Invalid write of size 4

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Invalid write of size 4

Stefan Sauer-4
hi hi,

can anyone help me to understand the follwing report from
valgrind-2.4.0. Earlier in the report I get stuff like:
Conditional jump or move depends on uninitialised value(s)
Syscall param writev(vector[...]) points to uninitialised byte(s)
Those are always in system libs like libc, ld or pthread.

Then comes this:

DEBUG (0x1bf43368 - 310459:30:26.946383000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [0/7] "Start
Freq"
DEBUG (0x1bf43368 - 310459:30:27.016127000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [0/7] "StartF req"
DEBUG (0x1bf43368 - 310459:30:27.078957000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [1/7] "EndFr eq"
==23367==
==23367== Invalid write of size 4
==23367==    at 0x1B9126F7: bt_machine_new (machine.c:575)
==23367==    by 0x1B927629: bt_source_machine_new (source-machine.c:45)
==23367==    by 0x1B9230E9: bt_song_io_native_load_setup_machines
(song-io-native.c:230)
==23367==    by 0x1B9235AC: bt_song_io_native_load_setup
(song-io-native.c:299)
==23367==    by 0x1B9252A5: bt_song_io_native_real_load
(song-io-native.c:746)
==23367==    by 0x1B921EDB: bt_song_io_load (song-io.c:189)
==23367==    by 0x80499D2: bt_cmd_application_play
(cmd-application.c:103)
==23367==    by 0x8049505: main (bt-cmd.c:55)
==23367==  Address 0x1C10AF84 is 4 bytes inside a block of size 7
alloc'd
==23367==    at 0x1B905E7A: calloc (vg_replace_malloc.c:176)
==23367==    by 0x1BD89CBE: g_malloc0
(in /usr/lib/libglib-2.0.so.0.600.4)
==23367==    by 0x1B927629: bt_source_machine_new (source-machine.c:45)
==23367==    by 0x1B9230E9: bt_song_io_native_load_setup_machines
(song-io-native.c:230)
==23367==    by 0x1B9235AC: bt_song_io_native_load_setup
(song-io-native.c:299)
==23367==    by 0x1B9252A5: bt_song_io_native_real_load
(song-io-native.c:746)
==23367==    by 0x1B921EDB: bt_song_io_load (song-io.c:189)
==23367==    by 0x80499D2: bt_cmd_application_play
(cmd-application.c:103)
==23367==    by 0x8049505: main (bt-cmd.c:55)
DEBUG (0x1bf43368 - 310459:30:27.201295000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [1/7] "EndFre q"
DEBUG (0x1bf43368 - 310459:30:27.367592000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [2/7] "Decay "
DEBUG (0x1bf43368 - 310459:30:27.428693000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [2/7] "Decay"
DEBUG (0x1bf43368 - 310459:30:27.489094000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [3/7] "FreqD
ecay"
DEBUG (0x1bf43368 - 310459:30:27.550750000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [3/7] "FreqDe cay"
DEBUG (0x1bf43368 - 310459:30:27.665047000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [4/7] "Thump "
DEBUG (0x1bf43368 - 310459:30:27.727406000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [4/7] "Thump"
DEBUG (0x1bf43368 - 310459:30:27.790057000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [5/7] "Gain"
DEBUG (0x1bf43368 - 310459:30:27.852316000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [5/7] "Gain"
DEBUG (0x1bf43368 - 310459:30:27.915595000)              bt-core(23367)
machine.c(573):bt_machine_new:     adding global_param [6/7] "Trig"
DEBUG (0x1bf43368 - 310459:30:28.044170000)              bt-core(23367)
machine.c(592):bt_machine_new:     added global_param [6/7] "Trig"

this is the section from machine.c. full source:
http://cvs.sourceforge.net/viewcvs.py/buzztard/buzztard/src/lib/core/machine.c?view=markup
line 757 is 'self->priv->global_names[j]=property->name;'

self->priv->global_names =
(gchar **    )g_new0(gchar   ,self->priv->global_params);
self->priv->global_flags =
(guint *     )g_new0(guint   ,self->priv->global_params);
for(i=j=0;i<number_of_properties;i++) {
  property=properties[i];
  if(property->flags&GST_PARAM_CONTROLLABLE) {
    GST_DEBUG("    adding global_param [%d/%d] \"%s
\"",j,self->priv->global_params,property->name);
    // add global param
    self->priv->global_names[j]=property->name;
    self->priv->global_types[j]=property->value_type;
    ...
    j++;
  }
}

