Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How serious is the following Memory leak shown by Valgrind

Tags:

c

linux

valgrind

After writing thousands of lines of code I use valgrind and am horrified to see the amount of errors. Was just using GDB before. Most of my errors are with string functions. I post a portion. I understand the error is happening because strlen does not count the trailing NULL whereas strcpy adds it. How serious is it? Do I really need to fix them? I can fix it but worry if that may lead to more errors as my code did not not keep that in mind when I as wriitng it.

Does the strcpy copy the trailing NULL even if the is no space reserved for it?

t.write_length = (strlen("NA\n");/*Line number 116*/
t.data = malloc(strlen("NA\n");/*117*/
strcpy(t.data,"NA\n");/*118*/

Valgrind:

==3287== Invalid write of size 1
==3287==    at 0x400764E: memcpy (mc_replace_strmem.c:497)
==3287==    by 0x804A714: log_txn_commit (Log_manager.c:118)
==3287==    by 0x8049D3C: on_txn_commit (TxFS_manager.c:85)
==3287==    by 0x804939E: handler (Reader.c:139)
==3287==    by 0xBF5F18: start_thread (in /lib/libpthread-2.12.90.so)
==3287==    by 0xB37A2D: clone (in /lib/libc-2.12.90.so)
==3287==  Address 0x403282b is 0 bytes after a block of size 3 alloc'd
==3287==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==3287==    by 0x804A6F5: log_txn_commit (Log_manager.c:117)
==3287==    by 0x8049D3C: on_txn_commit (TxFS_manager.c:85)
==3287==    by 0x804939E: handler (Reader.c:139)
==3287==    by 0xBF5F18: start_thread (in /lib/libpthread-2.12.90.so)
==3287==    by 0xB37A2D: clone (in /lib/libc-2.12.90.so)
like image 667
Lipika Deka Avatar asked Dec 01 '22 02:12

Lipika Deka

1 Answers

It is a serious memory overwrite problem. Your code should be

t.write_length = strlen("NA\n");/*Line number 116*/
t.data = malloc(t.write_length + 1);
strcpy(t.data,"NA\n");

and needs fixing for sure. strcpy() will append the termininating '\0' which there isn't room for.

To avoid overflows, the size of the array pointed by destination shall be long enough to contain the same C string as source (including the terminating null character), and should not overlap in memory with source.

Always take Valgrind's advice seriously!

like image 127
Mitch Wheat Avatar answered Dec 04 '22 12:12

Mitch Wheat
Sign in to Comment

Related questions

C/C++ packing signed char into int
Clear trailing 0's on a double?
Are timers supported by the Windows native API?
Should this C pointer be released?
checking every digit in a number for oddness
Macros to set and clear bits
C/C++ optimization: negate doubles fast
Does endianness have an effect when copying bytes in memory?
Are printf/sprintf compiler warnings a conceptual break?
Object oriented programming in C [duplicate]
How to do the equivalent of "ulimit -n 400" from within C?
Problem using Connect(), send(), recv, with UDP sockets
How to do a backwards search to find the 2nd space/blank and replace it with another string?
Does char array contain string?
Most effective way to store more booleans
Dangers of pointers
Usage of fgets function in C
Should I trust that a short in C will be 2 bytes usually?
Bus error while running a simple string C program [duplicate]
Decoding and matching Chip 8 opcodes in C/C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!