在使用Invalid read of size 8时,我无法弄清楚为什么Valgrind正在打印wchar_t。我正在使用valgrind-3.7.0和gcc 4.7.2运行64位Ubuntu(3.5.0-25)系统。
#include <stdio.h>
#include <wchar.h>
#include <stdlib.h>
#include <string.h>
int main()
{
// const wchar_t *text = L"This is a t"; // no Valgrind error
// const wchar_t *text = L"This is a teeeeeeee"; // no Valgrind error
const wchar_t *text = L"This is a test"; // Valgrind ERRROR
wchar_t *new_text = NULL;
new_text = (wchar_t*) malloc( (wcslen(text) + 1) * sizeof(wchar_t));
wcsncpy(new_text, text, wcslen(text));
new_text[wcslen(text)] = L'\0';
printf("new_text: %ls\n", new_text);
free(new_text);
return 0;
}
编译:
$ gcc -g -std=c99 test.c -o test
$ valgrind --tool=memcheck --leak-check=full --track-origins=yes --show-reachable=yes ./test
Valgrind结果:
==19495== Memcheck, a memory error detector
==19495== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19495== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19495== Command: ./test
==19495==
==19495== Invalid read of size 8
==19495== at 0x4ED45A7: wcslen (wcslen.S:55)
==19495== by 0x4ED5C0E: wcsrtombs (wcsrtombs.c:74)
==19495== by 0x4E7D160: vfprintf (vfprintf.c:1630)
==19495== by 0x4E858D8: printf (printf.c:35)
==19495== by 0x4006CC: main (test.c:16)
==19495== Address 0x51f1078 is 56 bytes inside a block of size 60 alloc'd
==19495== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19495== by 0x40066F: main (test.c:12)
==19495==
new_text: This is a test
==19495==
==19495== HEAP SUMMARY:
==19495== in use at exit: 0 bytes in 0 blocks
==19495== total heap usage: 1 allocs, 1 frees, 60 bytes allocated
==19495==
==19495== All heap blocks were freed -- no leaks are possible
==19495==
==19495== For counts of detected and suppressed errors, rerun with: -v
==19495== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
现在,如果我运行相同但使用“工作字符串”,那么就说
const wchar_t *text = L"This is a t"; // no Valgrind error
// const wchar_t *text = L"This is a teeeeeeee"; // no Valgrind error
// const wchar_t *text = L"This is a test"; // Valgrind ERRROR
我没有问题:
==19571== Memcheck, a memory error detector
==19571== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19571== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19571== Command: ./test
==19571==
new_text: This is a t
==19571==
==19571== HEAP SUMMARY:
==19571== in use at exit: 0 bytes in 0 blocks
==19571== total heap usage: 1 allocs, 1 frees, 48 bytes allocated
==19571==
==19571== All heap blocks were freed -- no leaks are possible
==19571==
==19571== For counts of detected and suppressed errors, rerun with: -v
==19571== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
起初我认为字符串大小应该始终是8的倍数(可能有些wcs读取8个块)但是有些情况失败了,那么我认为我必须为NULL终结符{{1添加8个字节它起作用但是没有任何意义,因为((wcslen(item) + 2) * sizeof(wchar_t)) - 在我的系统中 - 是4个字节,应该足以处理sizeof(wchar_t)终结符。
我还阅读了glibc L'\0'源代码但没有新内容。我现在正在考虑Valgrind的问题。你们可以在这里投光吗?是否值得为Valgrind提交错误?
谢谢
答案 0 :(得分:6)
这可能是由wcslen函数的SSE优化引起的;见例如https://bugzilla.redhat.com/show_bug.cgi?id=798968或https://bugs.archlinux.org/task/30643。
优化wcslen时,一次读取多个宽字符并使用矢量化指令(SSE)将它们与L'\0'进行比较会更快。不幸的是,valgrind认为这是一个未初始化的读取 - 它是,但它是无害的,因为wcslen的结果不依赖于未初始化的值。
修复是为了更新valgrind,希望更新的版本能够抑制误报。