Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy
Thanks Pat.Here's the output of otool -v -t checkIs this what is required?Do let me know if I need to disassemble in some other way. ---check:(__TEXT,__text) sectionstart:00010c78 pushq $0x010c7a movq %rsp,%rbp00010c7d andq$0xf0,%rsp00010c81 movq 0x08(%rbp),%rdi00010c85 leaq0x10(%rbp),%rsi00010c89 movl %edi,%edx00010c8b addl$0x01,%edx00010c8e shll $0x03,%edx00010c91 addq%rsi,%rdx00010c94 movq %rdx,%rcx00010c97 jmp 0x10c9d00010c99 addq $0x08,%rcx00010c9d cmpq$0x00,(%rcx)00010ca1jne 0x10c9900010ca3 addq$0x08,%rcx00010ca7 callq 0x10cb400010cac movl%eax,%edi00010cae callq 0x10e5c00010cb3 hlt_main:00010cb4 pushq %rbp00010cb5movq%rsp,%rbp00010cb8 subq $0x20,%rsp00010cbc movl$0x01c8,%edi00010cc1 callq 0x10e6200010cc6 movq%rax,0xf0(%rbp)00010cca movl$0x11d0,%edi00010ccfcallq 0x10e6200010cd4 movq%rax,0xe8(%rbp)00010cd8 movq 0xe8(%rbp),%rdx00010cdc addq$0x0130,%rdx00010ce3 movq0xe8(%rbp),%rcx00010ce7 addq $0x0098,%rcx00010ceemovq0xf0(%rbp),%rax00010cf2 movq0xe8(%rbp),%rsi00010cf6 movq%rax,%r900010cf9 movq%rdx,%r800010cfcmovq%rsi,%rdx00010cff movl$0x0098,%esi00010d04leaq 0x0165(%rip),%rdi00010d0b movl $0x,%eax00010d10callq 0x10e6800010d15 movq$0x,%rax00010d1ccmpq $0xff,%rax00010d20 je 0x10d3e00010d22 movq $0x,%rcx00010d29movq0xf0(%rbp),%rdi00010d2d movl$0x0098,%edx00010d32movl $0x,%esi00010d37callq 0x10e5600010d3c jmp 0x10d5100010d3e movq0xf0(%rbp),%rdi00010d42 movl$0x0098,%edx00010d47movl $0x,%esi00010d4ccallq 0x10df600010d51 movl$0x,0xfc(%rbp)00010d58 movl $0x,0xfc(%rbp)00010d5f jmp 0x10de700010d64 movl0xfc(%rbp),%esi00010d67 leaq 0x012d(%rip),%rdi00010d6e movl $0x,%eax00010d73callq 0x10e6800010d78 movq$0x,%rax00010d7fcmpq $0xff,%rax00010d83 je 0x10daf00010d85 movq $0x,%rcx00010d8cmovl0xfc(%rbp),%eax00010d8f cdqe00010d91imulq $0x0098,%rax,%rax00010d98 movq %rax,%rdi00010d9b addq0xe8(%rbp),%rdi00010d9f movq 0xf0(%rbp),%rsi00010da3 movl$0x01c8,%edx00010da8 callq 0x10e510dad jmp 0x10dd10daf movl0xfc(%rbp),%eax00010db2 cdqe00010db4imulq $0x0098,%rax,%rax00010dbb movq%rax,%rdi00010dbe addq0xe8(%rbp),%rdi00010dc2 movq0xf0(%rbp),%rsi00010dc6 movl$0x01c8,%edx00010dcbcallq 0x10e2200010dd0 movl0xfc(%rbp),%esi00010dd3 leaq 0x00ce(%rip),%rdi00010dda movl $0x,%eax00010ddfcallq 0x10e6800010de4 incl0xfc(%rbp)00010de7 cmpl $0x1a,0xfc(%rbp)00010debjle 0x20d6400010df1 movl0xfc(%rbp),%eax00010df4 leave00010df5 ret___inline_memset_chk:00010df6pushq %rbp00010df7 movq%rsp,%rbp00010dfa subq$0x20,%rsp00010dfe movq%rdi,0xf8(%rbp)00010e02 movl%esi,0xf4(%rbp)00010e05 movq%rdx,0xe8(%rbp)00010e09 movq $0x,%rcx00010e10movq0xe8(%rbp),%rdx00010e14 movl0xf4(%rbp),%esi00010e17 movq0xf8(%rbp),%rdi00010e1b callq 0x10e5600010e20 leave00010e21 ret___inline_memcpy_chk:00010e22pushq %rbp00010e23 movq%rsp,%rbp00010e26 subq$0x20,%rsp00010e2a movq%rdi,0xf8(%rbp)00010e2e movq%rsi,0xf0(%rbp)00010e32 movq%rdx,0xe8(%rbp)00010e36 movq $0x,%rcx00010e3dmovq0xe8(%rbp),%rdx00010e41 movq
Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy
Thanks John!I will probably upgrade my XCode soon. Because my effort failed to reproduce the bad behavior that you see, then the response to a bug report may well be upgrade your XCode/Developer. Unless there is a good reason for insisting on fixing the interaction of valgrind with old versions of Apple code, then upgrade to current version (especially when the upgrade costs no money) is reasonable. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Valgrind-users mailing list Valgrind-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/valgrind-users
Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy
Hmm...I think there's a difference in the environment. For me:About This Mac More Info... System Report... Software Developer: Version: 3.2 (10M2518) Location:/Developer Applications: Xcode: 3.2.6 (1761) Interface Builder:3.2.6 (851) Instruments: 2.7 (3017) Dashcode: 3.0.2 (333) SDKs: Mac OS X: 10.5:(9L31a) 10.6: (10M2518) and for you memcpy is redirected differently: --24112-- REDIR: 0x10015bcbd (memcpy$VARIANT$sse42) redirected to 0x100010ed0 (memmove$VARIANT$sse42) In any case... pardon my questions... I'm still a newbie in this.But can you please explain the discussions between you and Pat? In particular...- Why would memcpy need to read 8 bytes more?- And why would the warning depend on the destination? That is, why am I getting this only in the 2nd iteration and not any other time? Thanks.- Tan Date: Sun, 8 Jul 2012 16:52:57 -0700 From: jrei...@bitwagon.com To: valgrind-users@lists.sourceforge.net Subject: Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy But, I still get the warning even with --partial-loads-ok=yes. Why so? I cannot reproduce that (in particular, I get no complaint from memcheck) with a freshly-built valgrind-3.7.0 in the environment: Darwin host.local 11.4.0 Darwin Kernel Version 11.4.0: Mon Apr 9 19:32:15 PDT 2012; root:xnu-1699.26.8~1/RELEASE_X86_64 x86_64 i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5646) About This Mac More Info... System Report... Software Developer 3.2 (10A432) /Developer 4.3.2 (4E2002)/Applications/Xcode.app ln -s /Developer/SDKs/MacOSX10.6.sdk/usr/include /usr/include CC='gcc -L/Developer/SDKs/MacOSX10.6.sdk/usr/lib' $ valgrind -v ./check ## note no '--partial-loads-ok=yes' ==24112== Memcheck, a memory error detector ==24112== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==24112== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==24112== Command: ./check ==24112== --24112-- Valgrind options: --24112---v --24112-- Contents of /proc/version: --24112-- can't open /proc/version --24112-- Arch and hwcaps: AMD64, amd64-sse3-cx16 --24112-- Page sizes: currently 4096, max supported 4096 --24112-- Valgrind library directory: /Users/jreiser/local/lib/valgrind --24112-- ./check (0x1) --24112--reading syms from primary file (7 20) --24112--dSYM directory is missing; consider using --dsymutil=yes --24112-- /usr/lib/dyld (0x7fff5fc0) --24112--reading syms from primary file (6 1179) --24112-- Reading suppressions file: /Users/jreiser/local/lib/valgrind/default.supp ==24112== embedded gdbserver: reading from /var/folders/0y/vg59c4zd2p593j05mr_dcqchgn/T//vgdb-pipe-from-vgdb-to-24112-by-jreiser-on-??? ==24112== embedded gdbserver: writing to /var/folders/0y/vg59c4zd2p593j05mr_dcqchgn/T//vgdb-pipe-to-vgdb-from-24112-by-jreiser-on-??? ==24112== embedded gdbserver: shared mem /var/folders/0y/vg59c4zd2p593j05mr_dcqchgn/T//vgdb-pipe-shared-mem-vgdb-24112-by-jreiser-on-??? ==24112== ==24112== TO CONTROL THIS PROCESS USING vgdb (which you probably ==24112== don't want to do, unless you know exactly what you're doing, ==24112== or are doing some strange experiment): ==24112== /Users/jreiser/local/lib/valgrind/../../bin/vgdb --pid=24112 ...command... ==24112== ==24112== TO DEBUG THIS PROCESS USING GDB: start GDB like this ==24112== /path/to/gdb ./check ==24112== and then give GDB the following command ==24112== target remote | /Users/jreiser/local/lib/valgrind/../../bin/vgdb --pid=24112 ==24112== --pid is