Valgrind 丢失错误答案

【问题标题】：Valgrind missing errorValgrind 丢失错误
【发布时间】：2023-12-06 06:10:01
【问题描述】：

（原帖是here）

考虑以下明显有缺陷的程序：

#include <string.h>

int main()
{
  char string1[10] = "123456789";
  char *string2 = "123456789";

  strcat(string1, string2);
}

并假设编译它：

gcc program.c -ggdb

并在其上运行 valgrind：

valgrind --track-origins=yes --leak-check=yes --tool=memcheck --read-var-info=yes  ./a.out

结果中没有显示错误：

==29739== Memcheck, a memory error detector
==29739== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==29739== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==29739== Command: ./a.out
==29739== 
==29739== 
==29739== HEAP SUMMARY:
==29739==     in use at exit: 0 bytes in 0 blocks
==29739==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==29739== 
==29739== All heap blocks were freed -- no leaks are possible
==29739== 
==29739== For counts of detected and suppressed errors, rerun with: -v
==29739== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

我错过了什么？

【问题讨论】：

没有new或者malloc所以没有内存泄漏。
相关：*.com/questions/19207778/…

标签： c valgrind

【解决方案1】：

它没有报告任何错误，因为您使用的是memcheck，它不对全局或堆栈数组执行检查，它仅对堆数组执行边界检查和释放后使用检查。所以在这种情况下，你可以使用 valgrind SGCheck 来检查堆栈数组：

valgrind --tool=exp-sgcheck ./a.out

它确实为我报告了错误。

有关更多信息，请参阅 sgcheck 文档：

http://valgrind.org/docs/manual/sg-manual.html

添加日志：

$ valgrind --tool=exp-sgcheck ./a.out
==10485== exp-sgcheck, a stack and global array overrun detector
==10485== NOTE: This is an Experimental-Class Valgrind Tool
==10485== Copyright (C) 2003-2015, and GNU GPL'd, by OpenWorks Ltd et al.
==10485== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==10485== Command: ./a.out
==10485==
==10485== Invalid read of size 1
==10485==    at 0x4C2A374: strlen (h_intercepts.c:131)
==10485==    by 0x4E9DD5B: puts (in /usr/lib64/libc-2.22.so)
==10485==    by 0x4005C8: main (v.c:11)
==10485==  Address 0xfff00042a expected vs actual:
==10485==  Expected: stack array "string1" of size 10 in frame 2 back from here
==10485==  Actual:   unknown
==10485==  Actual:   is 0 after Expected
==10485==
==10485== Invalid read of size 1
==10485==    at 0x4EA9BA2: _IO_default_xsputn (in /usr/lib64/libc-2.22.so)
==10485==    by 0x4EA7816: _IO_file_xsputn@@GLIBC_2.2.5 (in /usr/lib64/libc-2.22.so)
==10485==    by 0x4E9DDF7: puts (in /usr/lib64/libc-2.22.so)
==10485==    by 0x4005C8: main (v.c:11)
==10485==  Address 0xfff00042a expected vs actual:
==10485==  Expected: stack array "string1" of size 10 in frame 3 back from here
==10485==  Actual:   unknown
==10485==  Actual:   is 0 after Expected
==10485==
123456789123456789
==10485==
==10485== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

【讨论】：

您遇到了哪个错误？我试过但没有得到：ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)。也许，这是您发布的文档链接中这句话的结果：因此，不会检查指令对数组的第一次访问（在任何给定的函数实例化中）是否溢出，因为 SGCheck 将其用作“后续访问应如何表现的示例”。
@VeryHardCoder 是的，但你会在实际程序中以某种方式使用string1。
好的，我明白了，这是 valgrind 能做的最好的事情......谢谢！