Valgrind usage and error information analysis

Reprinted please indicate the source and the author contact: http://blog.csdn.net/mimepp
Contact information: Yu Tao <yut616 at Sohu dot com>

Here we will record various potential error messages in your application using valgrind and give examples.

Valgrind is often used to find out memory-related errors of your code, which is of great significance for system stability after porting to the embedded system.

Usage

• X86 Platform
• Compile your own application first
• Command line:
  • Valgrind -- log-file = 1 -- tool = memcheck./A. Out

Error Specification
1. There is malloc, but not free

• Code

  #include <stdio.h>
  #include <stdlib.h>
  
  void main()
  {
          char *p = malloc(20);
          sprintf(p, "%s", "test");
          fprintf(stderr, "p:%s/n", p);
  }
  

• Analysis:
  • At the back of the file, there are definitely 20 bytes of lost. As follows:

    ==26512== LEAK SUMMARY:
    ==26512==    definitely lost: 20 bytes in 1 blocks.
    

  • The content described earlier in the file shows that there is one malloc, but it is not free. As follows:

    ==26512== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from 1)
    ==26512== malloc/free: in use at exit: 20 bytes in 1 blocks.
    ==26512== malloc/free: 1 allocs, 0 frees, 20 bytes allocated.
    

2. Free a pointer without malloc

• Code

  void main()
  {
          char p[] = "hello";
          fprintf(stderr, "p:%s/n", p);
          free(p);
  }
  

• Analysis:
  • The back of the file. In general, there is one error, 0 malloc, and 1 free. As follows:

    ==26786== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 11 from 1)
    ==26786== malloc/free: in use at exit: 0 bytes in 0 blocks.
    ==26786== malloc/free: 0 allocs, 1 frees, 0 bytes allocated.
    

  • The content described earlier in the file shows that there is an invalid free. As follows:

    ==26786== Invalid free() / delete / delete[]
    ==26786==    at 0x402265C: free (vg_replace_malloc.c:323)
    ==26786==    by 0x804841F: main (in /home/yutao/test/a.out)
    

3. In the stack, the read is invalid and no error is prompted.

• Code

  Void main ()
  {
  Char P [8] = "hello"; // P on the stack, "hello" in the constant area
  Fprintf (stderr, "P10: % C/N", P [10]);
  }
  

• Analysis:
  • No error is prompted when reading the stack content

    ==27452== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 11 from 1)
    ==27452== malloc/free: in use at exit: 0 bytes in 0 blocks.
    ==27452== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
    

• It is a local variable and is stored in the stack. Since P [10] does not exceed the stack length, no error is prompted?

4. If the heap is invalid, an error is prompted.

• Code

  void main()
  {
          char *p = malloc(8);
          fprintf(stderr, "p10:%c/n", p[10]);
          free(p);
  }
  

• Analysis:
  • When reading the content in the heap, an error is prompted, indicating that the read of 1 byte is invalid. The location is the last 2nd bytes of the 8 byte of malloc.

    ==27744== Invalid read of size 1
    ==27744==    at 0x804842A: main (in /home/yutao/test/a.out)
    ==27744==  Address 0x4190032 is 2 bytes after a block of size 8 alloc'd
    ==27744==    at 0x4022AB8: malloc (vg_replace_malloc.c:207)
    ==27744==    by 0x8048420: main (in /home/yutao/test/a.out)
    ==27744==
    ==27744== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 11 from 1)
    ==27744== malloc/free: in use at exit: 0 bytes in 0 blocks.
    ==27744== malloc/free: 1 allocs, 1 frees, 8 bytes allocated.
    

  • Malloc data is in the heap.

5. Invalid write on the stack

• Code

  void main()
  {
          char p[8] = "hello";
          p[10]='a';
  }
  

• Analysis:
  • An error occurs during running and backtrace is printed.

    *** stack smashing detected ***: ./a.out terminated
    ======= Backtrace: =========
    /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x412d138]
    /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0x412d0f0]
    ./a.out[0x80483d6]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0x4056450]
    ./a.out[0x8048331]
    ======= Memory map: ========
    04000000-0401a000 r-xp 00000000 08:06 682589     /lib/ld-2.7.so
    

  • In general, one error is prompted, with 5 malloc and 0 free.

    ==27918== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 13 from 1)
    ==27918== malloc/free: in use at exit: 892 bytes in 5 blocks.
    ==27918== malloc/free: 5 allocs, 0 frees, 892 bytes allocated.
    ==27918== LEAK SUMMARY:
    ==27918==    definitely lost: 0 bytes in 0 blocks.
    ==27918==      possibly lost: 0 bytes in 0 blocks.
    ==27918==    still reachable: 892 bytes in 5 blocks.
    

  • The error message in front of the file is that there is an invalid read and four bytes are read.

    ==27918== Invalid read of size 4
    ==27918==    at 0x40151F3: (within /lib/ld-2.7.so)
    ==27918==    by 0x4005C69: (within /lib/ld-2.7.so)
    ==27918==    by 0x4007A97: (within /lib/ld-2.7.so)
    ==27918==    by 0x4011543: (within /lib/ld-2.7.so)
    ==27918==    by 0x400D5D5: (within /lib/ld-2.7.so)
    ==27918==    by 0x4010F5D: (within /lib/ld-2.7.so)
    ==27918==    by 0x414E291: (within /lib/tls/i686/cmov/libc-2.7.so)
    ==27918==    by 0x400D5D5: (within /lib/ld-2.7.so)
    ==27918==    by 0x414E454: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.7.so)
    ==27918==    by 0x412A4D8: (within /lib/tls/i686/cmov/libc-2.7.so)
    ==27918==    by 0x412A4D8: (within /lib/tls/i686/cmov/libc-2.7.so)
    ==27918==    by 0x412A669: backtrace (in /lib/tls/i686/cmov/libc-2.7.so)
    ==27918==    by 0x40A3B91: (within /lib/tls/i686/cmov/libc-2.7.so)
    ==27918==  Address 0x4190038 is 16 bytes inside a block of size 19 alloc'd
    

  • The error message in this prompt does not match the information in the code, but it can be known that an error has occurred.

6. Heap stack, invalid write

• Code

  void main()
  {
          char *p = malloc(8);
          p[10]='a';
          free(p);
  }
  

• Analysis:
  • Program running without errors
  • When writing the content in the heap, the log will prompt an error, prompting that the write of 1 byte is invalid. The location is the last 2nd bytes of the 8-byte malloc.

    ==28351== Invalid write of size 1
    ==28351==    at 0x80483CA: main (in /home/yutao/test/a.out)
    ==28351==  Address 0x4190032 is 2 bytes after a block of size 8 alloc'd
    ==28351==    at 0x4022AB8: malloc (vg_replace_malloc.c:207)
    ==28351==    by 0x80483C0: main (in /home/yutao/test/a.out)