El día Monday, July 28, 2014 a las 07:11:02AM -0700, John Reiser escribió:
> > ==17454== Conditional jump or move depends on uninitialised value(s) > > ==17454== at 0x5921F10: strchrnul (in /lib/libc-2.11.3.so) > > ==17454== by 0x58E55D6: vfprintf (in /lib/libc-2.11.3.so) > > > the involved fuctions are shown below; the statement in question (see below) > > is > > > > sprintf (select_anw, sel_anw, name, name); <********* > > sisisinst.c:1397 > > > > I have checked carefully the code and the 4 args to sprintf() are > > all correct defined on the stack; when I change the code to: > > > > > > select_anw[0] = '\0'; > > sprintf (select_anw, sel_anw, name, name); > > > > then is valgrind happy, i.e, does not raise the messages any more; > > You say that all 4 args are on the stack. What are their actual addresses? > Run with --db-attach=yes, say 'y' when asked, and use gdb to look around. > > One possibility is that sel_anw (the format string) has been overwritten > because the string being built into select_anw (the buffer) has overflowed. > > Try changing the code to use > snprintf(select_anw, LEN_SELECT, sel_anw, name, name); > which is much safer. Thanks for your hints. Before I will change the code (yes, your proposal is much safer), I will try to understand why valgrind is complaining; I grabbed the gdb and debugged through the code: (gdb) where #0 DB_rdir (tabmodul=0xf6a68170 <sisisinst>, key=2, scroll=1, lock=0, p_daten=0xffffc860) at dbcall.c:1834 #1 0xf6a4cc21 in DB_ChkVer () at dbcall.c:604 #2 0xf6a4d099 in DB_opdbP (mode=1) at dbcall.c:955 #3 0xf6a4cd3a in DB_opdb () at dbcall.c:654 #4 0x0804bf6a in InitVDaemon () at ZFLVDaemon.c:715 #5 0x0804baad in main (argc=1, argv=0xffffce14) at ZFLVDaemon.c:413 (gdb) p &sel_anw $3 = (char (*)[1000]) 0xffffc3c0 sel_anw is an automatic char[1000] area and will now be initialized from some static string 'SELECT1': 1885 strcpy(sel_anw, SELECT1); (gdb) 1887 strcpy(where_anw, WHERE1); (gdb) 'sel_anw' and 'where_anw' both are set correctly: (gdb) p sel_anw $4 = "SELECT rowid, %s.* from %s", '\000' <repeats 46 times> ... (gdb) p where_anw $5 = "%s = :v1", '\000' <repeats 24 times> ... (gdb) p &sel_anw $6 = (char (*)[1000]) 0xffffc3c0 (gdb) p &where_anw $7 = (char (*)[5000]) 0xffffb030 the pointers are passed correctly to sisisinst() function: (gdb) s sisisinst (zugriff=1, scroll=1, lock=0, key=2, sto=-20000, p_daten=0xffffc860, sel_anw=0xffffc3c0 "SELECT rowid, %s.* from %s", where_anw=0xffffb030 "%s = :v1", p_btw_daten=0x0, order_by=0x0, auf_ab=0x0, group_by=0x0, having=0x0, into_temp=0x0, count=0xffffb02c) at sisisinst.c:799 933 case RDIR : db_ret = select_record(scroll, lock, key, (gdb) s and passed further to select_record() function: Breakpoint 2, select_record (scroll=1, lock=0, key=2, sel_anw=0xffffc3c0 "SELECT rowid, %s.* from %s", where_anw=0xffffb030 "%s = :v1", p_daten=0xf6ae04a0 <hrec_sisisinst>, i_between=0, p_oben=0xffffaf30, order_by=0x0, auf_ab=0x0, group_by=0x0, having=0x0, into_temp=0x0, count=0xffffb02c) at sisisinst.c:1353 (gdb) p sel_anw $8 = 0xffffc3c0 "SELECT rowid, %s.* from %s" (gdb) p where_anw $9 = 0xffffb030 "%s = :v1" (gdb) 1396 char *name = TAB_SISISINST; (gdb) this is now the call to sprintf() which was identified by valgrind: 1397 sprintf (select_anw, sel_anw, name, name); (gdb) p name $10 = 0xf6ac8f3e "sisisinst" (gdb) p sel_anw $11 = 0xffffc3c0 "SELECT rowid, %s.* from %s" (gdb) p &select_anw $12 = (char (*)[5000]) 0xffff9ac0 now executing the sprintf() ... (gdb) n 1401 switch (key) the result is fine and the target buffer of sprintf(), the 'select_anw' is corretcly filled: (gdb) p select_anw $13 = "SELECT rowid, sisisinst.* from sisisinst", '\000' <repeats 536 times>, "ALTER SESSION SET NLS_LANGUAGE= 'GERMAN' NLS_TERRITORY= 'GERMANY' NLS_CURRENCY= '??' NLS_ISO_CURRENCY= 'GERMANY' NLS_NUMERIC_CHARACTERS= ',.' NLS_CALEN"... (gdb) p &select_anw $14 = (char (*)[5000]) 0xffff9ac0 All was fine. Why is valgrind complaining? Thanks matthias -- Matthias Apitz | /"\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Valgrind-users mailing list Valgrind-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/valgrind-users