==21068== checked 56,584 bytes.
==21068==
==21068==
==21068== 400,000 bytes in 100,000 blocks are definitely lost in loss
record 1 of 1
==21068== at 0x401D940: calloc (vg_replace_mal loc.c:279)
==21068== by 0x80484D2: populate_node_l ist (valtest.c:52)
==21068== by 0x8048474: main (valtest.c:40)
==21068==
==21068== LEAK SUMMARY:
==21068== definitely lost: 400,000 bytes in 100,000 blocks.
==21068== possibly lost: 0 bytes in 0 blocks.
==21068== still reachable: 0 bytes in 0 blocks.
==21068== suppressed: 0 bytes in 0 blocks.

Nov 4 '06 #1

Subscribe Reply

5079

Eric Sosman

Simple Simon wrote:

It's entirely possible that I'm completely in the wrong line of work,
but I don't see what Valgrind is complaining about in this code.
[...]
struct node_tag {
int value ;
struct node_tag * next ;
} ;
typedef struct node_tag node ;
[...]
node * nn = NULL ;
nn = calloc( 1, sizeof(int) ) ;

^^^^^^^^^^^

This would not have happened if you had used the Guaranteed
100% Fat-Free All-Singing All-Dancing Preferred Idiom:

nn = calloc(1, sizeof *nn);

--
Eric Sosman
es*****@acm-dot-org.invalid

Nov 4 '06 #2

Simple Simon

es*****@acm-dot-org.invalid wrote...

Simple Simon wrote:

It's entirely possible that I'm completely in the wrong line of work,
but I don't see what Valgrind is complaining about in this code.
[...]
struct node_tag {
int value ;
struct node_tag * next ;
} ;
typedef struct node_tag node ;
[...]
node * nn = NULL ;
nn = calloc( 1, sizeof(int) ) ;
^^^^^^^^^^^

This would not have happened if you had used the Guaranteed
100% Fat-Free All-Singing All-Dancing Preferred Idiom:

nn = calloc(1, sizeof *nn);

Oh, fuck.

"Career-Changes-R-Us? Send me a pamphlet right away."

Nov 4 '06 #3

Paul Pluzhnikov

Simple Simon <ss****@domain. invalidwrites:

It's entirely possible that I'm completely in the wrong line of work,
but I don't see what Valgrind is complaining about in this code.

Perhaps this Insure++ report will make it clearer for you?
It contains the exact same info, except line numbers have changed.

VG output from your test case on my machine:

==19256== Invalid write of size 4
==19256== at 0x80484B2: populate_node_l ist (junk.c:46)
==19256== by 0x8048424: main (junk.c:28)
==19256== Address 0x1B91802C is 0 bytes after a block of size 4 alloc'd
==19256== at 0x1B902BD5: calloc (vg_replace_mal loc.c:175)
==19256== by 0x8048482: populate_node_l ist (junk.c:40)
==19256== by 0x8048424: main (junk.c:28)

Insure output from the same:

[junk.c:46] **WRITE_OVERFLO W**

> nlp->last->next = nn ;

Structure reference out of range: (nlp->last)

bbbbb
| 4 | 4 |
wwwww

Writing (w) : 0x0894c01c thru 0x0894c01f (4 bytes)
To block (b) : 0x0894c018 thru 0x0894c01b (4 bytes)
nn, allocated at junk.c, 40
calloc() (interface)
populate_node_l ist() junk.c, 40
main() junk.c, 28

Stack trace where the error occurred:
populate_node_l ist() junk.c, 46
main() junk.c, 28

**Memory corrupted. Program may crash!!**

Invalid read/writes?

Yes, writing beyond allocated memory is invalid.

If I free the within main(), rather than within free_node_list( ),
Valgrind reports 0 leaks?

Where you free (or whether you free at all) has nothing to do with
invalid writes.

int
populate_node_l ist( node_list * nlp, int val )
{
node * nn = NULL ;

This is line 40:

nn = calloc( 1, sizeof(int) ) ;

Should be:

nn = calloc( 1, sizeof(*nn) ) ;

nn->value = val;
if ( nlp->first == NULL )
nlp->first = nlp->last = nn ;
else
{
nlp->last->next = nn ;
nlp->last = nn ;
}
return 0 ;
}

After the fix above, all invalid read/writes are gone, and you are just left with

==19303== LEAK SUMMARY:
==19303== definitely lost: 515528 bytes in 64441 blocks.

