Valgrind says "Invalid read of size 4". What's the problem?

H

hvaisane

Valgrind says

==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)

When this program is run with the command

valgrind --tool=memcheck --leak-check=yes -v ./foo

The complete valgrind output is at the end of this message.

This is not the real program but only the smallest possible
program that shows the error. The real program crashes
with segmentation fault.



=============================
//Compile command: g++ -g -Wall -O0 foo.cc -o foo

#include <vector>
#include <iostream>
#include <cstdlib>

using namespace std;

struct Foo {
double x;
Foo() : x (0) {}
Foo (const double a) : x (a) {}
};


struct Bar {
vector<Foo> foo;
Bar (const Foo &f)
{
foo.push_back (f);
}
};


int main()
{
vector<Bar> bar;

const size_t N = 10;

for (size_t i = 0; i < N; i++) {
bar.push_back (Bar(Foo(i)));
for (size_t j = 0; j < bar.size()-1; j++) {
const Foo &f = bar[j].foo.back();
bar[j].foo.push_back (Foo(j));
cout << f.x << endl; // Line 36.
}
}

return 0;
}
=============================


==11604== Memcheck, a memory error detector for x86-linux.
==11604== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==11604== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Valgrind library directory: /usr/local/lib/valgrind
==11604== Command line
==11604== ./foo
==11604== Startup, with flags:
==11604== --tool=memcheck
==11604== --leak-check=yes
==11604== -v
==11604== Contents of /proc/version:
==11604== Linux version 2.6.10-1.760_FC3smp ([email protected]) (gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)) #1 SMP Wed Feb 2 00:29:03 EST 2005
==11604== Reading syms from /home/hvaisane/foo (0x8048000)
==11604== Reading syms from /lib/ld-2.3.4.so (0x1B8E4000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/stage2 (0xB0000000)
==11604== Reading syms from /lib/ld-2.3.4.so (0xB1000000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/vgskin_memcheck.so (0xB7C91000)
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0xB7EBA000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libdl-2.3.4.so (0xB7FE4000)
==11604== object doesn't have any debug info
==11604== Reading suppressions file: /usr/local/lib/valgrind/default.supp
==11604== REDIRECT soname:libc.so.6(__GI___errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(__res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:libc.so.6(strnlen) to *vgpreload_memcheck.so*(strnlen)
==11604== REDIRECT soname:ld-linux.so.2(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:ld-linux.so.2(strchr) to *vgpreload_memcheck.so*(strchr)
==11604==
==11604== Reading syms from /usr/local/lib/valgrind/vg_inject.so (0x1B8FE000)
==11604== Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck.so (0x1B901000)
==11604== TRANSLATE: 0x1B8F5AE0 redirected to 0x1B90420C
==11604== Reading syms from /usr/lib/libstdc++.so.6.0.3 (0xCAC000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libm-2.3.4.so (0xAA6000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libgcc_s-3.4.2-20041018.so.1 (0xCA2000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0x97A000)
==11604== object doesn't have any debug info
==11604== TRANSLATE: 0xD4D930 redirected to 0x1B904B7B
==11604== TRANSLATE: 0xD4C424 redirected to 0x1B9050CE
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604== TRANSLATE: 0x1B8E47A0 redirected to 0x52BFF040
0
0
1
0
1
2
0
1
2
3
0
1
2
3
4
0
1
2
3
4
5
0
1
2
3
4
5
6
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
8
==11604== TRANSLATE: 0x9DBA70 redirected to 0x1B904F30
==11604==
==11604== ERROR SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== 28 errors in context 1 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== 28 errors in context 2 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
--11604--
--11604-- supp: 15 dl_relocate_object/dl_main
==11604==
==11604== IN SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== malloc/free: in use at exit: 0 bytes in 0 blocks.
==11604== malloc/free: 68 allocs, 68 frees, 2196 bytes allocated.
==11604==
==11604== No malloc'd blocks -- no leaks are possible.
--11604-- TT/TC: 0 tc sectors discarded.
--11604-- 3507 tt_fast misses.
--11604-- translate: new 3329 (61827 -> 812144; ratio 131:10)
--11604-- discard 1 (23 -> 320; ratio 139:10).
--11604-- chainings: 2258 chainings, 2 unchainings.
--11604-- dispatch: 250000 jumps (bb entries); of them 39279 (15%) unchained.
--11604-- 166/3937 major/minor sched events.
--11604-- reg-alloc: 787 t-req-spill, 150297+6325 orig+spill uis,
--11604-- 18341 total-reg-rank
--11604-- sanity: 167 cheap, 7 expensive checks.
--11604-- ccalls: 15511 C calls, 55% saves+restores avoided (50450 bytes)
--11604-- 20825 args, avg 0.87 setup instrs each (5226 bytes)
--11604-- 0% clear the stack (46404 bytes)
--11604-- 5874 retvals, 32% of reg-reg movs avoided (3644 bytes)
 
