78729 – not stack'd, malloc'd or free'd, but written to anyway

Bug 78729 - not stack'd, malloc'd or free'd, but written to anyway

Summary: not stack'd, malloc'd or free'd, but written to anyway

Status:	RESOLVED FIXED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	memcheck (show other bugs)
Version:	2.1.1
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-03-30 12:01 UTC by Xavier Bestel
Modified:	2004-05-10 17:20 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Xavier Bestel 2004-03-30 12:01:25 UTC

during a valgrind session I stumbled on that (this is the first error):

==22013== Invalid read of size 1
....
==22013==    Address 0x48C1D128 is not stack'd, malloc'd or free'd


When I attach to gdb at this point, and I examine the content of memory
at 0x48C1D128 (to which a char* is pointing), I find a string which
really seems like it has been written by my program.

How is this possible ? How could my program write to a non stack'd,
malloc'd or free'd address before this point and not been caught by
valgrind ?

Comment 1 Tom Hughes 2004-03-30 12:04:50 UTC

Well it might have valid at the point that you wrote to it. There is a limit to how much freed memory valgrind will hang on to before it starts discarding it and once that happens the memory will probably appear to be neither malloced nor freed.

Comment 2 Xavier Bestel 2004-03-30 13:02:03 UTC

Ok, I've retried with a --freelist-vol=<big_amount_of_mem>, and effectively it now tells me the memory was previously freed. Thanks !

Would it be possible for memcheck to throw a warning when it starts reusing the freed memory pool, to tell the user it's possible subsequent 'not freed' indications may be invalid ?

Comment 3 Nicholas Nethercote 2004-03-30 13:13:05 UTC

I don't think that's the right way to do it;  the default freelist-vol is 1MB,
so any program that frees more than 1MB of heap memory will get that warning --
it would just be noise.

A simpler solution is to change the message to say "not stack'd, malloc'd or (recently) free'd".  Also, it would be good in general to have a section in the manual explaining situations where Valgrind doesn't do as well as it might;
this would be one of them.  How does that sound, Xavier?

Comment 4 Xavier Bestel 2004-03-30 14:05:50 UTC

Well, any program that frees more than freelist-vol of heap memory may get potentially wrong reports. So reporting the warning (only in case of "not freed" error) seems not so noisy to me.
You could also change the message, but make it a bit more explicit (tell the user to perhaps increase freelist-vol), and only when some freed memory has been discarded.

Any way I would agree, and yes a section in the manual explaining why it seems it doesn't work in some cases would help greatly - although I must say I don't reread the whole manual when I upgrade valgrind.

Thank you for your invaluable debugging tool,

         Xav

Comment 5 Nicholas Nethercote 2004-05-10 17:20:47 UTC

I changed it to "(recently) freed", seems like a good compromise.