memcmp() checker: memory access errors

From: "kolmogolov@xxxxxxxxx" <kolmogolov@xxxxxxxxx>
Date: 17 Dec 2006 23:53:43 -0800

/*
Hi, I have removed things irrelevant to reproducing the problem.
What's wrong with my code? Thanks in advance for any hint!
1166425362
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>

int probe_img(FILE *fp)
{
unsigned char *data;
unsigned char KDF_header[4]={0x01, 0x03, 0x13, 0x5E};
int probe_len = 256;
int type=-1;

data = malloc( probe_len );
assert ( NULL != data );
assert ( 1 == fread(data, probe_len, 1, fp) );

if ( !memcmp(data, KDF_header, 4) )
{
type = 3;
}

return type;
}

int main(void)
{
FILE *fp = fopen("sample.kdf", "r");
assert ( NULL != fp);
printf("type=%d\n", probe_img(fp) );
return 0;
}

/*
$ echo $CHECKEROPTS
-p -v -t -o=checker.out
$ !chec
checker gcc -Wall bug.c
$ rm checker.out
$ ls -l sample.kdf
-rwxr-xr-x 1 chen mitarb 3075 Feb 10 1997 sample.kdf
$ ./a.out sample.kdf
type=3
$ cat checker.out

Checker 0.9.9.1 (i686-pc-linux-gnu) Copyright (C) 1998 Tristan Gingold.
This program has been compiled with `checkergcc' or `checkerg++'.
Checker is a memory access detector.
Checker is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
For more information, set CHECKEROPTS to `--help'

From Checker (pid:03038): `./a.out' is running (Sun Dec 17 22:47:01

2006)

From Checker (pid:03038): (mes) debugging message for the user.

begin end rights name path
08048000 0805b58c T- r-x .text ./a.out
0805c000 0805fdbc -D rw- .data
b7fa9000 b7fb27fc T- r-x .text /lib/libgcc_s.so.1
b7fb37fc b7fb4000 -D rw- .data /lib/libgcc_s.so.1
08048000 0805b58c T- r-x .text
0805c000 0805fdbc -D rw- .data
b7e60000 b7f875a4 T- r-x .text /lib/tls/libc.so.6
b7f8815c b7f9189c -D rw- .data /lib/tls/libc.so.6
b7fb7000 b7fcb808 T- r-x .text /lib/ld-linux.so.2
b7fccca0 b7fce000 -D rw- .data /lib/ld-linux.so.2

From Checker (pid:03038): (mes) debugging message for the user.

Memory map:
Name | Base | End | Size | RWX | Type
---------------+------------+------------+-------------+-----+-----
NULL zone | 0x00000000 | 0x08047fff | 128 Mb | --- | Void
text segment | 0x08048000 | 0x0805b58b | 77 kb | r-x | Text
..text | 0x08048000 | 0x0805b58b | 77 kb | r-x | ROnly
(nothing) | 0x0805b58c | 0x0805bfff | 2 kb | --- | -
data segment | 0x0805c000 | 0x0805fdbb | 15 kb | rw- | RW
..data | 0x0805c000 | 0x0805fdbb | 15 kb | rw- | RW
(nothing) | 0x0805fdbc | 0xb7e5ffff | 2814 Mb | --- | -
..text | 0xb7e60000 | 0xb7f875a3 | 1181 kb | r-x | ROnly
(nothing) | 0xb7f875a4 | 0xb7f87fff | 2 kb | --- | -
..data | 0xb7f88000 | 0xb7f9189b | 38 kb | rw- | RW
(nothing) | 0xb7f9189c | 0xb7fa8fff | 93 kb | --- | -
..text | 0xb7fa9000 | 0xb7fb27fb | 37 kb | r-x | ROnly
(nothing) | 0xb7fb27fc | 0xb7fb2fff | 2 kb | --- | -
..data | 0xb7fb3000 | 0xb7fb3fff | 4 kb | rw- | RW
(nothing) | 0xb7fb4000 | 0xb7fb6fff | 12 kb | --- | -
..text | 0xb7fb7000 | 0xb7fcb807 | 82 kb | r-x | ROnly
(nothing) | 0xb7fcb808 | 0xb7fcbfff | 2040 b | --- | -
..data | 0xb7fcc000 | 0xb7fcdfff | 8 kb | rw- | RW
(nothing) | 0xb7fce000 | 0xbffcd7b3 | 127 Mb | --- | -
stack | 0xbffcd7b4 | 0xbfffffff | 202 kb | rwx | Normal
# malloc (352) = 0x8060134;
# malloc (256) = 0x80602d4;

From Checker (pid:03038): (rus) read uninitialized byte(s) in the

stack.
When Reading 1 byte(s) at address 0xbffce798, inside the stack.
known stack limit= 0xbffce680

From Checker (pid:03038): (mes) debugging message for the user.