T

Thomas Maier-Komor

Valgrind says

==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)

When this program is run with the command

valgrind --tool=memcheck --leak-check=yes -v ./foo

The complete valgrind output is at the end of this message.

This is not the real program but only the smallest possible
program that shows the error. The real program crashes
with segmentation fault.



=============================
//Compile command: g++ -g -Wall -O0 foo.cc -o foo

#include <vector>
#include <iostream>
#include <cstdlib>

using namespace std;

struct Foo {
double x;
Foo() : x (0) {}
Foo (const double a) : x (a) {}
};


struct Bar {
vector<Foo> foo;
Bar (const Foo &f)
{
foo.push_back (f);
}
};


int main()
{
vector<Bar> bar;

const size_t N = 10;

for (size_t i = 0; i < N; i++) {
bar.push_back (Bar(Foo(i)));
for (size_t j = 0; j < bar.size()-1; j++) {
const Foo &f = bar[j].foo.back();
bar[j].foo.push_back (Foo(j));
cout << f.x << endl; // Line 36.
}
}

return 0;
}
=============================


==11604== Memcheck, a memory error detector for x86-linux.
==11604== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==11604== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==11604== Valgrind library directory: /usr/local/lib/valgrind
==11604== Command line
==11604== ./foo
==11604== Startup, with flags:
==11604== --tool=memcheck
==11604== --leak-check=yes
==11604== -v
==11604== Contents of /proc/version:
==11604== Linux version 2.6.10-1.760_FC3smp ([email protected]) (gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)) #1 SMP Wed Feb 2 00:29:03 EST 2005
==11604== Reading syms from /home/hvaisane/foo (0x8048000)
==11604== Reading syms from /lib/ld-2.3.4.so (0x1B8E4000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/stage2 (0xB0000000)
==11604== Reading syms from /lib/ld-2.3.4.so (0xB1000000)
==11604== object doesn't have any debug info
==11604== Reading syms from /usr/local/lib/valgrind/vgskin_memcheck.so (0xB7C91000)
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0xB7EBA000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libdl-2.3.4.so (0xB7FE4000)
==11604== object doesn't have any debug info
==11604== Reading suppressions file: /usr/local/lib/valgrind/default.supp
==11604== REDIRECT soname:libc.so.6(__GI___errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__errno_location) to soname:libpthread.so.0(__errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__h_errno_location) to soname:libpthread.so.0(__h_errno_location)
==11604== REDIRECT soname:libc.so.6(__GI___res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(__res_state) to soname:libpthread.so.0(__res_state)
==11604== REDIRECT soname:libc.so.6(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:libc.so.6(strnlen) to *vgpreload_memcheck.so*(strnlen)
==11604== REDIRECT soname:ld-linux.so.2(stpcpy) to *vgpreload_memcheck.so*(stpcpy)
==11604== REDIRECT soname:ld-linux.so.2(strchr) to *vgpreload_memcheck.so*(strchr)
==11604==
==11604== Reading syms from /usr/local/lib/valgrind/vg_inject.so (0x1B8FE000)
==11604== Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck.so (0x1B901000)
==11604== TRANSLATE: 0x1B8F5AE0 redirected to 0x1B90420C
==11604== Reading syms from /usr/lib/libstdc++.so.6.0.3 (0xCAC000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libm-2.3.4.so (0xAA6000)
