On Sun, May 27, 2012 at 5:02 AM, Roland Mainz <[email protected]> wrote:
> On Sun, May 27, 2012 at 4:26 AM, Roland Mainz <[email protected]>
> wrote:
>> Below is a valgrind hit found with valgrinds's stack check tool
>> ("exp-sgcheck" - this tool checks stack+static variables... the
>> previous reports about valgrind issues were done with the heap checker
>> called "memcheck").
>>
>> After some hours of checking we only found one hit in ast-ksh.2012-05-18:
>> -- snip --
>> $ valgrind --tool=exp-sgcheck --trace-children=yes --read-var-info=yes
>> --num-callers=50 ...
>> [snip]
>> ==15591== Invalid read of size 1
>> ==15591== at 0x548B49: sfvprintf (sfvprintf.c:755)
>> ==15591== by 0x53C4EB: sfvsprintf (sfprintf.c:75)
>> ==15591== by 0x53C625: sfsprintf (sfprintf.c:115)
>> ==15591== by 0x4DF165: _ast_pathtemp (pathtemp.c:322)
>> ==15591== by 0x5453F2: _tmpfd (sftmp.c:210)
>> ==15591== by 0x5455BD: _tmpexcept (sftmp.c:311)
>> ==15591== by 0x535DE5: sfdisc (sfdisc.c:203)
>> ==15591== by 0x478D17: sh_subtmpfile (subshell.c:124)
>> ==15591== by 0x482213: sh_exec (xec.c:1575)
>> ==15591== by 0x47A5B2: sh_subshell (subshell.c:583)
>> ==15591== by 0x456516: comsubst (macro.c:2132)
>> ==15591== by 0x452202: varsub (macro.c:1163)
>> ==15591== by 0x450777: copyto (macro.c:633)
>> ==15591== by 0x44EF32: sh_macexpand (macro.c:246)
>> ==15591== by 0x44FB97: sh_macpat (macro.c:424)
>> ==15591== by 0x486909: sh_exec (xec.c:2824)
>> ==15591== by 0x485646: sh_exec (xec.c:2493)
>> ==15591== by 0x418956: exfile (main.c:600)
>> ==15591== by 0x417B40: sh_main (main.c:373)
>> ==15591== by 0x416C28: main (pmain.c:45)
>> ==15591== Address 0x7feffdbe8 expected vs actual:
>> ==15591== Expected: unknown
>> ==15591== Actual: stack array "keybuf" of size 16 in frame 3 back from
>> here
>> -- snip --
>
> Grumpf... I was too fast when I said "... only one hit was found..."
> ... here is a 2nd one about the global (in this case this means
> |static|) variable |numbuff|:
> -- snip --
> ==2587== exp-sgcheck, a stack and global array overrun detector
> ==2587== NOTE: This is an Experimental-Class Valgrind Tool
> ==2587== Copyright (C) 2003-2011, and GNU GPL'd, by OpenWorks Ltd et al.
