https://bugs.kde.org/show_bug.cgi?id=424788
Bug ID: 424788
Summary: Memcheck cannot detect that the dst and src pointers
in the memcpy() related functions overlap.
Product: valgrind
Version: unspecified
Platform: Ubuntu Packages
OS: Other
Status: REPORTED
Severity: normal
Priority: NOR
Component: memcheck
Assignee: jsew...@acm.org
Reporter: 906497...@qq.com
Target Milestone: ---
code:
#include<stdlib.h>
#include<malloc.h>
#include<string.h>
void test()
{
int *p = malloc(sizeof(int)*10);
p[10] = 7;
memcpy(p+1, p, 5);
free(p);
free(p);
int *p1;
p1 = 1;
}
int main(void)
{
test();
return 0;
}
OBSERVED RESULT
==6356== Memcheck, a memory error detector
==6356== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6356== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==6356== Command: ./test
==6356==
==6356== Invalid write of size 4
==6356== at 0x1091AB: test (in /home/alwyn/文档/test)
==6356== by 0x109201: main (in /home/alwyn/文档/test)
==6356== Address 0x4a51068 is 0 bytes after a block of size 40 alloc'd
==6356== at 0x483B7FB: malloc (vg_replace_malloc.c:307)
==6356== by 0x10919E: test (in /home/alwyn/文档/test)
==6356== by 0x109201: main (in /home/alwyn/文档/test)
==6356==
==6356== Invalid free() / delete / delete[] / realloc()
==6356== at 0x483C9FC: free (vg_replace_malloc.c:538)
==6356== by 0x1091E4: test (in /home/alwyn/文档/test)
==6356== by 0x109201: main (in /home/alwyn/文档/test)
==6356== Address 0x4a51040 is 0 bytes inside a block of size 40 free'd
==6356== at 0x483C9FC: free (vg_replace_malloc.c:538)
==6356== by 0x1091D8: test (in /home/alwyn/文档/test)
==6356== by 0x109201: main (in /home/alwyn/文档/test)
==6356== Block was alloc'd at
==6356== at 0x483B7FB: malloc (vg_replace_malloc.c:307)
==6356== by 0x10919E: test (in /home/alwyn/文档/test)
==6356== by 0x109201: main (in /home/alwyn/文档/test)
==6356==
==6356==
==6356== HEAP SUMMARY:
==6356== in use at exit: 0 bytes in 0 blocks
==6356== total heap usage: 1 allocs, 2 frees, 40 bytes allocated
==6356==
==6356== All heap blocks were freed -- no leaks are possible
==6356==
==6356== For lists of detected and suppressed errors, rerun with: -s
==6356== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
EXPECTED RESULT
==28293== Invalid write of size 4
==28293== at 0x8048498: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293== Address 0x41fe050 is 0 bytes after a block of size 40 alloc'd
==28293== at 0x402A298: malloc (vg_replace_malloc.c:299)
==28293== by 0x804848E: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293==
==28293== Source and destination overlap in memcpy(0x41fe02c, 0x41fe028, 5)
==28293== at 0x402E943: memcpy (vg_replace_strmem.c:1019)
==28293== by 0x80484BA: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293==
==28293== Invalid free() / delete / delete[] / realloc()
==28293== at 0x402B305: free (vg_replace_malloc.c:530)
==28293== by 0x80484D0: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293== Address 0x41fe028 is 0 bytes inside a block of size 40 free'd
==28293== at 0x402B305: free (vg_replace_malloc.c:530)
==28293== by 0x80484C5: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293== Block was alloc'd at
==28293== at 0x402A298: malloc (vg_replace_malloc.c:299)
==28293== by 0x804848E: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293==
==28293== Use of uninitialised value of size 4
==28293== at 0x80484D4: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293==
==28293==
==28293== Process terminating with default action of signal 11 (SIGSEGV)
==28293== Bad permissions for mapped region at address 0x40804AD
==28293== at 0x80484D4: test (in /home/ken/work/test)
==28293== by 0x80484E6: main (in /home/ken/work/test)
==28293==
==28293== HEAP SUMMARY:
==28293== in use at exit: 0 bytes in 0 blocks
==28293== total heap usage: 1 allocs, 2 frees, 40 bytes allocated
==28293==
==28293== All heap blocks were freed -- no leaks are possible
==28293==
==28293== For counts of detected and suppressed errors, rerun with: -v
==28293== Use --track-origins=yes to see where uninitialised values come from
==28293== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Ubuntu20.04
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
