Re: [ast-developers] Another valgrind hit with multidimensional bool arrays...

Roland Mainz Tue, 11 Jun 2013 14:49:02 -0700

On Tue, Jun 11, 2013 at 11:24 PM, Roland Mainz <[email protected]> wrote:
> Hi!
>
> ----
>
> We found another valgrind (patched as described in
> http://lists.research.att.com/pipermail/ast-developers/2013q2/002574.html)
> hit with multidimensional "bool" arrays (this time embedded in a
> compound variable):
> -- snip --
> $ ~/vg/bin/valgrind --track-origins=yes --redzone-size=4096
> --freelist-vol=5000000 ~/bin/ksh -c 'compound c=(bool -a bl) ; ((
> c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
> )) ; print -v c'
> ==15822== Memcheck, a memory error detector
> ==15822== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
> ==15822== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
> ==15822== Command: /home/test001/bin/ksh -c compound\ c=(bool\ -a\
> bl)\ ;\ ((\ 
> c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true\
> ))\ ;\ print\ -v\ c
> ==15822==
> [snip]
> ==15822== Invalid read of size 8
> ==15822==    at 0x455506: nv_create (name.c:1140)
> ==15822==    by 0x456493: nv_open (name.c:1418)
> ==15822==    by 0x41A738: scope (arith.c:84)
> ==15822==    by 0x41B04E: arith (arith.c:237)
> ==15822==    by 0x46F5CD: arith_exec (streval.c:305)
> ==15822==    by 0x47F608: sh_exec (xec.c:2525)
> ==15822==    by 0x47E2B7: sh_exec (xec.c:2218)
> ==15822==    by 0x40F394: exfile (main.c:599)
> ==15822==    by 0x40E53B: sh_main (main.c:371)
> ==15822==    by 0x40D670: main (pmain.c:45)
> ==15822==  Address 0x5de8680 is 64 bytes inside a block of size 400 free'd
> ==15822==    at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
> ==15822==    by 0x41EE8C: array_grow (array.c:878)
> ==15822==    by 0x4201B3: nv_putsub_20120720 (array.c:1259)
> ==15822==    by 0x42154D: nv_endsubscript (array.c:1609)
> ==15822==    by 0x45504C: nv_create (name.c:1053)
> ==15822==    by 0x456493: nv_open (name.c:1418)
> ==15822==    by 0x41A738: scope (arith.c:84)
> ==15822==    by 0x41B04E: arith (arith.c:237)
> ==15822==    by 0x46F5CD: arith_exec (streval.c:305)
> ==15822==    by 0x47F608: sh_exec (xec.c:2525)
> ==15822==    by 0x47E2B7: sh_exec (xec.c:2218)
> ==15822==    by 0x40F394: exfile (main.c:599)
> ==15822==
> (
>         _Bool -a bl=(
>                 typeset -a [7000]=(
>                         typeset -a [8000]=(
>                                 typeset -a [9000]=(
>                                         typeset -a [10000]=(
>                                                 typeset -a [11000]=(
>                                                         typeset -a [12000]=(
>
> typeset -a [13000]=(
>
>  typeset -a [14000]=(
>
>          [15000]=true
>                                                                         )
>                                                                 )
>                                                         )
>                                                 )
>                                         )
>                                 )
>                         )
>                 )
>         )
> )
> -- snip --
>
> Under "VMALLOC_OPTIONS=abort" control the same issue triggers a SIGSEGV:
> -- snip --
> $ VMALLOC_OPTIONS=abort gdb --args ~/bin/ksh -c 'compound c=(bool -a
> bl) ; (( c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
> )) ; print -v c'
> GNU gdb (GDB) SUSE (7.5.1-2.1.1)
> Copyright (C) 2012 Free Software Foundation, Inc.
> [snip]
> (gdb) run
> Starting program: /home/test001/bin/ksh -c compound\ c=\(bool\ -a\
> bl\)\ \;\ \(\(\
> c.bl\[7000\]\[8000\]\[9000\]\[10000\]\[11000\]\[12000\]\[13000\]\[14000\]\[15000\]=true\
> \)\)\ \;\ print\ -v\ c
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000004fabc0 in dtuserdata (dt=0x0, data=0x0, set=0) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/lib/libast/cdt/dtuser.c:45
> 45                      return asogetptr(&dt->data->user.data);
> (gdb) where
> #0  0x00000000004fabc0 in dtuserdata (dt=0x0, data=0x0, set=0) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/lib/libast/cdt/dtuser.c:45
> #1  0x0000000000412725 in nv_search (name=0x7fa167 <numbuff.7264+7>
> "7000", root=0x0, mode=0)
>     at 
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/nvdisc.c:1057
> #2  0x000000000045551e in nv_create (name=0x2bfffbf25590
> "c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]",
> root=0x2bfffbf28950, flags=1442304,
>     dp=0x7fffffffcdf0) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1140
> #3  0x0000000000456494 in nv_open (name=0x2bfffbf253b2
> "c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]",
> root=0x2bfffbf28950, flags=1442304)
>     at 
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1418
> #4  0x000000000041a739 in scope (np=0x2bfffbf253b2,
> lvalue=0x7fffffffd120, assign=512)
>     at 
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:84
> #5  0x000000000041b04f in arith (ptr=0x7fffffffd168,
> lvalue=0x7fffffffd120, type=1, n=0)
>     at 
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:237
> #6  0x000000000046f5ce in arith_exec (ep=0x2bfffbf25420) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/streval.c:305
> #7  0x000000000047f609 in sh_exec (shp=0x7fa180 <sh>,
> t=0x2bfffbf25400, flags=4) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2525
> #8  0x000000000047e2b8 in sh_exec (shp=0x7fa180 <sh>,
> t=0x2bfffbf25550, flags=5) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2218
> #9  0x000000000040f395 in exfile (shp=0x7fa180 <sh>,
> iop=0x2bfffbf35090, fno=-1) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:599
> #10 0x000000000040e53c in sh_main (ac=3, av=0x7fffffffe1e8,
> userinit=0x0) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:371
> #11 0x000000000040d671 in main (argc=3, argv=0x7fffffffe1e8) at
> /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/pmain.c:45
> (gdb) print dt
> $1 = (Dt_t *) 0x0
> -- snip --