> ==2587== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
> ==2587== Command:
> /home/test001/work/ast_ksh_20120518/build_normal_64bit_mamfilefix/arch/linux.i386/src/cmd/ksh93/ksh
> -o nounset -o errexit -c compound\ -a\ c\ ;\ typeset\ -lX\ -a\
> c[17][19].z=(\ [1]=90\ )\ ;\ \ \ \ \ \ \ \ \ \ \ \ \ function\ x\ {\
> nameref\ nz=$1\ ;\ \ \ \ \ \ \ \ \ \ \ \ \ \ print\ "\ $((\ round(nz)\
> ))==$((\ round($nz)\ ))"\ ;\ }\ ;\ x\ c[17][19].z[1]
> ==2587== Parent PID: 16925
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EB35D3: nv_setlist (name.c:375)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EB35D3: nv_setlist (name.c:375)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237775 expected vs actual:
> ==2587== Expected: unknown
> ==2587== Actual: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4E71ADC: newnode (nvdisc.c:832)
> ==2587== by 0x4E726F7: nv_search (nvdisc.c:1077)
> ==2587== by 0x4EB6393: nv_create (name.c:1155)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EB35D3: nv_setlist (name.c:375)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4C29488: memcpy (h_intercepts.c:272)
> ==2587== by 0x4E71B27: newnode (nvdisc.c:836)
> ==2587== by 0x4E726F7: nv_search (nvdisc.c:1077)
> ==2587== by 0x4EB6393: nv_create (name.c:1155)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EB35D3: nv_setlist (name.c:375)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EB4418: nv_setlist (name.c:602)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EB4258: nv_setlist (name.c:568)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EB4418: nv_setlist (name.c:602)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EB4258: nv_setlist (name.c:568)
> ==2587== by 0x4EDB7F1: sh_exec (xec.c:1184)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237775 expected vs actual:
> ==2587== Expected: unknown
> ==2587== Actual: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4E68DAB: setall (typeset.c:640)
> ==2587== by 0x4E6830D: b_typeset (typeset.c:457)
> ==2587== by 0x4EDC5B6: sh_exec (xec.c:1367)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4E68DAB: setall (typeset.c:640)
> ==2587== by 0x4E6830D: b_typeset (typeset.c:457)
> ==2587== by 0x4EDC5B6: sh_exec (xec.c:1367)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237775 expected vs actual:
> ==2587== Expected: unknown
> ==2587== Actual: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EBC91E: nv_setref (name.c:3369)
> ==2587== by 0x4E698DC: setall (typeset.c:828)
> ==2587== by 0x4E6830D: b_typeset (typeset.c:457)
> ==2587== by 0x4EDC5B6: sh_exec (xec.c:1367)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4EE3B41: sh_funscope (xec.c:3409)
> ==2587== by 0x4EE41C9: sh_funct (xec.c:3493)
> ==2587== by 0x4EDD04C: sh_exec (xec.c:1533)
> ==2587== by 0x4EDF390: sh_exec (xec.c:2181)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4EB5F6D: nv_create (name.c:1084)
> ==2587== by 0x4EB71B1: nv_open (name.c:1414)
> ==2587== by 0x4EBC91E: nv_setref (name.c:3369)
> ==2587== by 0x4E698DC: setall (typeset.c:828)
> ==2587== by 0x4E6830D: b_typeset (typeset.c:457)
> ==2587== by 0x4EDC5B6: sh_exec (xec.c:1367)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4EE3B41: sh_funscope (xec.c:3409)
> ==2587== by 0x4EE41C9: sh_funct (xec.c:3493)
> ==2587== by 0x4EDD04C: sh_exec (xec.c:1533)
> ==2587== by 0x4EDF390: sh_exec (xec.c:2181)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237775 expected vs actual:
> ==2587== Expected: unknown
> ==2587== Actual: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4F56A1F: _ast_strdup (strdup.c:59)
> ==2587== by 0x4EBCE13: nv_setref (name.c:3453)
