This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/48650] New: valgrind: Invalid write of size 8 in build_string (tree.c:1524)
- From: "zsojka at seznam dot cz" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Sun, 17 Apr 2011 13:02:21 +0000
- Subject: [Bug c/48650] New: valgrind: Invalid write of size 8 in build_string (tree.c:1524)
- Auto-submitted: auto-generated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48650
Summary: valgrind: Invalid write of size 8 in build_string
(tree.c:1524)
Product: gcc
Version: 4.7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: zsojka@seznam.cz
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
While building with valgrind checking, one gets many of these errors:
==28100== Invalid write of size 8
==28100== at 0x838128: build_string (string3.h:86)
==28100== by 0x4EE6E3: lex_string (c-lex.c:998)
==28100== by 0x4EF974: c_lex_with_flags (c-lex.c:432)
==28100== by 0x4B517D: c_lex_one_token (c-parser.c:216)
==28100== by 0x4C1834: c_parser_statement_after_labels (c-parser.c:398)
==28100== by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100== by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100== by 0x4C19D1: c_parser_statement_after_labels (c-parser.c:4530)
==28100== by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100== by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100== by 0x4C19D1: c_parser_statement_after_labels (c-parser.c:4530)
==28100== by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100== by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100== by 0x4BFE5E: c_parser_declaration_or_fndef (c-parser.c:1721)
==28100== by 0x4C490D: c_parser_external_declaration (c-parser.c:1334)
==28100== by 0x4C54D7: c_parse_file (c-parser.c:1222)
==28100== by 0x4F31F4: c_common_parse_file (c-opts.c:1092)
==28100== by 0x725A67: toplev_main (toplev.c:579)
==28100== by 0x6222B6C: (below main) (in /lib64/libc-2.11.3.so)
==28100== Address 0x77afe08 is not stack'd, malloc'd or (recently) free'd
==28100==
The problem seems to be that the allocated memory is sometimes smaller than
sizeof struct tree_common:
Breakpoint 5, build_string (len=2, str=0x12ac700 "0") at
/mnt/svn/gcc-trunk/gcc/tree.c:1522
1522 s = ggc_alloc_tree_node (length);
(gdb) p length
$5 = 23
(gdb) p sizeof (struct tree_common)
$15 = 24
so ggc_alloc_tree_node (ggc_internal_alloc_stat) is called with parameter value
23, but memset at tree.c:1524 overwrites 24 bytes.