[Bug c/48650] New: valgrind: Invalid write of size 8 in build_string (tree.c:1524)

Sun, 17 Apr 2011 06:02:41 -0700 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48650

           Summary: valgrind: Invalid write of size 8 in build_string
                    (tree.c:1524)
           Product: gcc
           Version: 4.7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassig...@gcc.gnu.org
        ReportedBy: zso...@seznam.cz
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu


While building with valgrind checking, one gets many of these errors:
==28100== Invalid write of size 8
==28100==    at 0x838128: build_string (string3.h:86)
==28100==    by 0x4EE6E3: lex_string (c-lex.c:998)
==28100==    by 0x4EF974: c_lex_with_flags (c-lex.c:432)
==28100==    by 0x4B517D: c_lex_one_token (c-parser.c:216)
==28100==    by 0x4C1834: c_parser_statement_after_labels (c-parser.c:398)
==28100==    by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100==    by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100==    by 0x4C19D1: c_parser_statement_after_labels (c-parser.c:4530)
==28100==    by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100==    by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100==    by 0x4C19D1: c_parser_statement_after_labels (c-parser.c:4530)
==28100==    by 0x4C22D7: c_parser_compound_statement_nostart (c-parser.c:4114)
==28100==    by 0x4C3828: c_parser_compound_statement (c-parser.c:3951)
==28100==    by 0x4BFE5E: c_parser_declaration_or_fndef (c-parser.c:1721)
==28100==    by 0x4C490D: c_parser_external_declaration (c-parser.c:1334)
==28100==    by 0x4C54D7: c_parse_file (c-parser.c:1222)
==28100==    by 0x4F31F4: c_common_parse_file (c-opts.c:1092)
==28100==    by 0x725A67: toplev_main (toplev.c:579)
==28100==    by 0x6222B6C: (below main) (in /lib64/libc-2.11.3.so)
==28100==  Address 0x77afe08 is not stack'd, malloc'd or (recently) free'd
==28100== 

The problem seems to be that the allocated memory is sometimes smaller than
sizeof struct tree_common:

Breakpoint 5, build_string (len=2, str=0x12ac700 "0") at
/mnt/svn/gcc-trunk/gcc/tree.c:1522
1522      s = ggc_alloc_tree_node (length);
(gdb) p length
$5 = 23
(gdb) p sizeof (struct tree_common)
$15 = 24

so ggc_alloc_tree_node (ggc_internal_alloc_stat) is called with parameter value
23, but memset at tree.c:1524 overwrites 24 bytes.

Reply via email to