> ==2587== by 0x4E698DC: setall (typeset.c:828)
> ==2587== by 0x4E6830D: b_typeset (typeset.c:457)
> ==2587== by 0x4EDC5B6: sh_exec (xec.c:1367)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4EE3B41: sh_funscope (xec.c:3409)
> ==2587== by 0x4EE41C9: sh_funct (xec.c:3493)
> ==2587== by 0x4EDD04C: sh_exec (xec.c:1533)
> ==2587== by 0x4EDF390: sh_exec (xec.c:2181)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587== Invalid read of size 1
> ==2587== at 0x4C29488: memcpy (h_intercepts.c:272)
> ==2587== by 0x4F56A5C: _ast_strdup (strdup.c:59)
> ==2587== by 0x4EBCE13: nv_setref (name.c:3453)
> ==2587== by 0x4E698DC: setall (typeset.c:828)
> ==2587== by 0x4E6830D: b_typeset (typeset.c:457)
> ==2587== by 0x4EDC5B6: sh_exec (xec.c:1367)
> ==2587== by 0x4EDF35C: sh_exec (xec.c:2177)
> ==2587== by 0x4EE3B41: sh_funscope (xec.c:3409)
> ==2587== by 0x4EE41C9: sh_funct (xec.c:3493)
> ==2587== by 0x4EDD04C: sh_exec (xec.c:1533)
> ==2587== by 0x4EDF390: sh_exec (xec.c:2181)
> ==2587== by 0x4E6EE0E: exfile (main.c:600)
> ==2587== by 0x4E6DFF8: sh_main (main.c:373)
> ==2587== by 0x400698: main (pmain.c:45)
> ==2587== Address 0x5237777 expected vs actual:
> ==2587== Expected: global array "numbuff" of size 7 in object with
> soname "NONE"
> ==2587== Actual: unknown
> ==2587== Actual: is 0 after Expected
> ==2587==
> ==2587==
> ==2587== ERROR SUMMARY: 16 errors from 12 contexts (suppressed: 531 from 275)
> -- snip --
... and here is the next one:
-- snip --
==22003== exp-sgcheck, a stack and global array overrun detector
==22003== NOTE: This is an Experimental-Class Valgrind Tool
==22003== Copyright (C) 2003-2011, and GNU GPL'd, by OpenWorks Ltd et al.
==22003== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==22003== Command:
/home/test001/work/ast_ksh_20120518/build_normal_64bit_mamfilefix/arch/linux.i386/src/cmd/ksh93/ksh
-c A_t\ a;\ print\ ${a.b.n}
==22003== Parent PID: 21988
==22003==
==22003== Invalid read of size 1
==22003== at 0x4EA22F6: sh_lex (lex.c:387)
==22003== by 0x4EC6035: simple (parse.c:1493)
==22003== by 0x4EC4C51: assign (parse.c:1062)
==22003== by 0x4EC61B6: simple (parse.c:1529)
==22003== by 0x4EC59B9: item (parse.c:1351)
==22003== by 0x4EC2DFF: term (parse.c:577)
==22003== by 0x4EC2CE3: list (parse.c:547)
==22003== by 0x4EC2B79: sh_cmd (parse.c:497)
==22003== by 0x4EC2754: sh_parse (parse.c:386)
==22003== by 0x4ED931F: sh_eval (xec.c:576)
==22003== by 0x4EC9A46: funload (path.c:631)
==22003== by 0x4ECA05F: path_search (path.c:722)
==22003== by 0x4EC4B71: assign (parse.c:1044)
==22003== by 0x4EC61B6: simple (parse.c:1529)
==22003== by 0x4EC59B9: item (parse.c:1351)
==22003== by 0x4EC2DFF: term (parse.c:577)
==22003== by 0x4EC2CE3: list (parse.c:547)
==22003== by 0x4EC2B79: sh_cmd (parse.c:497)
==22003== by 0x4EC2754: sh_parse (parse.c:386)
==22003== by 0x4ED931F: sh_eval (xec.c:576)
==22003== by 0x4EC9A46: funload (path.c:631)
==22003== by 0x4ECA05F: path_search (path.c:722)
==22003== by 0x4EDBB60: sh_exec (xec.c:1242)
==22003== by 0x4EDF35C: sh_exec (xec.c:2177)
==22003== by 0x4E6EE0E: exfile (main.c:600)
==22003== by 0x4E6DFF8: sh_main (main.c:373)
==22003== by 0x400698: main (pmain.c:45)
==22003== Address 0x7fefde649 expected vs actual:
==22003== Expected: unknown
==22003== Actual: stack array "buff" of size 65,537 in frame 10
back from here
-- snip --
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) [email protected]
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
_______________________________________________
ast-developers mailing list
[email protected]
https://mailman.research.att.com/mailman/listinfo/ast-developers