optional if only one valgrind process is running ==24112== --24112-- REDIR: 0x7fff5fc1dfc0 (strcmp) redirected to 0x13804cba0 (???) --24112-- REDIR: 0x7fff5fc1b161 (arc4random) redirected to 0x13804cc3e (???) --24112-- REDIR: 0x7fff5fc20a50 (strlen) redirected to 0x13804cb6f (???) --24112-- REDIR: 0x7fff5fc1c850 (strcpy) redirected to 0x13804cbbc (???) --24112-- REDIR: 0x7fff5fc19f17 (strcat) redirected to 0x13804cb80 (???) --24112-- /Users/jreiser/local/lib/valgrind/vgpreload_core-amd64-darwin.so (0x14000) --24112--reading syms from primary file (3 135) --24112--dSYM= /Users/jreiser/local/lib/valgrind/vgpreload_core-amd64-darwin.so.dSYM/Contents/Resources/DWARF/vgpreload_core-amd64-darwin.so --24112--reading dwarf3 from dsyms file --24112-- /Users/jreiser/local/lib/valgrind/vgpreload_memcheck-amd64-darwin.so (0x1f000) --24112--reading syms from primary file (32 273) --24112--dSYM= /Users/jreiser/local/lib/valgrind/vgpreload_memcheck-amd64-darwin.so.dSYM/Contents/Resources/DWARF/vgpreload_memcheck-amd64-darwin.so --24112--reading dwarf3 from dsyms file --24112-- /usr/lib/libSystem.B.dylib (0x10001d000) --24112--reading syms from primary file (529 439) --24112-- /usr/lib/system/libcache.dylib
Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy
Thanks John and Pat. So what I understand is I can ignore the warning in this case.But, I still get the warning even with --partial-loads-ok=yes. Why so? - Tan Below is the output with --partial-loads-ok=yes:==67529== Memcheck, a memory error detector==67529== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.==67529== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info==67529== Command: ./check==67529== --67529-- Valgrind options:--67529---v--67529----dsymutil=yes--67529-- --partial-loads-ok=yes--67529-- Contents of /proc/version:--67529-- can't open /proc/version--67529-- Arch and hwcaps: AMD64, amd64-sse3-cx16--67529-- Page sizes: currently 4096, max supported 4096--67529-- Valgrind library directory: /Users/tan/Tools/valgrind/install_dir/lib/valgrind--67529-- ./check (0x1)--67529--reading syms from primary file (7 4)--67529-- dSYM= ./check.dSYM/Contents/Resources/DWARF/check--67529-- /usr/lib/dyld (0x7fff5fc0)--67529--reading syms from primary file (6 1186)--67529-- Reading suppressions file: /Users/tan/Tools/valgrind/install_dir/lib/valgrind/default.supp==67529== embedded gdbserver: reading from /var/folders/In/In0K1bIIGmOe2IoRTx-hcE+++TM/-Tmp-//vgdb-pipe-from-vgdb-to-67529-by-tan-on-???==67529== embedded gdbserver: writing to /var/folders/In/In0K1bIIGmOe2IoRTx-hcE+++TM/-Tmp-//vgdb-pipe-to-vgdb-from-67529-by-tan-on-???==67529== embedded gdbserver: shared mem /var/folders/In/In0K1bIIGmOe2IoRTx-hcE+++TM/-Tmp-//vgdb-pipe-shared-mem-vgdb-67529-by-tan-on-???==67529== ==67529== TO CONTROL THIS PROCESS USING vgdb (which you probably==67529== don't want to do, unless you know exactly what you're doing,==67529== or are doing some strange experiment):==67529== /Users/tan/Tools/valgrind/install_dir/lib/valgrind/../../bin/vgdb --pid=67529 ...command...==67529== ==67529== TO DEBUG THIS PROCESS USING GDB: start GDB like this==67529== /path/to/gdb ./check==67529== and then give GDB the following command==67529== target remote | /Users/tan/Tools/valgrind/install_dir/lib/valgrind/../../bin/vgdb --pid=67529==67529== --pid is optional if only one valgrind process is running==67529== --67529-- REDIR: 0x7fff5fc22fb0 (strcmp) redirected to 0x13804cb90 (???)--67529-- REDIR: 0x7fff5fc20693 (arc4random) redirected to 0x13804cc2e (???)