Many thanks,

Stefan
--
http://www.buzztard.org




-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Valgrind-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/valgrind-users
Reply | Threaded
Open this post in threaded view
|

Re: Invalid write of size 4

njn (Bugzilla)-2
On Wed, 1 Jun 2005, Stefan Kost wrote:

> ==23367== Invalid write of size 4
> ==23367==    at 0x1B9126F7: bt_machine_new (machine.c:575)
> ...
> ==23367==  Address 0x1C10AF84 is 4 bytes inside a block of size 7 alloc'd
> ==23367==    at 0x1B905E7A: calloc (vg_replace_malloc.c:176)
> ==23367==    by 0x1BD89CBE: g_malloc0 (in /usr/lib/libglib-2.0.so.0.600.4)
>
> line 757 is 'self->priv->global_names[j]=property->name;'

It looks like self->priv->global_names is a 7 byte array, and you're doing
a 4-byte write to the 5th, 6th, 7th and 8th bytes, which is bad because
the 8th is one past the end of the array.

N


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Valgrind-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/valgrind-users
Reply | Threaded
Open this post in threaded view
|

Re: Invalid write of size 4

jeremy (Bugzilla)
In reply to this post by Stefan Sauer-4
Stefan Kost wrote:

>==23367== Invalid write of size 4
>==23367==    at 0x1B9126F7: bt_machine_new (machine.c:575)
>==23367==    by 0x1B927629: bt_source_machine_new (source-machine.c:45)
>
[...]

>==23367==  Address 0x1C10AF84 is 4 bytes inside a block of size 7
>alloc'd
>==23367==    at 0x1B905E7A: calloc (vg_replace_malloc.c:176)
>==23367==    by 0x1BD89CBE: g_malloc0
>(in /usr/lib/libglib-2.0.so.0.600.4)
>==23367==    by 0x1B927629: bt_source_machine_new (source-machine.c:45)
>
This is pretty obvious.  You allocated 7 bytes, and you're trying to
write 4 bytes offset 4 bytes into this memory: ie, you're writing 8
bytes into a 7 byte allocation, so it's complaining about the byte
hanging off the end.

    J



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Valgrind-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/valgrind-users
Reply | Threaded
Open this post in threaded view
|

Re: Invalid write of size 4

Stefan Sauer-4
In reply to this post by Stefan Sauer-4
hi hi,

bloody stupid me! The line
self->priv->global_names =
   (gchar **    )g_new0(gchar   ,self->priv->global_params);
needs to be
self->priv->global_names =
   (gchar **    )g_new0(gpointer,self->priv->global_params);

What would I do without valgrind and *you*.

