El día Monday, July 28, 2014 a las 07:11:02AM -0700, John Reiser escribió:
> > ==17454== Conditional jump or move depends on uninitialised value(s)
> > ==17454== at 0x5921F10: strchrnul (in /lib/libc-2.11.3.so)
> > ==17454== by 0x58E55D6: vfprintf (in /lib/libc-2.11.3.so)
>
> > the involved fuctions are shown below; the statement in question (see below)
> > is
> >
> > sprintf (select_anw, sel_anw, name, name); <*********
> > sisisinst.c:1397
> >
> > I have checked carefully the code and the 4 args to sprintf() are
> > all correct defined on the stack; when I change the code to:
> >
> >
> > select_anw[0] = '\0';
> > sprintf (select_anw, sel_anw, name, name);
> >
> > then is valgrind happy, i.e, does not raise the messages any more;
>
> You say that all 4 args are on the stack. What are their actual addresses?
> Run with --db-attach=yes, say 'y' when asked, and use gdb to look around.
>
> One possibility is that sel_anw (the format string) has been overwritten
> because the string being built into select_anw (the buffer) has overflowed.
>
> Try changing the code to use
> snprintf(select_anw, LEN_SELECT, sel_anw, name, name);
> which is much safer.
Thanks for your hints. Before I will change the code (yes, your proposal is
much safer), I will try to understand why valgrind is complaining;
I grabbed the gdb and debugged through the code:
(gdb) where
#0 DB_rdir (tabmodul=0xf6a68170 <sisisinst>, key=2, scroll=1, lock=0,
p_daten=0xffffc860) at dbcall.c:1834
#1 0xf6a4cc21 in DB_ChkVer () at dbcall.c:604
#2 0xf6a4d099 in DB_opdbP (mode=1) at dbcall.c:955
#3 0xf6a4cd3a in DB_opdb () at dbcall.c:654
#4 0x0804bf6a in InitVDaemon () at ZFLVDaemon.c:715
#5 0x0804baad in main (argc=1, argv=0xffffce14) at ZFLVDaemon.c:413
(gdb) p &sel_anw
$3 = (char (*)[1000]) 0xffffc3c0
sel_anw is an automatic char[1000] area and will now be initialized from
some static string 'SELECT1':
1885 strcpy(sel_anw, SELECT1);
(gdb)
1887 strcpy(where_anw, WHERE1);
(gdb)
'sel_anw' and 'where_anw' both are set correctly:
(gdb) p sel_anw
$4 = "SELECT rowid, %s.* from %s", '\000' <repeats 46 times> ...
(gdb) p where_anw
$5 = "%s = :v1", '\000' <repeats 24 times> ...
(gdb) p &sel_anw
$6 = (char (*)[1000]) 0xffffc3c0
(gdb) p &where_anw
$7 = (char (*)[5000]) 0xffffb030
the pointers are passed correctly to sisisinst() function:
(gdb) s
sisisinst (zugriff=1, scroll=1, lock=0, key=2, sto=-20000, p_daten=0xffffc860,
sel_anw=0xffffc3c0 "SELECT rowid, %s.* from %s", where_anw=0xffffb030 "%s =
:v1", p_btw_daten=0x0,
order_by=0x0, auf_ab=0x0, group_by=0x0, having=0x0, into_temp=0x0,
count=0xffffb02c) at sisisinst.c:799
933 case RDIR : db_ret = select_record(scroll, lock, key,
(gdb) s
and passed further to select_record() function:
Breakpoint 2, select_record (scroll=1, lock=0, key=2, sel_anw=0xffffc3c0
"SELECT rowid, %s.* from %s",
where_anw=0xffffb030 "%s = :v1", p_daten=0xf6ae04a0 <hrec_sisisinst>,
i_between=0, p_oben=0xffffaf30,
order_by=0x0, auf_ab=0x0, group_by=0x0, having=0x0, into_temp=0x0,
count=0xffffb02c) at sisisinst.c:1353
(gdb) p sel_anw
$8 = 0xffffc3c0 "SELECT rowid, %s.* from %s"
(gdb) p where_anw
$9 = 0xffffb030 "%s = :v1"
(gdb)
1396 char *name = TAB_SISISINST;
(gdb)
this is now the call to sprintf() which was identified by valgrind:
1397 sprintf (select_anw, sel_anw, name, name);
(gdb) p name
$10 = 0xf6ac8f3e "sisisinst"
(gdb) p sel_anw
$11 = 0xffffc3c0 "SELECT rowid, %s.* from %s"
(gdb) p &select_anw
$12 = (char (*)[5000]) 0xffff9ac0
now executing the sprintf() ...
(gdb) n
1401 switch (key)
the result is fine and the target buffer of sprintf(), the 'select_anw'
is corretcly filled:
(gdb) p select_anw
$13 = "SELECT rowid, sisisinst.* from sisisinst", '\000' <repeats 536 times>,
"ALTER SESSION SET NLS_LANGUAGE= 'GERMAN' NLS_TERRITORY= 'GERMANY'
NLS_CURRENCY= '??' NLS_ISO_CURRENCY= 'GERMANY' NLS_NUMERIC_CHARACTERS= ',.'
NLS_CALEN"...
(gdb) p &select_anw
$14 = (char (*)[5000]) 0xffff9ac0
All was fine. Why is valgrind complaining?
Thanks
matthias
--
Matthias Apitz | /"\ ASCII Ribbon Campaign:
E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ | X - No proprietary attachments
phone: +49-170-4527211 | / \ - Respect for open standards
| en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Valgrind-users mailing list
Valgrind-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/valgrind-users
