H
hvaisane
Valgrind says
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
When this program is run with the command
valgrind --tool=memcheck --leak-check=yes -v ./foo
The complete valgrind output is at the end of this message.
This is not the real program but only the smallest possible
program that shows the error. The real program crashes
with segmentation fault.
=============================
//Compile command: g++ -g -Wall -O0 foo.cc -o foo
#include <vector>
#include <iostream>
#include <cstdlib>
using namespace std;
struct Foo {
double x;
Foo() : x (0) {}
Foo (const double a) : x (a) {}
};
struct Bar {
vector<Foo> foo;
Bar (const Foo &f)
{
foo.push_back (f);
}
};
int main()
{
vector<Bar> bar;
const size_t N = 10;
for (size_t i = 0; i < N; i++) {
bar.push_back (Bar(Foo(i)));
for (size_t j = 0; j < bar.size()-1; j++) {
const Foo &f = bar[j].foo.back();
bar[j].foo.push_back (Foo(j));
cout << f.x << endl; // Line 36.
}
}
return 0;
}
=============================
==11604== Memcheck, a memory error detector for x86-linux.
==11604== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==11604== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Valgrind library directory: /usr/local/lib/valgrind
==11604== Command line
==11604== ./foo
==11604== Startup, with flags:
==11604== --tool=memcheck
==11604== --leak-check=yes
==11604== -v
==11604== Contents of /proc/version:
==11604== Linux version 2.6.10-1.760_FC3smp ([email protected]) (gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)) #1 SMP Wed Feb 2 00:29:03 EST 2005
==11604== Reading syms from /home/hvaisane/foo (0x8048000)
==11604== Reading syms from /lib/ld-2.3.4.so (0x1B8E4000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/stage2 (0xB0000000)
==11604== Reading syms from /lib/ld-2.3.4.so (0xB1000000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/vgskin_memcheck.so (0xB7C91000)
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0xB7EBA000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libdl-2.3.4.so (0xB7FE4000)
==11604== object doesn't have any debug info
==11604== Reading suppressions file: /usr/local/lib/valgrind/default.supp
==11604== REDIRECT soname:libc.so.6(__GI___errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(__res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:libc.so.6(strnlen) to *vgpreload_memcheck.so*(strnlen)
==11604== REDIRECT soname:ld-linux.so.2(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:ld-linux.so.2(strchr) to *vgpreload_memcheck.so*(strchr)
==11604==
==11604== Reading syms from /usr/local/lib/valgrind/vg_inject.so (0x1B8FE000)
==11604== Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck.so (0x1B901000)
==11604== TRANSLATE: 0x1B8F5AE0 redirected to 0x1B90420C
==11604== Reading syms from /usr/lib/libstdc++.so.6.0.3 (0xCAC000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libm-2.3.4.so (0xAA6000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libgcc_s-3.4.2-20041018.so.1 (0xCA2000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0x97A000)
==11604== object doesn't have any debug info
==11604== TRANSLATE: 0xD4D930 redirected to 0x1B904B7B
==11604== TRANSLATE: 0xD4C424 redirected to 0x1B9050CE
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604== TRANSLATE: 0x1B8E47A0 redirected to 0x52BFF040
0
0
1
0
1
2
0
1
2
3
0
1
2
3
4
0
1
2
3
4
5
0
1
2
3
4
5
6
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
8
==11604== TRANSLATE: 0x9DBA70 redirected to 0x1B904F30
==11604==
==11604== ERROR SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== 28 errors in context 1 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== 28 errors in context 2 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
--11604--
--11604-- supp: 15 dl_relocate_object/dl_main
==11604==
==11604== IN SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== malloc/free: in use at exit: 0 bytes in 0 blocks.
==11604== malloc/free: 68 allocs, 68 frees, 2196 bytes allocated.
==11604==
==11604== No malloc'd blocks -- no leaks are possible.
--11604-- TT/TC: 0 tc sectors discarded.
--11604-- 3507 tt_fast misses.
--11604-- translate: new 3329 (61827 -> 812144; ratio 131:10)
--11604-- discard 1 (23 -> 320; ratio 139:10).
--11604-- chainings: 2258 chainings, 2 unchainings.
--11604-- dispatch: 250000 jumps (bb entries); of them 39279 (15%) unchained.
--11604-- 166/3937 major/minor sched events.
--11604-- reg-alloc: 787 t-req-spill, 150297+6325 orig+spill uis,
--11604-- 18341 total-reg-rank
--11604-- sanity: 167 cheap, 7 expensive checks.
--11604-- ccalls: 15511 C calls, 55% saves+restores avoided (50450 bytes)
--11604-- 20825 args, avg 0.87 setup instrs each (5226 bytes)
--11604-- 0% clear the stack (46404 bytes)
--11604-- 5874 retvals, 32% of reg-reg movs avoided (3644 bytes)
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
When this program is run with the command
valgrind --tool=memcheck --leak-check=yes -v ./foo
The complete valgrind output is at the end of this message.