--67529-- REDIR: 0x7fff5fc22e90 (strlen) redirected to 0x13804cb5f (???)--67529-- REDIR: 0x7fff5fc22ee0 (strcpy) redirected to 0x13804cbac (???)--67529-- REDIR: 0x7fff5fc2306f (strcat) redirected to 0x13804cb70 (???)--67529-- /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_core-amd64-darwin.so (0x14000)--67529--reading syms from primary file (3 135)--67529-- dSYM= /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_core-amd64-darwin.so.dSYM/Contents/Resources/DWARF/vgpreload_core-amd64-darwin.so--67529-- reading dwarf3 from dsyms file--67529-- /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_memcheck-amd64-darwin.so (0x1f000)--67529--reading syms from primary file (32 273)--67529-- dSYM= /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_memcheck-amd64-darwin.so.dSYM/Contents/Resources/DWARF/vgpreload_memcheck-amd64-darwin.so--67529-- reading dwarf3 from dsyms file--67529-- /usr/lib/libSystem.B.dylib (0x10001d000)--67529--reading syms from primary file (4606 3793)--67529-- REDIR: 0x10001deb4 (memset) redirected to 0x100010c80 (memset)--67529-- REDIR: 0x10001fc5c (malloc) redirected to 0x1000105f7 (malloc)--67529-- REDIR: 0x100020bf0 (strlen) redirected to 0x100010af0 (strlen)--67529-- REDIR: 0x100020280 (strncmp) redirected to 0x100010be0 (strncmp)sizeof(mvk_lruc_kv_t)=152, 0x1002772f0, 0x100277388, 0x100277420, 0x1002770e0at index 0end at index 0at index 1==67529== Invalid read of size 8==67529==at 0x7FE00BAC: ???==67529==by 0x10E4D: __inline_memcpy_chk (in ./check)==67529==by 0x10DCF: main (in ./check)==67529== Address 0x1002772a8 is 0 bytes after a block of size 456 alloc'd==67529==at 0x100010679: malloc (vg_replace_malloc.c:266)==67529== by 0x10CC5: main (in ./check)==67529== end at index 1. Date: Fri, 6 Jul 2012 17:27:29 -0700 From: jrei...@bitwagon.com To: valgrind-users@lists.sourceforge.net Subject: Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy On 07/06/2012 03:37 PM, Patrick J. LoPresti wrote: On Fri, Jul 6, 2012 at 11:45 AM, John Reiser jrei...@bitwagon.com wrote: The compiler has decided to generate inline code for memcpy. This is hard for memcheck to recognize as memcpy. But memcheck does not have to recognize it at all if you use --partial-loads-ok=yes. The problem is that the default memory model in memcheck does
Re: [Valgrind-users] Strange warning for invalid read of size 8 in memcpy
Thanks John! The libc shared library does not seem to mention any version number. I'm on MacOs 10.6.8 on Intel. How do I get the version of libc?Here's what I get from valgrind -v: -==57528== Memcheck, a memory error detector==57528== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.==57528== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info==57528== Command: ./check==57528== --57528-- Valgrind options:--57528---v--57528----dsymutil=yes--57528-- Contents of /proc/version:--57528-- can't open /proc/version--57528-- Arch and hwcaps: AMD64, amd64-sse3-cx16--57528-- Page sizes: currently 4096, max supported 4096--57528-- Valgrind library directory: /Users/tan/Tools/valgrind/install_dir/lib/valgrind--57528-- ./check (0x1)--57528--reading syms from primary file (7 4)--57528-- run: /usr/bin/dsymutil ./checkwarning: no debug symbols in executable (-arch x86_64)--57528--dsyms= ./check.dSYM/Contents/Resources/DWARF/check--57528-- /usr/lib/dyld (0x7fff5fc0)--57528--reading syms from primary file (6 1186)--57528-- Reading suppressions file: /Users/tan/Tools/valgrind/install_dir/lib/valgrind/default.supp==57528== embedded gdbserver: reading from /var/folders/In/In0K1bIIGmOe2IoRTx-hcE+++TM/-Tmp-//vgdb-pipe-from-vgdb-to-57528-by-tan-on-???