Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

wchar_t valgrind issue - Invalid read of size 8

I'm not able to figure out why Valgrind is printing Invalid read of size 8 when using wchar_t. I'm running a 64bit Ubuntu (3.5.0-25) system with valgrind-3.7.0 and gcc 4.7.2.

#include <stdio.h>
#include <wchar.h>
#include <stdlib.h>
#include <string.h>

int main()
{
    // const wchar_t *text = L"This is a t"; // no Valgrind error
    // const wchar_t *text = L"This is a teeeeeeee"; // no Valgrind error
    const wchar_t *text = L"This is a test"; // Valgrind ERRROR

    wchar_t *new_text = NULL;

    new_text = (wchar_t*) malloc( (wcslen(text) + 1) * sizeof(wchar_t));
    wcsncpy(new_text, text, wcslen(text));
    new_text[wcslen(text)] = L'\0';

    printf("new_text: %ls\n", new_text);

    free(new_text);

    return 0;
}

Compile:

$ gcc -g -std=c99 test.c -o test
$ valgrind --tool=memcheck --leak-check=full --track-origins=yes --show-reachable=yes ./test

Valgrind results:

==19495== Memcheck, a memory error detector
==19495== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19495== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19495== Command: ./test
==19495== 
==19495== Invalid read of size 8
==19495==    at 0x4ED45A7: wcslen (wcslen.S:55)
==19495==    by 0x4ED5C0E: wcsrtombs (wcsrtombs.c:74)
==19495==    by 0x4E7D160: vfprintf (vfprintf.c:1630)
==19495==    by 0x4E858D8: printf (printf.c:35)
==19495==    by 0x4006CC: main (test.c:16)
==19495==  Address 0x51f1078 is 56 bytes inside a block of size 60 alloc'd
==19495==    at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19495==    by 0x40066F: main (test.c:12)
==19495== 
new_text: This is a test
==19495== 
==19495== HEAP SUMMARY:
==19495==     in use at exit: 0 bytes in 0 blocks
==19495==   total heap usage: 1 allocs, 1 frees, 60 bytes allocated
==19495== 
==19495== All heap blocks were freed -- no leaks are possible
==19495== 
==19495== For counts of detected and suppressed errors, rerun with: -v
==19495== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

Now if I run the same but with a 'working string', let's say

const wchar_t *text = L"This is a t"; // no Valgrind error
// const wchar_t *text = L"This is a teeeeeeee"; // no Valgrind error
// const wchar_t *text = L"This is a test"; // Valgrind ERRROR

I get no issue:

==19571== Memcheck, a memory error detector
==19571== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19571== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19571== Command: ./test
==19571== 
new_text: This is a t
==19571== 
==19571== HEAP SUMMARY:
==19571==     in use at exit: 0 bytes in 0 blocks
==19571==   total heap usage: 1 allocs, 1 frees, 48 bytes allocated
==19571== 
==19571== All heap blocks were freed -- no leaks are possible
==19571== 
==19571== For counts of detected and suppressed errors, rerun with: -v
==19571== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

At first I thought the string size should be always be multiple of 8 (maybe some wcs read chunks of 8) but some cases failed, then I thought I'd have to append always 8 bytes for the NULL terminator ((wcslen(item) + 2) * sizeof(wchar_t)), it worked but that doesn't make any sense since sizeof(wchar_t) - in my system - is 4 bytes and should be enough to handle the L'\0' terminator.

I also read the glibc wcslen source code but nothing new. I'm now thinking of Valgrind issue. Do you guys could throw some light here? Does it worth to file a bug against Valgrind?

Thank you

like image 450
Jose Avatar asked Mar 22 '13 14:03

Jose


People also ask

What does invalid read of size mean in Valgrind?

An Invalid read means that the memory location that the process was trying to read is outside of the memory addresses that are available to the process. size 8 means that the process was trying to read 8 bytes. On 64-bit platforms this could be a pointer, but also for example a long int.

Why does Valgrind report that the invalid write is of size 8 be precise?

1 Answer. Show activity on this post. It looks like Valgrind is complaining because you have only allocated 1780 bytes for the PetscObject, and this 8-byte write (starting at byte 1776) is enough to write into memory you didn't allocate.

What is invalid write in Valgrind?

“Invalid write” means that our program tries to write data in a memory zone where it shouldn't. But Valgrind tells you way more than that. It first tells you the size of the written data, which is 1 bytes, and corresponds to the size of a character.


1 Answers

This is probably caused by SSE optimisation of the wcslen function; see e.g. https://bugzilla.redhat.com/show_bug.cgi?id=798968 or https://bugs.archlinux.org/task/30643.

When optimising wcslen, it's faster to read multiple wide characters at a time and use vectorised instructions (SSE) to compare them to L'\0'. Unfortunately valgrind sees this as an uninitialised read - which it is, but it's harmless because the result of wcslen does not depend on the uninitialised value.

The fix is to update valgrind in the hope that a newer version will suppress the false positive.

like image 72
ecatmur Avatar answered Oct 18 '22 05:10

ecatmur