Help? seg-fault...

Michael Wieher michael.wieher at gmail.com
Tue Jul 1 20:03:27 UTC 2008


Thanks.
Yeah, I'm using size now, I've tried it both ways.  'size' is of
course more reliable.

Valgrind did not turn up anything useful that I could find..  a number
of errors like this:

==12359== Invalid read of size 4
==12359==    at 0x40B8934: _IO_flush_all_lockp (in /lib/libc-2.5.so)
==12359==    by 0x40B94EF: _IO_cleanup (in /lib/libc-2.5.so)
==12359==    by 0x4081812: exit (in /lib/libc-2.5.so)
==12359==    by 0x406BDF3: (below main) (in /lib/libc-2.5.so)
==12359==  Address 0x41DAACC is not stack'd, malloc'd or (recently) free'd

that end like this

==12359== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==12359==  Access not within mapped region at address 0xC
==12359==    at 0x40B8946: _IO_flush_all_lockp (in /lib/libc-2.5.so)
==12359==    by 0x40B94EF: _IO_cleanup (in /lib/libc-2.5.so)
==12359==    by 0x4081812: exit (in /lib/libc-2.5.so)
==12359==    by 0x406BDF3: (below main) (in /lib/libc-2.5.so)
==12359==
==12359== Process terminating with default action of signal 11 (SIGSEGV)
==12359==  Access not within mapped region at address 0xC
==12359==    at 0x40B8946: _IO_flush_all_lockp (in /lib/libc-2.5.so)
==12359==    by 0x40B94EF: _IO_cleanup (in /lib/libc-2.5.so)
==12359==    by 0x41624C0: __libc_freeres (in /lib/libc-2.5.so)
==12359==    by 0x40011E6: _vgnU_freeres (vg_preloaded.c:60)
==12359==    by 0x41DAA37: ???
==12359==    by 0x40B94EF: _IO_cleanup (in /lib/libc-2.5.so)
==12359==    by 0x4081812: exit (in /lib/libc-2.5.so)
==12359==    by 0x406BDF3: (below main) (in /lib/libc-2.5.so)


It LOOKS to me as if the code is trying to read (multiple) memory
addresses that are "not stack'd, malloc'd, or free'd"
...and my best guess is that its trying to free memory it thinks needs
to be cleaned up on exit but somehow has already been.

It will ALSO segfault (on exit, again, not during regular execution,
if I include this bit of code

    //---- MEMCACHED SET
    extern iniData data;
    char qstring[32];
    uint32_t flags=0;
    sprintf(qstring,"%s%d%lu",code,cur->file,cur->location);
    char * tempbuff = (char*)calloc(sizeof(char),cur->size);
    memcpy(tempbuff,(char*)cCom,cur->size);
    memcached_set(&(data.mc),qstring,strlen(qstring),tempbuff,cur->size,(time_t)0,flags);
    free(tempbuff);tempbuff=NULL;
    //---- END MEMCACHED SET STUFF */

I'm only using valgrind's memory checker.. maybe I'll dig around with
some of their other tools and see what I can find.

On Tue, Jul 1, 2008 at 2:43 PM, Dustin Sallings <dustin at spy.net> wrote:
>
> On Jul 1, 2008, at 12:29, Michael Wieher wrote:
>
>        cp = memcached_get(&(data->mc),req,strlen(req),&size,&flags,&mcr);
>        if(mcr==0) {
>            memcpy(ans,cp,strlen(cp));
>
> Are you completely sure it's safe to call strlen on whatever cp is?  Just
> use the size.
>
> In general, running stuff like this through valgrind will tell you a lot.
>
> --
> Dustin Sallings
>


More information about the memcached mailing list