==57528== embedded gdbserver: writing to /var/folders/In/In0K1bIIGmOe2IoRTx-hcE+++TM/-Tmp-//vgdb-pipe-to-vgdb-from-57528-by-tan-on-???==57528== embedded gdbserver: shared mem /var/folders/In/In0K1bIIGmOe2IoRTx-hcE+++TM/-Tmp-//vgdb-pipe-shared-mem-vgdb-57528-by-tan-on-???==57528== ==57528== TO CONTROL THIS PROCESS USING vgdb (which you probably==57528== don't want to do, unless you know exactly what you're doing,==57528== or are doing some strange experiment):==57528== /Users/tan/Tools/valgrind/install_dir/lib/valgrind/../../bin/vgdb --pid=57528 ...command...==57528== ==57528== TO DEBUG THIS PROCESS USING GDB: start GDB like this==57528== /path/to/gdb ./check==57528== and then give GDB the following command==57528== target remote | /Users/tan/Tools/valgrind/install_dir/lib/valgrind/../../bin/vgdb --pid=57528==57528== --pid is optional if only one valgrind process is running==57528== --57528-- REDIR: 0x7fff5fc22fb0 (strcmp) redirected to 0x13804cb90 (???)--57528-- REDIR: 0x7fff5fc20693 (arc4random) redirected to 0x13804cc2e (???)--57528-- REDIR: 0x7fff5fc22e90 (strlen) redirected to 0x13804cb5f (???)--57528-- REDIR: 0x7fff5fc22ee0 (strcpy) redirected to 0x13804cbac (???)--57528-- REDIR: 0x7fff5fc2306f (strcat) redirected to 0x13804cb70 (???)--57528-- /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_core-amd64-darwin.so (0x14000)--57528--reading syms from primary file (3 135)--57528-- dSYM= /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_core-amd64-darwin.so.dSYM/Contents/Resources/DWARF/vgpreload_core-amd64-darwin.so--57528-- reading dwarf3 from dsyms file--57528-- /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_memcheck-amd64-darwin.so (0x1f000)--57528--reading syms from primary file (32 273)--57528-- dSYM= /Users/tan/Tools/valgrind/install_dir/lib/valgrind/vgpreload_memcheck-amd64-darwin.so.dSYM/Contents/Resources/DWARF/vgpreload_memcheck-amd64-darwin.so--57528-- reading dwarf3 from dsyms file--57528-- /usr/lib/libSystem.B.dylib (0x10001d000)--57528--reading syms from primary file (4606 3793)--57528-- REDIR: 0x10001deb4 (memset) redirected to 0x100010c80 (memset)--57528-- REDIR: 0x10001fc5c (malloc) redirected to 0x1000105f7 (malloc)--57528-- REDIR: 0x100020bf0 (strlen) redirected to 0x100010af0 (strlen)--57528-- REDIR: 0x100020280 (strncmp) redirected to 0x100010be0 (strncmp)sizeof(mvk_lruc_kv_t)=152, 0x1002772f0, 0x100277388, 0x100277420, 0x1002770e0at index 0end at index 0at index 1==57528== Invalid read of size 8==57528==at 0x7FE00BAC: ???==57528==by 0x10E4D: __inline_memcpy_chk (in ./check)==57528==by 0x10DCF: main (in ./check)==57528== Address 0x1002772a8 is 0 bytes after a block of size 456 alloc'd==57528==at 0x100010679: malloc (vg_replace_malloc.c:266)==57528== by 0x10CC5: main (in ./check)==57528== end at index 1at index 2end at index 2at index 3-- some more similar printf outputs pruned here at index 26end at index 26==57528== ==57528== HEAP SUMMARY:==57528== in use at exit: 9,200 bytes in 4 blocks==57528== total heap usage: 4 allocs, 0 frees, 9,200 bytes allocated==57528== ==57528== Searching for pointers to 4 not-freed blocks==57528== Checked 415,728 bytes==57528== ==57528== LEAK SUMMARY:==57528== definitely lost: 5,016 bytes in 2 blocks==57528==indirectly lost: 0 bytes in 0 blocks==57528== possibly lost: 0 bytes in 0 blocks==57528== still reachable: 4,096 bytes in 1 blocks==57528==