Here is what Insure has to tell you about that leak:

[junk.c:66] **LEAK_ASSIGN**

> nlp->first = nlp->last = NULL ;

Memory leaked due to pointer reassignment: nn

Lost block : 0x09632018 thru 0x0963201f (8 bytes)
nn, allocated at junk.c, 40
calloc() (interface)
populate_node_l ist() junk.c, 40
main() junk.c, 28

Stack trace where the error occurred:
print_node_list () junk.c, 66
main() junk.c, 30

[junk.c:68] **LEAK_SCOPE**

> return 0 ;

Memory leaked leaving scope: nn

Lost block : 0x096321c8 thru 0x096321cf (8 bytes)
nn, allocated at junk.c, 40
calloc() (interface)
populate_node_l ist() junk.c, 40
main() junk.c, 28

Stack trace where the error occurred:
print_node_list () junk.c, 68
main() junk.c, 30
It is unusual for "print-data-structure" routine to modify that
structure. In your case, line 66 should be deleted entirely.

nlp->first = nlp->last = NULL ; // line 66
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.

Nov 4 '06 #4

Simple Simon

pp************* @charter.net wrote...

Simple Simon <ss****@domain. invalidwrites:

It's entirely possible that I'm completely in the wrong line of work,
but I don't see what Valgrind is complaining about in this code.

Perhaps this Insure++ report will make it clearer for you?
It contains the exact same info, except line numbers have changed.

Insure++, and your post, are stunningly illuminating. Thank you for
the time you took on this.

That bug in print_node_list () was just stoopid programmer stuff --
that assignment was supposed to be in free_node_list( ) instead.

VG output from your test case on my machine:

==19256== Invalid write of size 4
==19256== at 0x80484B2: populate_node_l ist (junk.c:46)
==19256== by 0x8048424: main (junk.c:28)
==19256== Address 0x1B91802C is 0 bytes after a block of size 4 alloc'd
==19256== at 0x1B902BD5: calloc (vg_replace_mal loc.c:175)
==19256== by 0x8048482: populate_node_l ist (junk.c:40)
==19256== by 0x8048424: main (junk.c:28)

Insure output from the same:

[junk.c:46] **WRITE_OVERFLO W**

nlp->last->next = nn ;

Structure reference out of range: (nlp->last)

bbbbb
| 4 | 4 |
wwwww

Writing (w) : 0x0894c01c thru 0x0894c01f (4 bytes)
To block (b) : 0x0894c018 thru 0x0894c01b (4 bytes)
nn, allocated at junk.c, 40
calloc() (interface)
populate_node_l ist() junk.c, 40
main() junk.c, 28

Stack trace where the error occurred:
populate_node_l ist() junk.c, 46
main() junk.c, 28

**Memory corrupted. Program may crash!!**

Invalid read/writes?

Yes, writing beyond allocated memory is invalid.

If I free the within main(), rather than within free_node_list( ),
Valgrind reports 0 leaks?

Where you free (or whether you free at all) has nothing to do with
invalid writes.

int
populate_node_l ist( node_list * nlp, int val )
{
node * nn = NULL ;

This is line 40:

nn = calloc( 1, sizeof(int) ) ;

Should be:

nn = calloc( 1, sizeof(*nn) ) ;

nn->value = val;
if ( nlp->first == NULL )
nlp->first = nlp->last = nn ;
else
{
nlp->last->next = nn ;
nlp->last = nn ;
}
return 0 ;
}

After the fix above, all invalid read/writes are gone, and you are just left with

==19303== LEAK SUMMARY:
==19303== definitely lost: 515528 bytes in 64441 blocks.

