8

我无法弄清楚为什么 ValgrindInvalid read of size 8在使用wchar_t. 我正在运行带有 valgrind-3.7.0 和 gcc 4.7.2 的 64 位 Ubuntu (3.5.0-25) 系统。

#include <stdio.h>
#include <wchar.h>
#include <stdlib.h>
#include <string.h>

int main()
{
    // const wchar_t *text = L"This is a t"; // no Valgrind error
    // const wchar_t *text = L"This is a teeeeeeee"; // no Valgrind error
    const wchar_t *text = L"This is a test"; // Valgrind ERRROR

    wchar_t *new_text = NULL;

    new_text = (wchar_t*) malloc( (wcslen(text) + 1) * sizeof(wchar_t));
    wcsncpy(new_text, text, wcslen(text));
    new_text[wcslen(text)] = L'\0';

    printf("new_text: %ls\n", new_text);

    free(new_text);

    return 0;
}

编译:

$ gcc -g -std=c99 test.c -o test
$ valgrind --tool=memcheck --leak-check=full --track-origins=yes --show-reachable=yes ./test

Valgrind 结果:

==19495== Memcheck, a memory error detector
==19495== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19495== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19495== Command: ./test
==19495== 
==19495== Invalid read of size 8
==19495==    at 0x4ED45A7: wcslen (wcslen.S:55)
==19495==    by 0x4ED5C0E: wcsrtombs (wcsrtombs.c:74)
==19495==    by 0x4E7D160: vfprintf (vfprintf.c:1630)
==19495==    by 0x4E858D8: printf (printf.c:35)
==19495==    by 0x4006CC: main (test.c:16)
==19495==  Address 0x51f1078 is 56 bytes inside a block of size 60 alloc'd
==19495==    at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19495==    by 0x40066F: main (test.c:12)
==19495== 
new_text: This is a test
==19495== 
==19495== HEAP SUMMARY:
==19495==     in use at exit: 0 bytes in 0 blocks
==19495==   total heap usage: 1 allocs, 1 frees, 60 bytes allocated
==19495== 
==19495== All heap blocks were freed -- no leaks are possible
==19495== 
==19495== For counts of detected and suppressed errors, rerun with: -v
==19495== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

现在,如果我运行相同但使用“工作字符串”,假设

const wchar_t *text = L"This is a t"; // no Valgrind error
// const wchar_t *text = L"This is a teeeeeeee"; // no Valgrind error
// const wchar_t *text = L"This is a test"; // Valgrind ERRROR

我没有问题:

==19571== Memcheck, a memory error detector
==19571== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19571== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19571== Command: ./test
==19571== 
new_text: This is a t
==19571== 
==19571== HEAP SUMMARY:
==19571==     in use at exit: 0 bytes in 0 blocks
==19571==   total heap usage: 1 allocs, 1 frees, 48 bytes allocated
==19571== 
==19571== All heap blocks were freed -- no leaks are possible
==19571== 
==19571== For counts of detected and suppressed errors, rerun with: -v
==19571== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

起初我认为字符串大小应该始终是 8 的倍数(可能某些 wcs 读取 8 的块),但有些情况下失败了,然后我认为我必须始终为 NULL 终止符附加 8 个字节((wcslen(item) + 2) * sizeof(wchar_t)),它有效,但没有'没有任何意义,因为sizeof(wchar_t)- 在我的系统中 - 是 4 个字节,应该足以处理L'\0'终止符。

我还阅读了 glibcwcslen源代码,但没有什么新内容。我现在正在考虑 Valgrind 问题。各位大佬能不能给个亮点?向 Valgrind 提交错误是否值得?

谢谢

4

1 回答 1

6

这可能是函数的 SSE 优化造成的wcslen;参见例如https://bugzilla.redhat.com/show_bug.cgi?id=798968https://bugs.archlinux.org/task/30643

优化wcslen时,一次读取多个宽字符并使用向量化指令 (SSE) 将它们与L'\0'. 不幸的是,valgrind 认为这是一个未初始化的读取——它确实如此,但它是无害的,因为结果wcslen不依赖于未初始化的值。

修复方法是更新 valgrind,希望更新的版本能够抑制误报。

于 2013-03-22T15:07:52.867 回答