Description of problem:
When I run a trivial C++ program that outputs a number using iostreams under
Valgrind, an "invalid free" error is detected and the program outputs null bytes
in place of the digits of the number. The program works fine without Valgrind.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Download the attached testprog.cc .
2. make testprog
3. valgrind ./testprog | od -t x1c
==11971== Memcheck, a memory error detector.
==11971== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==11971== Using LibVEX rev 1804, a library for dynamic binary translation.
==11971== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==11971== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==11971== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==11971== For more details, rerun with: -v
==11971== Invalid free() / delete / delete
==11971== at 0x40052EA: operator delete(void*, std::nothrow_t const&)
==11971== by 0x213118: std::__verify_grouping(char const*, unsigned,
std::string const&) (locale_facets.cc:108)
==11971== by 0x21404C: std::locale::_Impl::_Impl(char const*, unsigned)
==11971== by 0x2140CC: std::locale::_Impl::_Impl(char const*, unsigned)
==11971== by 0x2151F7: std::locale::locale() (basic_string.h:2189)
==11971== by 0x2101CC: std::locale::_Impl::_Impl(std::locale::_Impl const&,
==11971== by 0x8048664: __static_initialization_and_destruction_0(int, int)
==11971== by 0x804869D: _GLOBAL__I_main (in /home/matt/test/valgrind/testprog)
==11971== by 0x804877C: (within /home/matt/test/valgrind/testprog)
==11971== by 0x80484E3: (within /home/matt/test/valgrind/testprog)
==11971== by 0x8048718: __libc_csu_init (in /home/matt/test/valgrind/testprog)
==11971== by 0x8A8570: (below main) (libc-start.c:179)
==11971== Address 0x2ac188 is not stack'd, malloc'd or (recently) free'd
==11971== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 15 from 1)
==11971== malloc/free: in use at exit: 0 bytes in 0 blocks.
==11971== malloc/free: 0 allocs, 1 frees, 0 bytes allocated.
==11971== For counts of detected errors, rerun with: -v
==11971== All heap blocks were freed -- no leaks are possible.
0000000 00 00 00 00 00 00 00 0a
\0 \0 \0 \0 \0 \0 \0 \n
No Valgrind error, and output of -314159.
Created attachment 311981 [details]
Failed to reproduce on Fedora 9 x86_64:
# make testprog
g++ testprog.cc -o testprog
# valgrind ./testprog
==19802== Memcheck, a memory error detector.
==19802== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==19802== Using LibVEX rev 1804, a library for dynamic binary translation.
==19802== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==19802== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==19802== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==19802== For more details, rerun with: -v
==19802== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 1)
==19802== malloc/free: in use at exit: 0 bytes in 0 blocks.
==19802== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==19802== For counts of detected errors, rerun with: -v
==19802== All heap blocks were freed -- no leaks are possible.
# g++ --version
g++ (GCC) 4.3.0 20080428 (Red Hat 4.3.0-8)
Copyright (C) 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# valgrind --version
Just retested in on 32-bit x86 and it also works.
I will attach my test binaries, can you test whether they fail for you?
Created attachment 314529 [details]
x86_32 test binary which works for me
Created attachment 314530 [details]
x86_64 test binary which works for me
Your x86_32 binary is byte-for-byte identical to mine, so needless to say, it fails in the same way. I also compiled the test program on another x86_32 machine with "g++ (GCC) 4.1.2 (Ubuntu 4.1.2-0ubuntu4)", and that binary also failed on my machine, so the problem doesn't seem to be with g++. I tried valgrind-3.3.0-2, valgrind-3.3.0-1, and valgrind-3.2.3-8 from Koji with the original binary and the same problem occurred.
However, when I set up a chrooted environment with glibc-2.7-2, the problem did not occur. It appears to have been introduced by a change between glibc 2.7 and 2.8.
The problem still occurs with glibc-2.8.90-11.i686 from Koji.
I'm moving this bug to the glibc component because it seems to have been caused by a change in glibc.
The problem still occurs with glibc-2.9-2.i686 in Fedora 10.
Hm. I ran "prelink -ua" to unprelink everything and the problem went away.
That explains why my glibc 2.7 chroot worked: it was never prelinked. There's no longer evidence that this bug is related to glibc, so I'm moving it back to valgrind.
I don't have a strong desire to have the binaries on my computer prelinked, so I'm satisfied at this point, but there may still be a bug here and I would be happy to help investigate it if anyone wishes.
This is most probably a valgrind problem. See:
The bug occurs if libstdc++ is prelinked and its debuginfo is installed (gcc-debuginfo).
I hope the patch from upstream can be applied to valgrind in F10. Thx.
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '10'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 10's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 10 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
As per comment #9, I'm no longer pursing this myself. If anyone else cares to reproduce it on newer Fedora, please comment and I will bump the version.
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.