invalid read size 1 under valgrind

From: Austin Foxley <austinf gmail com>
To: libsoup-list gnome org
Subject: invalid read size 1 under valgrind
Date: Wed, 22 Feb 2012 09:57:22 -0800

I am developing a upnp client using gupnp (which uses libsoup) and ran
into this apparent off-by-one when running under valgrind. This is
with libsoup in fedora 16 (libsoup-2.36.1-2.fc16.x86_64). I took a
look at the source but it wasn't obvious to me where the problem was.
Hopefully someone more familiar with this code can make sense of this
one.

==21821== Invalid read of size 1
==21821==    at 0x3BB5E37A29: read_metadata (soup-message-io.c:325)
==21821==    by 0x3BB5E38954: io_read (soup-message-io.c:846)
==21821==    by 0x3BB5E39EB0: soup_message_read_request
(soup-message-server-io.c:243)
==21821==    by 0x3BB5E3E892: request_finished (soup-server.c:736)
==21821==    by 0x3BB5E377B3: soup_message_io_finished (soup-message-io.c:163)
==21821==    by 0x3BB5E39EB0: soup_message_read_request
(soup-message-server-io.c:243)
==21821==    by 0x3220C0EA23: g_closure_invoke (gclosure.c:774)
==21821==    by 0x3220C20D16: signal_emit_unlocked_R (gsignal.c:3272)
==21821==    by 0x3220C2A140: g_signal_emit_valist (gsignal.c:3003)
==21821==    by 0x3220C2A2E1: g_signal_emit (gsignal.c:3060)
==21821==    by 0x3BB5E47867: listen_watch (soup-socket.c:806)
==21821==    by 0x321FC44ACC: g_main_context_dispatch (gmain.c:2441)
==21821==  Address 0x50623df is 1 bytes before a block of size 16 alloc'd
==21821==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21821==    by 0x4A07657: realloc (vg_replace_malloc.c:525)
==21821==    by 0x321FC4B76D: g_realloc (gmem.c:233)
==21821==    by 0x321FC182A8: g_array_maybe_expand (garray.c:689)
==21821==    by 0x321FC18616: g_array_append_vals (garray.c:353)
==21821==    by 0x321FC194E8: g_byte_array_append (garray.c:1486)
==21821==    by 0x3BB5E379EC: read_metadata (soup-message-io.c:287)
==21821==    by 0x3BB5E38954: io_read (soup-message-io.c:846)
==21821==    by 0x3BB5E39EB0: soup_message_read_request
(soup-message-server-io.c:243)
==21821==    by 0x3BB5E3E892: request_finished (soup-server.c:736)
==21821==    by 0x3BB5E377B3: soup_message_io_finished (soup-message-io.c:163)
==21821==    by 0x3BB5E39EB0: soup_message_read_request
(soup-message-server-io.c:243)


-Austin

Follow-Ups:
- Re: invalid read size 1 under valgrind
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]