... and here is a related (but different!) valgrind hit which is
triggered when the compound variable sits in a non-|fork()|'ing
subshell:
-- snip --
$ ~/vg/bin/valgrind --track-origins=yes ~/bin/ksh -c '( compound
c=(bool -a bl) ; ((
c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
)) ; ) ; true'
==15898== Memcheck, a memory error detector
==15898== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==15898== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==15898== Command: /home/test001/bin/ksh -c (\ compound\ c=(bool\ -a\
bl)\ ;\ ((\ 
c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true\
))\ ;\ )\ ;\ true
[snip]
==15898== Invalid read of size 8
==15898==    at 0x47340E: nv_restore (subshell.c:316)
==15898==    by 0x47452B: sh_subshell (subshell.c:624)
==15898==    by 0x47D9F1: sh_exec (xec.c:2040)
==15898==    by 0x47E2B7: sh_exec (xec.c:2218)
==15898==    by 0x40F394: exfile (main.c:599)
==15898==    by 0x40E53B: sh_main (main.c:371)
==15898==    by 0x40D670: main (pmain.c:45)
==15898==  Address 0x7feffe0b0 is not stack'd, malloc'd or (recently) free'd
[snip]
-- snip --

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) [email protected]
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)
_______________________________________________
ast-developers mailing list
[email protected]
http://lists.research.att.com/mailman/listinfo/ast-developers

Re: [ast-developers] Another valgrind hit with multidimensional bool arrays...

Reply via email to