Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How serious is the following Memory leak shown by Valgrind

Tags:

c

linux

valgrind

After writing thousands of lines of code I use valgrind and am horrified to see the amount of errors. Was just using GDB before. Most of my errors are with string functions. I post a portion. I understand the error is happening because strlen does not count the trailing NULL whereas strcpy adds it. How serious is it? Do I really need to fix them? I can fix it but worry if that may lead to more errors as my code did not not keep that in mind when I as wriitng it.

Does the strcpy copy the trailing NULL even if the is no space reserved for it?

t.write_length = (strlen("NA\n");/*Line number 116*/
t.data = malloc(strlen("NA\n");/*117*/
strcpy(t.data,"NA\n");/*118*/

Valgrind:

==3287== Invalid write of size 1
==3287==    at 0x400764E: memcpy (mc_replace_strmem.c:497)
==3287==    by 0x804A714: log_txn_commit (Log_manager.c:118)
==3287==    by 0x8049D3C: on_txn_commit (TxFS_manager.c:85)
==3287==    by 0x804939E: handler (Reader.c:139)
==3287==    by 0xBF5F18: start_thread (in /lib/libpthread-2.12.90.so)
==3287==    by 0xB37A2D: clone (in /lib/libc-2.12.90.so)
==3287==  Address 0x403282b is 0 bytes after a block of size 3 alloc'd
==3287==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==3287==    by 0x804A6F5: log_txn_commit (Log_manager.c:117)
==3287==    by 0x8049D3C: on_txn_commit (TxFS_manager.c:85)
==3287==    by 0x804939E: handler (Reader.c:139)
==3287==    by 0xBF5F18: start_thread (in /lib/libpthread-2.12.90.so)
==3287==    by 0xB37A2D: clone (in /lib/libc-2.12.90.so)
like image 667
Lipika Deka Avatar asked Dec 01 '22 02:12

Lipika Deka


1 Answers

It is a serious memory overwrite problem. Your code should be

t.write_length = strlen("NA\n");/*Line number 116*/
t.data = malloc(t.write_length + 1);
strcpy(t.data,"NA\n");

and needs fixing for sure. strcpy() will append the termininating '\0' which there isn't room for.

To avoid overflows, the size of the array pointed by destination shall be long enough to contain the same C string as source (including the terminating null character), and should not overlap in memory with source.

Always take Valgrind's advice seriously!

like image 127
Mitch Wheat Avatar answered Dec 04 '22 12:12

Mitch Wheat