Stefan

> hi hi,
>
> can anyone help me to understand the follwing report from
> valgrind-2.4.0. Earlier in the report I get stuff like:
> Conditional jump or move depends on uninitialised value(s)
> Syscall param writev(vector[...]) points to uninitialised byte(s)
> Those are always in system libs like libc, ld or pthread.
>
> Then comes this:
>
> DEBUG (0x1bf43368 - 310459:30:26.946383000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [0/7] "Start
> Freq"
> DEBUG (0x1bf43368 - 310459:30:27.016127000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [0/7] "StartF req"
> DEBUG (0x1bf43368 - 310459:30:27.078957000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [1/7] "EndFr eq"
> ==23367==
> ==23367== Invalid write of size 4
> ==23367==    at 0x1B9126F7: bt_machine_new (machine.c:575)
> ==23367==    by 0x1B927629: bt_source_machine_new (source-machine.c:45)
> ==23367==    by 0x1B9230E9: bt_song_io_native_load_setup_machines
> (song-io-native.c:230)
> ==23367==    by 0x1B9235AC: bt_song_io_native_load_setup
> (song-io-native.c:299)
> ==23367==    by 0x1B9252A5: bt_song_io_native_real_load
> (song-io-native.c:746)
> ==23367==    by 0x1B921EDB: bt_song_io_load (song-io.c:189)
> ==23367==    by 0x80499D2: bt_cmd_application_play
> (cmd-application.c:103)
> ==23367==    by 0x8049505: main (bt-cmd.c:55)
> ==23367==  Address 0x1C10AF84 is 4 bytes inside a block of size 7
> alloc'd
> ==23367==    at 0x1B905E7A: calloc (vg_replace_malloc.c:176)
> ==23367==    by 0x1BD89CBE: g_malloc0
> (in /usr/lib/libglib-2.0.so.0.600.4)
> ==23367==    by 0x1B927629: bt_source_machine_new (source-machine.c:45)
> ==23367==    by 0x1B9230E9: bt_song_io_native_load_setup_machines
> (song-io-native.c:230)
> ==23367==    by 0x1B9235AC: bt_song_io_native_load_setup
> (song-io-native.c:299)
> ==23367==    by 0x1B9252A5: bt_song_io_native_real_load
> (song-io-native.c:746)
> ==23367==    by 0x1B921EDB: bt_song_io_load (song-io.c:189)
> ==23367==    by 0x80499D2: bt_cmd_application_play
> (cmd-application.c:103)
> ==23367==    by 0x8049505: main (bt-cmd.c:55)
> DEBUG (0x1bf43368 - 310459:30:27.201295000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [1/7] "EndFre q"
> DEBUG (0x1bf43368 - 310459:30:27.367592000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [2/7] "Decay "
> DEBUG (0x1bf43368 - 310459:30:27.428693000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [2/7] "Decay"
> DEBUG (0x1bf43368 - 310459:30:27.489094000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [3/7] "FreqD
> ecay"
> DEBUG (0x1bf43368 - 310459:30:27.550750000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [3/7] "FreqDe cay"
> DEBUG (0x1bf43368 - 310459:30:27.665047000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [4/7] "Thump "
> DEBUG (0x1bf43368 - 310459:30:27.727406000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [4/7] "Thump"
> DEBUG (0x1bf43368 - 310459:30:27.790057000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [5/7] "Gain"
> DEBUG (0x1bf43368 - 310459:30:27.852316000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [5/7] "Gain"
> DEBUG (0x1bf43368 - 310459:30:27.915595000)              bt-core(23367)
> machine.c(573):bt_machine_new:     adding global_param [6/7] "Trig"
> DEBUG (0x1bf43368 - 310459:30:28.044170000)              bt-core(23367)
> machine.c(592):bt_machine_new:     added global_param [6/7] "Trig"
>
> this is the section from machine.c. full source:
> http://cvs.sourceforge.net/viewcvs.py/buzztard/buzztard/src/lib/core/machine.c?view=markup
> line 757 is 'self->priv->global_names[j]=property->name;'
>
> self->priv->global_names =
> (gchar **    )g_new0(gchar   ,self->priv->global_params);
> self->priv->global_flags =
> (guint *     )g_new0(guint   ,self->priv->global_params);
> for(i=j=0;i<number_of_properties;i++) {
>   property=properties[i];
>   if(property->flags&GST_PARAM_CONTROLLABLE) {
>     GST_DEBUG("    adding global_param [%d/%d] \"%s
> \"",j,self->priv->global_params,property->name);
>     // add global param
>     self->priv->global_names[j]=property->name;
>     self->priv->global_types[j]=property->value_type;
>     ...
>     j++;
>   }
> }
>
> Many thanks,
>
> Stefan
> --
> http://www.buzztard.org
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> Valgrind-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/valgrind-users



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Valgrind-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/valgrind-users