Version: 2.2.0-2 (using KDE KDE 3.3.1) Installed from: Debian testing/unstable Packages Compiler: gcc-3.3 OS: Linux I've been testing a CORBA program with valgrind, the program works well without valgrind but when I run the program using it I get a crash with the log I've attached. An important point is that I've done the same test without threading support of the CORBA POA and everything seems to work well, valgrind doesn't find any problem in that case. I'm using debian sarge package: Maintainer: Andrés Roldán <aroldan@debian.org> Architecture: i386 Version: 1:2.2.0-2 If it's useful I could upload the example that I've used to carry out the test. valgrind --db-attach=yes --alignment=8 --num-c ==24706== Memcheck, a memory error detector for x86-linux. ==24706== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al. ==24706== Using valgrind-2.2.0, a program supervision framework for x86-linux. ==24706== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al. ==24706== For more details, rerun with: -v ==24706== ==24706== warning: Valgrind's pthread_getschedparam is incomplete ==24706== your program may misbehave as a result ==24706== warning: Valgrind's pthread_attr_getschedparam is incomplete ==24706== your program may misbehave as a result ==24706== warning: Valgrind's pthread_attr_setschedparam does nothing ==24706== (scheduling not changeable) ==24706== your program may misbehave as a result ==24706== warning: Valgrind's pthread_attr_destroy does nothing ==24706== your program may misbehave as a result IOR:010000000d00000049444c3a4563686f3a312e3000000000040000000054424f580000000101+020005000000554e4958000000000e00000061737572616e636574757269780000002a0000002f7+46d702f6f726269742d616c65782f6c696e632d363038322d302d34316238663464393836393763+00000000000000000000003c000000010102000e00000061737572616e6365747572697800ec871+c0000000100000075581804235bd49a2861b7db3c1ccd2401000000f19848e800000000caaedfba+54000000010102002a0000002f746d702f6f726269742d616c65782f6c696e632d363038322d302+d343162386634643938363937630000001c0000000100000075581804235bd49a2861b7db3c1ccd+2401000000f19848e801000000480000000100000002000000050000001c0000000100000075581+804235bd49a2861b7db3c1ccd2401000000f19848e8010000001400000001000000010001050000+00000901010000000000 ==24706== warning: Valgrind's pthread_attr_getschedparam is incomplete ==24706== your program may misbehave as a result ==24706== warning: Valgrind's pthread_attr_setschedparam does nothing ==24706== (scheduling not changeable) ==24706== your program may misbehave as a result ==24706== warning: Valgrind's pthread_attr_destroy does nothing ==24706== your program may misbehave as a result ==24706== warning: Valgrind's pthread_cond_destroy is incomplete ==24706== (it doesn't check if the cond is waited on) ==24706== your program may misbehave as a result ==24706== Thread 3: ==24706== Invalid read of size 1 ==24706== at 0x1BA746B9: _IO_vfprintf (in /lib/tls/libc-2.3.2.so) ==24706== by 0x1BA96262: vasprintf (in /lib/tls/libc-2.3.2.so) ==24706== by 0x1BBED61F: ??? ==24706== Address 0xBED5590C is not stack'd, malloc'd or (recently) free'd ==24706== ==24706== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y starting debugger ==24706== starting debugger with cmd: /usr/bin/gdb -nw /proc/24714/fd/821 24714 GNU gdb 6.1-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux"...Warning: /usr/local/src/jhbuild_installation: No existe el fichero o el directorio. Using host libthread_db library "/lib/tls/libthread_db.so.1". Attaching to program: /proc/24714/fd/821, process 24714 0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6 (gdb) bt #0 0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6 #1 0x1ba96263 in vasprintf () from /lib/tls/libc.so.6 #2 0x00000000 in ?? () #3 0x00000000 in ?? () #4 0x00000000 in ?? () #5 0x1ba003e0 in get_or_allocate_specifics_ptr (thread=3201653004) at vg_libpthread.c:1708 Previous frame inner to this frame (corrupt stack?) (gdb) q The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: /proc/24714/fd/821, process 24714 ==24706== ==24706== Debugger has detached. Valgrind regains control. We