My Blog: c - Invalid Read of size 1 on running Valgrind -

Friday, 15 April 2011

c - Invalid Read of size 1 on running Valgrind -

the next error got after running valrind valgrind --tool=memcheck --leak-check=full --show-reachable=yes ./out ==12140== invalid read of size 1 ==12140== @ 0x4c2df84: strncat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12140== 0x40100d: createsortedruns (final.c:178) ==12140== 0x401297: main (final.c:249) ==12140== address 0x51fd549 0 bytes after block of size 9 alloc'd ==12140== @ 0x4c2ab80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12140== 0x400efd: createsortedruns (final.c:150) ==12140== 0x401297: main (final.c:249) ==12140==

the other error getting is:

==12140== invalid write of size 1 ==12140==    @ 0x4c2dfd0: strncat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12140==    0x40100d: createsortedruns (final.c:178) ==12140==    0x401297: main (final.c:249) ==12140==  address 0x51fd54d 4 bytes after block of size 9 alloc'd ==12140==    @ 0x4c2ab80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12140==    0x400efd: createsortedruns (final.c:150) ==12140==    0x401297: main (final.c:249) ==12140==  ==12140==  ==12140== 250 errors in context 7 of 13:

the other error getting is:

==12140== invalid read of size 1 ==12140==    @ 0x4c2df84: strncat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12140==    0x40100d: createsortedruns (final.c:178) ==12140==    0x401297: main (final.c:249) ==12140==  address 0x51fd549 0 bytes after block of size 9 alloc'd ==12140==    @ 0x4c2ab80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12140==    0x400efd: createsortedruns (final.c:150) ==12140==    0x401297: main (final.c:249) ==12140==

the next snippet of program:

  void createsortedruns(int start, int end, char file[]){          file *givenfile = null;         givenfile=fopen(file,"r+b");         rewind(givenfile);         int i=0;         /*printf("file:%s\n",file);         printf("file length:%zu\n",strlen(file));*/         char *temp = (char *)malloc(sizeof(char)*strlen(file));            for(i=start; i<end; i++){             fseek(givenfile,0,seek_cur);             fread(&inputbuffer[act_inputbuffersize],sizeof(int),1,givenfile);             act_inputbuffersize++;              if((act_inputbuffersize==max_inputbuffersize) ||(i==(end-1))){                  //sort                 qsort(inputbuffer,act_inputbuffersize,sizeof(int),compare);                  // write file                  strncpy(temp,file,strlen(file));                   //int k=0;                 char counter[4]={0};                 /*for(k=0;k<4;k++){                     counter[k]=0;                 }*/                   snprintf(counter,5, ".%03d", totalsortedfiles);                 counter[strlen(counter)] = '\0';                 strncat(temp,counter,4);                  file *int_file = null;                 int_file=fopen(temp,"w+b");                 rewind(int_file);                 fwrite(&inputbuffer,sizeof(int),act_inputbuffersize,int_file);                  // register sub_fo  info                 small_fo=register_sub_fo(small_fo,totalsortedfiles,temp, 0 ,act_inputbuffersize,act_inputbuffersize);                   //  increment totalsortedfiles                 totalsortedfiles+=1;                   // reinitialize                             int j=0;                             for(j=0;j<max_inputbuffersize;j++){                                 inputbuffer[j]=0;                             }                             act_inputbuffersize=0;                              int len = strlen(temp);                             temp[len-4] = '\0';                // garbage                             fclose(int_file);                             int_file = null;                }         } //for_end         fclose(givenfile);         givenfile=null;          free(temp);         temp=null;       } // func_end

valgrind showing error @ line "strncat(temp,counter,4);" can please explain me error ?

strncpy function not zero-terminate target buffer if size limit reached during copying. using strncpy in code , reaches size limit

strncpy(temp,file,strlen(file));

this means @ point temp not zero-terminated. temp not string after strncpy call.

after do

strncat(temp,counter,4);

but strncat requires first operand string. in case not string. behavior undefined.

as has been stated many times, strncpy not limited-length string copying function. using such error prone , lame. if can made "work", still not right tool job.

in add-on that, buffer allocated temp cannot accommodate more characters in add-on there after strncpy. buffer allocated strlen(file) characters long.

also, statement not seem create sense @ ll

counter[strlen(counter)] = '\0';

in order strlen work, counter must zero-terminated. so, doing re-terminating counter string @ exact location @ terminated. point of that?

you don't need that. snprintf produced zero-terminated string.

however, snprintf invocation problematic itself.

char counter[4]={0}; snprintf(counter,5, ".%03d", totalsortedfiles);

your counter array declared size 4. passing 5 buffer size snprintf lying snprintf. in general case snprintf go out of bounds. behavior undefined.

the format used in snprintf suggests need buffer of size 5.

c gdb valgrind

My Blog

Friday, 15 April 2011

c - Invalid Read of size 1 on running Valgrind -

No comments:

Post a Comment