This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/48650] New: valgrind: Invalid write of size 8 in build_string (tree.c:1524)

From: "zsojka at seznam dot cz" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Sun, 17 Apr 2011 13:02:21 +0000
Subject: [Bug c/48650] New: valgrind: Invalid write of size 8 in build_string (tree.c:1524)
Auto-submitted: auto-generated

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48650

           Summary: valgrind: Invalid write of size 8 in build_string
                    (tree.c:1524)
           Product: gcc
           Version: 4.7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: zsojka@seznam.cz
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu


While building with valgrind checking, one gets many of these errors:
==28100== Invalid write of size 8
==28100==    at 0x838128: build_string (string3.h:86)
==28100==    by 0x4EE6E3: lex_string (c-lex.c:998)
==28100==    by 0x4EF974: c_lex_with_flags (c-lex.c:432)
==28100==    by 0x4B517D: c_lex_one_token (c-parser.c:216)
==28100==    by 0x4C1834: c_parser_statement_after_labels (c-parser.c:398)
==28100==    by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100==    by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100==    by 0x4C19D1: c_parser_statement_after_labels (c-parser.c:4530)
==28100==    by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100==    by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100==    by 0x4C19D1: c_parser_statement_after_labels (c-parser.c:4530)
==28100==    by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100==    by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100==    by 0x4BFE5E: c_parser_declaration_or_fndef (c-parser.c:1721)
==28100==    by 0x4C490D: c_parser_external_declaration (c-parser.c:1334)
==28100==    by 0x4C54D7: c_parse_file (c-parser.c:1222)
==28100==    by 0x4F31F4: c_common_parse_file (c-opts.c:1092)
==28100==    by 0x725A67: toplev_main (toplev.c:579)
==28100==    by 0x6222B6C: (below main) (in /lib64/libc-2.11.3.so)
==28100==  Address 0x77afe08 is not stack'd, malloc'd or (recently) free'd
==28100== 

The problem seems to be that the allocated memory is sometimes smaller than
sizeof struct tree_common:

Breakpoint 5, build_string (len=2, str=0x12ac700 "0") at
/mnt/svn/gcc-trunk/gcc/tree.c:1522
1522      s = ggc_alloc_tree_node (length);
(gdb) p length
$5 = 23
(gdb) p sizeof (struct tree_common)
$15 = 24

so ggc_alloc_tree_node (ggc_internal_alloc_stat) is called with parameter value
23, but memset at tree.c:1524 overwrites 24 bytes.

Follow-Ups:
- [Bug c/48650] valgrind: Invalid write of size 8 in build_string (tree.c:1524)
  - From: rguenth at gcc dot gnu.org
- [Bug c/48650] valgrind: Invalid write of size 8 in build_string (tree.c:1524)
  - From: rguenth at gcc dot gnu.org
- [Bug c/48650] valgrind: Invalid write of size 8 in build_string (tree.c:1524)
  - From: rguenth at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]