Created attachment 660629 [details] Reproducer Description of problem: When I'm strncpy-ing a string that is longer than allocated memory to the destination buffer, no valgrind errors are shown. However, if I declare a pointer that points to the destination, errors are shown as expected. Version-Release number of selected component (if applicable): valgrind-3.8.1-5.fc19.x86_64 gcc-4.7.2-9.fc19.x86_64 glibc-2.16.90-36.fc19.x86_64 How reproducible: Always Steps to Reproduce: 1. compile the attachment 2. run through valgrind 3. Actual results: No errors shown. Expected results: Errors shown like when the pointer assignment is uncommented. Additional info:
You are misunderstanding what valgrind is actually protecting. For this testcase you need either -D_FORTIFY_SOURCE=2, then GCC will report it already at compile time: warning: call to __builtin___strncpy_chk will always overflow destination buffer [enabled by default] or Address Sanitizer (will be in GCC 4.8 and later). valgrind doesn't instrument automatic variable boundaries on the stack in any way, the reason why it warns with the extra line uncommented isn't that it would detect access beyond end of the array, but that the bytes are there are never stored to and thus considered uninitialized.
Hmm, didn't know that. Sorry for the noise.
(In reply to comment #2) > Hmm, didn't know that. Sorry for the noise. No worries, it is a common mistake, I made it myself a couple of times. Just think of valgrind (memcheck) as a read-before-write checker. It will detect whenever you use some bits that were never written to before. It can also detect some cases of "bad memory" access, like when writing to never allocated memory, but not as accurately. Your example is one where valgrind cannot know for sure, because the stack is already allocated (it isn't "bad memory" as far as memcheck is concerned).
It also instruments malloc, so for heap objects the detection of accesses before or after the allocated region are reported, or use-after-free too.