The valgrind reports error when printing allocated strings

Question

The code is here:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
    char* buf = malloc(3);
    strcpy(buf, "hi");
    printf("%s\n", buf);
    free(buf);
}

It's compiled with:

gcc a.c && valgrind ./a.out

The error message is here:

==1421== Memcheck, a memory error detector
==1421== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==1421== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==1421== Command: ./a.out
==1421== 
==1421== Invalid read of size 8
==1421==    at 0x4EA96C1: ??? (in /lib/libc-2.14.1.so)
==1421==    by 0x4E92D3B: puts (in /lib/libc-2.14.1.so)
==1421==    by 0x4005BB: main (in /home/peter/a.out)
==1421==  Address 0x51b4040 is 0 bytes inside a block of size 3 alloc'd
==1421==    at 0x4C2740D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1421==    by 0x400595: main (in /home/peter/a.out)
==1421== 
hi
==1421== 
==1421== HEAP SUMMARY:
==1421==     in use at exit: 0 bytes in 0 blocks
==1421==   total heap usage: 1 allocs, 1 frees, 3 bytes allocated
==1421== 
==1421== All heap blocks were freed -- no leaks are possible
==1421== 
==1421== For counts of detected and suppressed errors, rerun with: -v
==1421== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 6 from 6)

It is also very strange that valgrind reports no more errors if I use the following (just one more space):

printf("%s \n", buf);

Would anyone please help me?

Answer 1

This is a bug, but not reproducible on all machines.

On some machines, gcc optimizes simple printf() with, for example, puts(), which could possibly involve invalid read (or just valgrind thinks so).

If it really matters, you can 'complicate' the printf format. A space between %s and \n would do.

Here is a similar bug: C strings, strlen and Valgrind

This answer combines comments in the discussion. Thank you all!