... ==29522== Invalid write of size 4 ==29522== at 0x40B637A: (within /usr/lib/libSDL-1.2.so.0.11.2) ==29522== by 0x818ECB6: DrawImageResampledAdv(SDL_Surface*, SDL_Surface*, int, int, int, int, int, int, int, int) (GfxPrimitives.cpp:895) ==29522== by 0x835CD2E: CMap::UpdateMiniMap(bool) (GfxPrimitives.h:479) ==29522== by 0x836029D: CMap::SetMinimapDimensions(unsigned, unsigned) (CMap.cpp:745) ==29522== by 0x811E398: CClientNetEngine::ParsePrepareGame(CBytestream*) (CClient_Parse.cpp:810) ==29522== by 0x811F852: CClientNetEngineBeta7::ParsePrepareGame(CBytestream*) (CClient_Parse.cpp:991) ==29522== by 0x8121DAD: CClientNetEngineBeta9::ParsePrepareGame(CBytestream*) (CClient_Parse.cpp:1041) ==29522== by 0x812378D: CClientNetEngine::ParsePacket(CBytestream*) (CClient_Parse.cpp:448) ==29522== by 0x8141F33: CClient::ReadPackets() (CClient.cpp:1161) ==29522== by 0x814E309: CClient::Frame() (CClient.cpp:1076) ==29522== by 0x849B69D: DedIntern::Frame_Basic() (DedicatedControl.cpp:1347) ==29522== by 0x8490BD4: DedicatedControl::Menu_Frame() (DedicatedControl.cpp:1532) ==29522== Address 0x1f970f5c is not stack'd, malloc'd or (recently) free'd --29522-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --29522-- si_code=1; Faulting address: 0x35A7194A; sp: 0x66B27E2C valgrind: the 'impossible' happened: Killed by fatal signal ==29522== at 0x380218DE: unlinkBlock (m_mallocfree.c:206) ==29522== by 0x38021F04: vgPlain_arena_malloc (m_mallocfree.c:1202) ==29522== by 0x3800295E: vgMemCheck_new_block (mc_malloc_wrappers.c:195) ==29522== by 0x38002E02: vgMemCheck_malloc (mc_malloc_wrappers.c:226) ==29522== by 0x38036AE3: vgPlain_scheduler (scheduler.c:1269) ==29522== by 0x3804A066: run_a_thread_NORETURN (syswrap-linux.c:89) ==29522== by 0x3804A326: vgModuleLocal_start_thread_NORETURN (syswrap-linux.c:212) ==29522== by 0x38070038: (within /usr/lib/valgrind/x86-linux/memcheck) ==29522== by 0x38075394: myvprintf_int64 (m_debuglog.c:596) ==29522== by 0x42: ??? ==29522== by 0x66B27977: ??? ==29522== by 0xF: ??? sched status: running_tid=9 Thread 1: status = VgTs_WaitSys ==29522== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x839B300: ThreadPool::wait(ThreadPoolItem*, int*) (ThreadPool.cpp:158) ==29522== by 0x810A7A6: main (main.cpp:416) Thread 2: status = VgTs_WaitSys ==29522== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x83D84FA: TaskManager::TaskManager()::QueuedTaskHandler::handle() (TaskManager.cpp:55) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 3: status = VgTs_WaitSys ==29522== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x839AED4: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:100) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 4: status = VgTs_WaitSys ==29522== at 0x40C6F12: pthread_cond_timedwait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x34F74BAF: ??? Thread 5: status = VgTs_WaitSys ==29522== at 0x40CA2F6: (within /lib/libpthread-2.8.so) ==29522== by 0x83D05F8: _ZL21SdlNetEventThreadMainPv (Networking.cpp:193) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 6: status = VgTs_WaitSys ==29522== at 0x40CA2F6: (within /lib/libpthread-2.8.so) ==29522== by 0x83D05F8: _ZL21SdlNetEventThreadMainPv (Networking.cpp:193) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 7: status = VgTs_WaitSys ==29522== at 0x40CA2F6: (within /lib/libpthread-2.8.so) ==29522== by 0x8495CA6: StdinDedInterface::stdinThreadFunc(void*) (DedicatedControl.cpp:457) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 8: status = VgTs_WaitSys ==29522== at 0x40C9AFB: (within /lib/libpthread-2.8.so) ==29522== by 0x84448D3: redi::basic_pstreambuf<char, stlpd_std::char_traits<char> >::underflow() (pstream.h:1628) ==29522== by 0x810B985: stlpd_std::basic_streambuf<char, stlpd_std::char_traits<char> >::uflow() (_streambuf.c:165) ==29522== by 0x81FF732: stlpd_std::basic_istream<char, stlpd_std::char_traits<char> >& stlpd_std::getline<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> >(stlpd_std::basic_istream<char, stlpd_std::char_traits<char> >&, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> >&, char) (_streambuf.h:232) ==29522== by 0x8498B62: ScriptDedInterface::pipeThreadFunc(void*) (_string_io.h:67) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 9: status = VgTs_Runnable ==29522== at 0x40250FA: malloc (vg_replace_malloc.c:207) ==29522== by 0x4B48357: (within /usr/lib/opengl/nvidia/lib/libGL.so.180.44) ==29522== by 