08 09 0a 0b 0c 0d 0e 0f 00 01 02 03 04 05 06 07
0xbffce798: W W W W RW RW RW RW RW RW RW RW RW RW RW RW
0xbffce7a8: RW RW RW RW W W W W RW RW RW RW RW RW RW RW
Stack frames are:
pc=0x08055bb2 in checker_text_stubs_begin at
stubs/begin-stubs.c:7
pc=0x08048d73 in probe_img at bug.c:25
pc=0x08048fdb in main at bug.c:37
pc=0x08055d53 in checker_text_stubs_begin at
stubs/begin-stubs.c:7
pc=0xb7e74ea8 in checker_text_stubs_end at stubs/end-stubs.c:7
pc=0x080487e8 in *unknown* at *unknown*:0

From Checker (pid:03038): (rus) read uninitialized byte(s) in the

stack.
When Reading 1 byte(s) at address 0xbffce799, inside the stack.
known stack limit= 0xbffce680

From Checker (pid:03038): (mes) debugging message for the user.

From Checker (pid:03038): (rus) read uninitialized byte(s) in the

stack.
When Reading 1 byte(s) at address 0xbffce79a, inside the stack.
known stack limit= 0xbffce680

From Checker (pid:03038): (mes) debugging message for the user.

From Checker (pid:03038): (rus) read uninitialized byte(s) in the

stack.
When Reading 1 byte(s) at address 0xbffce79b, inside the stack.
known stack limit= 0xbffce680

From Checker (pid:03038): (mes) debugging message for the user.

From Checker (pid:03038): (prf) profile results.

The stack was handled (accessed) 130 times.
The data segment was handled (accessed) 0 time.
The text segment was handled (accessed) 4 times.
The NULL zone was handled (accessed) 0 time.
The .text was handled (accessed) 0 time.
The .data was handled (accessed) 0 time.
The .text was handled (accessed) 0 time.
The .data was handled (accessed) 0 time.
The .text was handled (accessed) 0 time.
The .data was handled (accessed) 0 time.
The .text was handled (accessed) 0 time.
The .data was handled (accessed) 0 time.
The heap (sbrk) was handled (accessed) 10 times.
The program accessed memory 144 times.
The stack limit was adjusted 47 times.
4 memory access errors reported.
4 memory access errors.
2 malloc/mmalloc calls.
0 free/mfree calls.
0 realloc/mrealloc calls.
Total time used for garbage detecting: 0 sec(s) 0 usecs.

*/

.

Follow-Ups:
- Re: memcmp() checker: memory access errors
  - From: Arthur J. O'Dwyer
- Re: memcmp() checker: memory access errors
  - From: malc
- Re: memcmp() checker: memory access errors
  - From: Richard Bos

Prev by Date: Re: How to write a murder-program in C ???
Next by Date: Re: Dynamic C to C Data Transfer
Previous by thread: Re: parsing fortran
Next by thread: Re: memcmp() checker: memory access errors
Index(es):
- Date
- Thread

Relevant Pages

Re: memcmp() checker: memory access errors
... int probe_img ... If that still gives error messages, Checker is buggy. ... When Reading 1 byteat address 0xbfb67b48, inside the stack. ... known stack limit= 0xbfb67a30 ...
(comp.lang.c)
Re: Having C code looking like C++ code
... providing an integer stack. ... | extern int push; ... | typedef struct stacktype { ... muck around inside the encapsulation to use the interface. ...
(comp.lang.c)
Re: [OT] C programming, variable size array
... The trick to understanding here is to know how memory gets allocated. ... int main{ ... The stack holds "automatic" variables used in C, ... Will automatically allocate and deallocate 1K of data on the stack. ...
(Debian-User)
Re: Link Instruction & tt command
... In order to do the trace, ... than C, the routine's entry point is non-standard, or the task's stack ... int f_c ... framepointer, and you can not make any stacktraces. ...
(comp.os.vxworks)
Re: Resources about program design in C
... an interest in the reasoning behind global variables in C programs. ... For example, sorting an array is a single, well-defined ... imagine a module that implements a stack ... static int stack_ptr; ...
(comp.lang.c)