Here is what Insure has to tell you about that leak:

[junk.c:66] **LEAK_ASSIGN**

nlp->first = nlp->last = NULL ;

Memory leaked due to pointer reassignment: nn

Lost block : 0x09632018 thru 0x0963201f (8 bytes)
nn, allocated at junk.c, 40
calloc() (interface)
populate_node_l ist() junk.c, 40
main() junk.c, 28

Stack trace where the error occurred:
print_node_list () junk.c, 66
main() junk.c, 30

[junk.c:68] **LEAK_SCOPE**

return 0 ;

Memory leaked leaving scope: nn

Lost block : 0x096321c8 thru 0x096321cf (8 bytes)
nn, allocated at junk.c, 40
calloc() (interface)
populate_node_l ist() junk.c, 40
main() junk.c, 28

Stack trace where the error occurred:
print_node_list () junk.c, 68
main() junk.c, 30
It is unusual for "print-data-structure" routine to modify that
structure. In your case, line 66 should be deleted entirely.

nlp->first = nlp->last = NULL ; // line 66
Cheers,

Nov 4 '06 #5

Similar topics

8088

Script to determine valid email address by querying server

by: siliconmike | last post by:

Hi, I'm looking for a reliable script that would connect to a host and somehow determine whether an email address is valid. since getmxrr() only gets the mx records.. Links/pointers ? Mike

PHP

2942

valgrind python 2.3.4

by: Jerald | last post by:

Running python 2.3.4 on valgrind (a tool like purify which checks the use of uninitialized memory, etc), gives a lot of errors. See below. jfj@cluster:~/> python -V Python 2.3.4 jfj@cluster:~/> valgrind python ==10517== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.

Python

2986

spliting a list by nth items

by: Steven Bethard | last post by:

I feel like this has probably been answered before, but I couldn't find something quite like it in the archives. Feel free to point me somewhere if you know where this has already been answered. I have a list in a particular order that I want to split into two lists: the list of every nth item, and the list of remaining items. It's important to maintain the original order in both lists. So the first list is simple:

Python

2422

Why is this valid HTML?

by: Mr. Clean | last post by:

As you may know, spammer use this technique to get by filters. <!H>It<!W> is<!N> <!K>a<!L> w<!Q>el<!Q>l <!X>k<!O>now<!B>n <!F>f<!G>a<!V>c<!O>t <!S>th<!B>at p<!R>eopl<!J>e<!G> <!Z>who <!V>p<!U>o<!P>ss<!F>e<!L>s<!U> <!S>a <!J>de<!S>gr<!T>ee <!W>a<!K>r<!I>e<!V> l<!O>o<!D>o<!W>k<!C>ed <!J>upo<!R>n<!K> a<!U>s<!G> <!X>th<!O>e <!E>elit<!U>e<!N><BR> <!T> If yo<!Q>u <!B>ha<!C>ve<!Y> a<!S> d<!Q>eg<!E>r<!Y>ee<!E>, yo<!F>u<!N> a<!Z>re<! M>...

HTML / CSS

22789

Valgrind says "Invalid read of size 4". What's the problem?

by: hvaisane | last post by:

Valgrind says ==11604== Invalid read of size 4 ==11604== at 0x8048ABB: main (foo.cc:36) ==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd ==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156) ==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86) ==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*,...

C / C++

5686

Verify an xml file is valid

by: David Thielen | last post by:

Hi; What's the fastest way to verify that an xml file is well-formed (and valid if it has a dtd)? I don't want to pull any data out, I just want to make sure it is a good file. (When the user selects an xml file to save and use in the future, we want to do a fast sanity check on it.) -- thanks - dave david_at_windward_dot_net

.NET Framework

2010

Solving Valgrind Errors

by: dhina.jayavelu | last post by:

Hi, I Executed my project Developed in "C" with Valgrind tool with memory check option it shows these errors i don't know how to solve these errors.After getting these errors i try to put free() at the end of function defintion eventhough i got the same problem. If anybody knows please mail me .. By

C / C++

10924

Valgrind and STL

by: wwfarch | last post by:

I'm working on creating a K-Nearest Neighbor classifier and having some problems that I can't figure out. I have a header file KNNClassifier.h and its class file KNNClassifier.cc In KNNClassifier.h I have the following declarations: class KNNClassifier{ ... map<int, string> classNames; map<int, DataStore*> lastDataStores; map<int, int*> classificationMap; map<int, int> indexMap;

C / C++

2430

PHPMailer - False Positives

by: Lucanos | last post by:

Hi All, I am currently using PHPMailer to send out a set of emails on the execution of a PHP Script (obviously). My problem is that the PHPMailer action is returning a "true" result each time it is executed, but not every email generated by this action is actually being sent. My account is hosted on HostMonster, and is pointed at the localhost as the SMTP server.

PHP

8275

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8792

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8694

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8457

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

7294

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6157

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5605

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4280

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1585

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General