0x4446318: operator new[](unsigned) (in /usr/lib/libstlportstlg.so.5.1.5) ==29522== by 0x8386CD4: CWpnRest::sortList() (CWpnRest.cpp:317) ==29522== by 0x8387965: CWpnRest::addWeapon(stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&, int) (CWpnRest.cpp:166) ==29522== by 0x8388303: CWpnRest::updateList(CGameScript*) (CWpnRest.cpp:58) ==29522== by 0x811EAFC: CClientNetEngine::ParsePrepareGame(CBytestream*) (CClient_Parse.cpp:875) ==29522== by 0x811F852: CClientNetEngineBeta7::ParsePrepareGame(CBytestream*) (CClient_Parse.cpp:991) ==29522== by 0x8121DAD: CClientNetEngineBeta9::ParsePrepareGame(CBytestream*) (CClient_Parse.cpp:1041) ==29522== by 0x812378D: CClientNetEngine::ParsePacket(CBytestream*) (CClient_Parse.cpp:448) ==29522== by 0x8141F33: CClient::ReadPackets() (CClient.cpp:1161) ==29522== by 0x814E309: CClient::Frame() (CClient.cpp:1076) ==29522== by 0x849B69D: DedIntern::Frame_Basic() (DedicatedControl.cpp:1347) ==29522== by 0x8490BD4: DedicatedControl::Menu_Frame() (DedicatedControl.cpp:1532) ==29522== by 0x827AAAF: DeprecatedGUI::Menu_Frame() (MenuSystem.cpp:308) ==29522== by 0x827AEBD: DeprecatedGUI::Menu_Loop() (MenuSystem.cpp:385) ==29522== by 0x827B054: DeprecatedGUI::Menu_Start() (MenuSystem.cpp:294) ==29522== by 0x810AB83: _ZL14MainLoopThreadPv (main.cpp:547) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 10: status = VgTs_WaitSys ==29522== at 0x40CA2F6: (within /lib/libpthread-2.8.so) ==29522== by 0x810585C: _ZZL21startMainLockDetectorvEN16MainLockDetector6handleEv (main.cpp:171) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 11: status = VgTs_WaitSys ==29522== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x839A96F: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:76) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 12: status = VgTs_WaitSys ==29522== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x839A96F: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:76) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 13: status = VgTs_WaitSys ==29522== at 0x40CA2F6: (within /lib/libpthread-2.8.so) ==29522== by 0x83BC132: ManagerMain(void*) (FileDownload.cpp:318) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) ... Thread 34: status = VgTs_Yielding ==29522== at 0x40C467A: pthread_mutex_lock (pthread_mutex_lock.c:69) ==29522== by 0x40A37FD: SDL_mutexP (SDL_sysmutex.c:108) ==29522== by 0x83C9DD4: GetTime() (Timer.h:39) ==29522== by 0x84090E1: CHttp::ProcessInternal() (HTTP.cpp:1493) ==29522== by 0x840FB48: HttpThread::run(void*) (HTTP.cpp:314) ==29522== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==29522== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 35: status = VgTs_WaitSys ==29522== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==29522== by 0x839A96F: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:76) ==29522== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==29522== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==29522== by 0x40C315F: start_thread (pthread_create.c:297) ==29522== by 0x4656E2D: clone (in /lib/libc-2.8.so) ... Note: see also the FAQ.txt in the source distribution. It contains workarounds to several common problems. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what Linux distro you are using. Thanks.
Oh, I forgot: this was valgrind 3.3.1. I have similar problems in 3.4.0 and 3.4.1. My system: Linux acompneu 2.6.27-gentoo-r8 #1 SMP Tue Jan 20 21:07:44 CET 2009 i686 Intel(R) Core(TM)2 CPU E8500 @ 3.16GHz GenuineIntel GNU/Linux I use Gentoo and have also filled in a bug at their bugtracker: http://bugs.gentoo.org/show_bug.cgi?id=265285
Another crash from valgrind 3.4.1 (not sure if related but happend at the same time in my app): ... ==7915== ==7915== Invalid read of size 1 ==7915== at 0x4025FEF: memcpy (mc_replace_strmem.c:402) ==7915== by 0x836245E: CMap::CarveHole(int, VectorD2<float>) (GfxPrimitives.h:552) ==7915== by 0x836291A: CarveHole(VectorD2<float>) (CMap.cpp:2989) ==7915== by 0x83C823B: CWorm::readPacketState(CBytestream*, CWorm*) (CWorm_SendRecv.cpp:591) ==7915== by 0x8120853: CClientNetEngine::ParseUpdateWorms(CBytestream*) (CClient_Parse.cpp:1979) ==7915== by 0x812391D: CClientNetEngine::ParsePacket(CBytestream*) (CClient_Parse.cpp:532) ==7915== by 0x8141F33: CClient::ReadPackets() (CClient.cpp:1161) ==7915== by 0x814E309: CClient::Frame() (CClient.cpp:1076) ==7915== by 0x8106A5B: GameLoopFrame() (main.cpp:933) ==7915== by 0x810B224: MainLoopThread(void*) (main.cpp:593) ==7915== by 0x839A721: ThreadPool::start(int (*)(void*), void*, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&)::StaticAction::handle() (ThreadPool.cpp:139) ==7915== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==7915== Address 0x204ba0d7 is 3 bytes after a block of size 396 alloc'd ==7915== at 0x40253BA: malloc (vg_replace_malloc.c:207) ==7915== by 0x4B48357: (within /usr/lib/opengl/nvidia/lib/libGL.so.180.44) ==7915== by 0x40DAB99: IMG_LoadPNG_RW (IMG_png.c:426) ==7915== by 0x40D6D27: IMG_LoadTyped_RW (IMG.c:131) ==7915== by 0x40D6E2E: IMG_Load (IMG.c:73) ==7915== by 0x81951FA: LoadGameImage(stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&, bool) (GfxPrimitives.cpp:2107) ==7915== by 0x824D1D1: Load_Image(SmartPointer<SDL_Surface, NopFunctor<void*> >&, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&) (GfxPrimitives.h:262) ==7915== by 0x8365D9E: CMap::LoadTheme(stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&) (CMap.cpp:429) ==7915== by 0x8366466: CMap::Create(unsigned int, unsigned int, stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&, unsigned int, unsigned int) (CMap.cpp:180) ==7915== by 0x836835E: CMap::Load(stlpd_std::basic_string<char, stlpd_std::char_traits<char>, stlpd_std::allocator<char> > const&) (CMap.cpp:2092) ==7915== by 0x845C5F6: GameServer::StartGame() (CServer.cpp:366) ==7915== by 0x849525A: DedIntern::Cmd_StartGame(DedInterface*) (DedicatedControl.cpp:1003) valgrind: m_mallocfree.c:243 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 185075455, hi = 0. Probably caused by overrunning/underrunning a heap block's bounds. ==7915== at 0x38025F07: report_and_quit (m_libcassert.c:140) ==7915== by 0x380261B4: vgPlain_assert_fail (m_libcassert.c:205) ==7915== by 0x380305E1: vgPlain_arena_free (m_mallocfree.c:240) ==7915== by 0x38049FE1: vgPlain_cli_free (replacemalloc_core.c:110) ==7915== by 0x38001BB0: die_and_free_mem (mc_malloc_wrappers.c:123) ==7915== by 0x380025CC: vgMemCheck_free (mc_malloc_wrappers.c:328) ==7915== by 0x3804C6B9: vgPlain_scheduler (scheduler.c:1303) ==7915== by 0x38060957: run_a_thread_NORETURN (syswrap-linux.c:89) ==7915== by 0x38060C17: vgModuleLocal_start_thread_NORETURN (syswrap-linux.c:212) ==7915== by 0x380939A8: (within /usr/lib/valgrind/x86-linux/memcheck) ==7915== by 0x6690EBC0: ??? ==7915== by 0x380279B2: send_bytes_to_logging_sink (m_libcprint.c:71) ==7915== by 0x3F8: ??? ==7915== by 0x6690EC7C: ??? ==7915== by 0x7F: ??? ==7915== by 0x6690EC7C: ??? ==7915== by 0x75: ??? ==7915== by 0x6690EBE8: ??? ==7915== by 0x38027A39: add_to_myprintf_buf (m_libcprint.c:96) ==7915== by 0x380279FA: add_to_myprintf_buf (m_libcprint.c:91) ==7915== by 0x2: ??? sched status: running_tid=9 Thread 1: status = VgTs_WaitSys ==7915== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==7915== by 0x839B300: ThreadPool::wait(ThreadPoolItem*, int*) (ThreadPool.cpp:158) ==7915== by 0x810A7A6: main (main.cpp:416) Thread 2: status = VgTs_WaitSys ==7915== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==7915== by 0x83D84FA: TaskManager::TaskManager()::QueuedTaskHandler::handle() (TaskManager.cpp:55) ==7915== by 0x839AC56: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:91) ==7915== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==7915== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==7915== by 0x40C315F: start_thread (pthread_create.c:297) ==7915== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 3: status = VgTs_WaitSys ==7915== at 0x40C6BE5: pthread_cond_wait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==7915== by 0x839AED4: ThreadPool::threadWrapper(void*) (ThreadPool.cpp:100) ==7915== by 0x405F5FE: SDL_RunThread (SDL_thread.c:202) ==7915== by 0x40A34A4: RunThread (SDL_systhread.c:47) ==7915== by 0x40C315F: start_thread (pthread_create.c:297) ==7915== by 0x4656E2D: clone (in /lib/libc-2.8.so) Thread 4: status = VgTs_WaitSys ==7915== at 0x40C6F12: pthread_cond_timedwait@@GLIBC_2.3.2 (in /lib/libpthread-2.8.so) ==7915== by 0x28D9E2BF: ??? ...
All these problems appear to have been caused by your program writing to memory it shouldn't be writing to and hence corrupting the heap. Please fix your program (valgrind has supplied some helpful hints about places where it is doing things it shouldn't) and you will almost certainly find that valgrind no longer crashes.