continue. ==24706== ==24706== Process terminating with default action of signal 11 (SIGSEGV) ==24706== Access not within mapped region at address 0xBED5590C ==24706== at 0x1BA746B9: _IO_vfprintf (in /lib/tls/libc-2.3.2.so) ==24706== by 0x1BA96262: vasprintf (in /lib/tls/libc-2.3.2.so) ==24706== by 0x1BBED61F: ??? #3 0x00000000 in ?? () #4 0x00000000 in ?? () #5 0x1ba003e0 in get_or_allocate_specifics_ptr (thread=3201653004) at vg_libpthread.c:1708 Previous frame inner to this frame (corrupt stack?) (gdb) q The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: /proc/24714/fd/821, process 24714 ==24706== ==24706== Debugger has detached. Valgrind regains control. We continue. ==24706== ==24706== Process terminating with default action of signal 11 (SIGSEGV) ==24706== Access not within mapped region at address 0xBED5590C ==24706== at 0x1BA746B9: _IO_vfprintf (in /lib/tls/libc-2.3.2.so) ==24706== by 0x1BA96262: vasprintf (in /lib/tls/libc-2.3.2.so) ==24706== by 0x1BBED61F: ??? ==24706== ==24706== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y ==24706== starting debugger with cmd: /usr/bin/gdb -nw /proc/24718/fd/821 24718 GNU gdb 6.1-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux"...Warning: /usr/local/src/jhbuild_installation: No existe el fichero o el directorio. Using host libthread_db library "/lib/tls/libthread_db.so.1". Attaching to program: /proc/24718/fd/821, process 24718 0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6 (gdb) bt #0 0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6 #1 0x1ba96263 in vasprintf () from /lib/tls/libc.so.6 #2 0x00000000 in ?? () #3 0x00000000 in ?? () #4 0x00000000 in ?? () #5 0x1ba003e0 in get_or_allocate_specifics_ptr (thread=3201653004) at vg_libpthread.c:1708 Previous frame inner to this frame (corrupt stack?) (gdb) q The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: /proc/24718/fd/821, process 24718 ==24706== ==24706== Debugger has detached. Valgrind regains control. We continue. ==24706== ==24706== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 27 from 1) ==24706== malloc/free: in use at exit: 41083 bytes in 506 blocks. ==24706== malloc/free: 776 allocs, 270 frees, 225547 bytes allocated. ==24706== For a detailed leak analysis, rerun with: --leak-check=yes ==24706== For counts of detected errors, rerun with: -v Segmentation fault
Created attachment 7997 [details] test program used This is the test program, in order to compile you should run: ./compile It depends on the glib and ORBit-2 libraries, ORBit-2 should be compiled with purify option. In order to execute the test server you should execute: valgrind --db-attach=yes --alignment=8 --num-callers=20 ./echo-server ... IOR:010000000d00000049444c ... ... In order to execute the test client you should execute (copy the IOR from the server log): ./echo-client IOR:010000000d00000049444c ... If you want to test in a non-threaded environment just comment the next two lines on the echo-srv.c file: ORBit_ObjectAdaptor_set_thread_hint ((ORBit_ObjectAdaptor) child_poa, ORBIT_THREAD_HINT_PER_REQUEST);
It looks like you have an invalid memory access in a C library routine, probably triggered by your program passing something invalid to one of the *printf family of routines. I don't see anything to suggest that valgrind is to blame - the stack trace looks corrupt beyond vasprintf so I don't trust the reference to vg_libpthread.c at all and most of the pthread warnings don't look too bad - the cond_destroy one is the most likely to cause problems I would think.
Created attachment 7998 [details] Output from valgrind 2.2.0 with your test case This is the output from valgrind 2.2.0 when I tried your test case. It clearly shows a number of problems with your program ending with the one that you reported which causes it to fail only on my system it has managed to produce a proper stack trace showing where the problem is. The assertion is a minor bug in valgrind but is only happening because your program is accessing a wildly bogus pointer that happens to point at an unallocated part of valgrind's shadow memory area.
Closing as this doesn't seem to be a bug in valgrind.