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/libgcc_s-3.4.2-20041018.so.1 (0xCA2000)
==11604== object doesn't have a symbol table
==11604== object doesn't have any debug info
==11604== Reading syms from /lib/tls/libc-2.3.4.so (0x97A000)
==11604== object doesn't have any debug info
==11604== TRANSLATE: 0xD4D930 redirected to 0x1B904B7B
==11604== TRANSLATE: 0xD4C424 redirected to 0x1B9050CE
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604== TRANSLATE: 0x1B8E47A0 redirected to 0x52BFF040
0
0
1
0
1
2
0
1
2
3
0
1
2
3
4
0
1
2
3
4
5
0
1
2
3
4
5
6
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
8
==11604== TRANSLATE: 0x9DBA70 redirected to 0x1B904F30
==11604==
==11604== ERROR SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== 28 errors in context 1 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABE: main (foo.cc:36)
==11604== Address 0x1B924158 is 0 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
==11604==
==11604== 28 errors in context 2 of 2:
==11604== Invalid read of size 4
==11604== at 0x8048ABB: main (foo.cc:36)
==11604== Address 0x1B92415C is 4 bytes inside a block of size 8 free'd
==11604== at 0x1B90514F: operator delete(void*) (vg_replace_malloc.c:156)
==11604== by 0x804A1BA: __gnu_cxx::new_allocator<Foo>::deallocate(Foo*, unsigned) (new_allocator.h:86)
==11604== by 0x8049C08: std::_Vector_base<Foo, std::allocator<Foo> >::_M_deallocate(Foo*, unsigned) (stl_vector.h:117)
==11604== by 0x80492A0: std::vector<Foo, std::allocator<Foo> >::_M_insert_aux(__gnu_cxx::__normal_iterator<Foo*, std::vector<Foo, std::allocator<Foo> > >, Foo const&) (vector.tcc:264)
--11604--
--11604-- supp: 15 dl_relocate_object/dl_main
==11604==
==11604== IN SUMMARY: 56 errors from 2 contexts (suppressed: 15 from 1)
==11604==
==11604== malloc/free: in use at exit: 0 bytes in 0 blocks.
==11604== malloc/free: 68 allocs, 68 frees, 2196 bytes allocated.
==11604==
==11604== No malloc'd blocks -- no leaks are possible.
--11604-- TT/TC: 0 tc sectors discarded.
--11604-- 3507 tt_fast misses.
--11604-- translate: new 3329 (61827 -> 812144; ratio 131:10)
--11604-- discard 1 (23 -> 320; ratio 139:10).
--11604-- chainings: 2258 chainings, 2 unchainings.
--11604-- dispatch: 250000 jumps (bb entries); of them 39279 (15%) unchained.
--11604-- 166/3937 major/minor sched events.
--11604-- reg-alloc: 787 t-req-spill, 150297+6325 orig+spill uis,
--11604-- 18341 total-reg-rank
--11604-- sanity: 167 cheap, 7 expensive checks.
--11604-- ccalls: 15511 C calls, 55% saves+restores avoided (50450 bytes)
--11604-- 20825 args, avg 0.87 setup instrs each (5226 bytes)
--11604-- 0% clear the stack (46404 bytes)
--11604-- 5874 retvals, 32% of reg-reg movs avoided (3644 bytes)


you create in line 34 an alias to a location, which is not valid anymore
in line 36, because you modify bar[j].foo in line 35.
 
V

Victor Bazarov

Thomas Maier-Komor said:
Valgrind says
[...]


you create in line 34 an alias to a location, which is not valid anymore
in line 36, because you modify bar[j].foo in line 35.

I am just curious: did you have to quote two hundred lines just to add
your two?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,954
Messages
2,570,116
Members
46,704
Latest member
BernadineF

Latest Threads

Top