This is not the real program but only the smallest possible
program that shows the error. The real program crashes
with segmentation fault.
=============================
//Compile command: g++ -g -Wall -O0 foo.cc -o foo
#include <vector>
#include <iostream>
#include <cstdlib>
using namespace std;
struct Foo {
double x;
Foo() : x (0) {}
Foo (const double a) : x (a) {}
};
struct Bar {
vector<Foo> foo;
Bar (const Foo &f)
{
foo.push_back (f);
}
};
int main()
{
vector<Bar> bar;
const size_t N = 10;
for (size_t i = 0; i < N; i++) {
bar.push_back (Bar(Foo(i)));
for (size_t j = 0; j < bar.size()-1; j++) {
const Foo &f = bar[j].foo.back();
bar[j].foo.push_back (Foo(j));
cout << f.x << endl; // Line 36.
}
}
return 0;
}
=============================
==11604== Memcheck, a memory error detector for x86-linux.
==11604== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==11604== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Valgrind library directory: /usr/local/lib/valgrind
==11604== Command line
==11604== ./foo
==11604== Startup, with flags:
==11604== --tool=memcheck
==11604== --leak-check=yes
==11604== -v
==11604== Contents of /proc/version:
==11604== Linux version 2.6.10-1.760_FC3smp ([email protected]) (gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)) #1 SMP Wed Feb 2 00:29:03 EST 2005
==11604== Reading syms from /home/hvaisane/foo (0x8048000)
==11604== Reading syms from /lib/ld-2.3.4.so (0x1B8E4000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/stage2 (0xB0000000)
==11604== Reading syms from /lib/ld-2.3.4.so (0xB1000000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/vgskin_memcheck.so (0xB7C91000)
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0xB7EBA000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libdl-2.3.4.so (0xB7FE4000)
==11604== object doesn't have any debug info
==11604== Reading suppressions file: /usr/local/lib/valgrind/default.supp
==11604== REDIRECT soname:libc.so.6(__GI___errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(__res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:libc.so.6(strnlen) to *vgpreload_memcheck.so*(strnlen)
==11604== REDIRECT soname:ld-linux.so.2(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:ld-linux.so.2(strchr) to *vgpreload_memcheck.so*(strchr)
==11604==
==11604== Reading syms from /usr/local/lib/valgrind/vg_inject.so (0x1B8FE000)
==11604== Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck.so (0x1B901000)
==11604== TRANSLATE: 0x1B8F5AE0 redirected to 0x1B90420C
==11604== Reading syms from /usr/lib/libstdc++.so.6.0.3 (0xCAC000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libm-2.3.4.so (0xAA6000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libgcc_s-3.4.2-20041018.so.1 (0xCA2000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0x97A000)
==11604== object doesn't have any debug info
==11604== TRANSLATE: 0xD4D930 redirected to 0x1B904B7B
==11604== TRANSLATE: 0xD4C424 redirected to 0x1B9050CE
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604== TRANSLATE: 0x1B8E47A0 redirected to 0x52BFF040
0
0
1
0
1
2
0
1
2
3
0
1
2
3
4
0
1
2
3
4
5
0
1
2
3
4
5
6
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
8
==11604== TRANSLATE: 0x9DBA70 redirected to 0x1B904F30
==11604==
==11604== ERROR SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== 28 errors in context 1 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== 28 errors in context 2 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
--11604--
--11604-- supp: 15 dl_relocate_object/dl_main
==11604==
==11604== IN SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== malloc/free: in use at exit: 0 bytes in 0 blocks.
==11604== malloc/free: 68 allocs, 68 frees, 2196 bytes allocated.
==11604==
==11604== No malloc'd blocks -- no leaks are possible.
--11604-- TT/TC: 0 tc sectors discarded.
--11604-- 3507 tt_fast misses.
--11604-- translate: new 3329 (61827 -> 812144; ratio 131:10)
--11604-- discard 1 (23 -> 320; ratio 139:10).
--11604-- chainings: 2258 chainings, 2 unchainings.
--11604-- dispatch: 250000 jumps (bb entries); of them 39279 (15%) unchained.
--11604-- 166/3937 major/minor sched events.
--11604-- reg-alloc: 787 t-req-spill, 150297+6325 orig+spill uis,
--11604-- 18341 total-reg-rank
--11604-- sanity: 167 cheap, 7 expensive checks.
--11604-- ccalls: 15511 C calls, 55% saves+restores avoided (50450 bytes)
--11604-- 20825 args, avg 0.87 setup instrs each (5226 bytes)
--11604-- 0% clear the stack (46404 bytes)
--11604-- 5874 retvals, 32% of reg-reg movs avoided (3644 bytes)