Valgrind 对未初始化的字节大喊大叫
Valgrind 抛出了这个错误:
==11204== Syscall param write(buf) points to uninitialised byte(s)
==11204== at 0x4109033: write (in /lib/libc-2.13.so)
==11204== by 0x8049654: main (mmboxman.c:289)
==11204== Address 0xbe92f861 is on thread 1's stack
==11204==
出了什么问题?我找不到它在喊什么未初始化的字节。 以下是犯罪代码行(提到的第 289 行是调用函数 lockUp 的行):
Request request;
Response response;
fillRequest(&request, MANADDUSER, getpid(), argument1, NULL, NULL, 0, 0);
lockUp(&request, &response, NULL);
这里是函数原型和结构声明:
void fillRequest(Request *request, char code, pid_t pid, char *name1, char *name2, char *object, int id, size_t size)
{
int k;
request->code = code;
request->pid = getpid();
if(name1) for(k=0; k<strlen(name1)+1; k++) request->name1[k] = name1[k];
else request->name1[0] = '\0';
if(name2) for(k=0; k<strlen(name2)+1; k++) request->name2[k] = name2[k];
else request->name2[0] = '\0';
if(object) for(k=0; k<strlen(name2)+1; k++) request->name2[k] = name2[k];
else request->object[0] = '\0';
request->id = id;
request->size = size;
}
void lockUp(Request *request, Response *response, void **buffer)
{
int fifofrom, fifoto, lock; /* file descriptor delle fifo e del lock */
/* locko per l'accesso alle FIFO */
if((lock = open(LOCK, O_RDONLY)) == -1) logMmboxman("error in opening LOCK\n", 1);
else logMmboxman("opened LOCK\n", 0);
if(flock(lock, LOCK_EX) == -1) logMmboxman("error in acquiring LOCK\n", 1);
else logMmboxman("acquired LOCK\n", 0);
/* apro la fifoto e scrivo la mia richiesta */
if((fifoto = open(FIFOTOMMBOXD, O_WRONLY)) == -1) logMmboxman("error in opening FIFOTO\n", 1);
else logMmboxman("opened FIFOTO\n", 0);
if((write(fifoto, request, sizeof(Request))) != sizeof(Request)) logMmboxman("error in writing FIFOTO\n", 1);
else logMmboxman("written on FIFOTO\n", 0);
close(fifoto);
/* rimango in attesa della risposta da mmboxd sulla fifofrom */
if((fifofrom = open(FIFOFROMMMBOXD, O_RDONLY)) == -1) logMmboxman("error in opening FIFOFROM\n", 1);
else logMmboxman("opened FIFOFROM\n", 0);
if((read(fifofrom, response, sizeof(Response))) != sizeof(Response)) logMmboxman("error in reading FIFOFROM\n", 1);
else logMmboxman("read from FIFOFROM\n", 0);
close(fifofrom);
/* se mi deve comunicare un buffer riapro la fifo e lo leggo */
if(response->size)
{
if((fifofrom = open(FIFOFROMMMBOXD, O_RDONLY)) == -1) logMmboxman("error in opening FIFOFROM again for the buffer\n", 1);
else logMmboxman("opened FIFOFROM again for the buffer\n", 0);
*buffer = (void*)malloc(response->size);
if(read(fifofrom, *buffer, response->size) != response->size) logMmboxman("error in reading FIFOFROM again for the buffer\n", 1);
else logMmboxman("read from FIFOFROM again for the buffer\n", 0);
close(fifofrom);
}
/* letta la risposta rilascio il lock */
if(flock(lock, LOCK_UN) == -1) logMmboxman("error in releasing LOCK\n", 1);
else logMmboxman("released LOCK\n", 0);
return;
}
typedef struct
{
char code;
pid_t pid;
char name1[41];
char name2[41];
char object[101];
int id;
size_t size;
} Request;
typedef struct
{
char result;
int num;
int num2;
size_t size;
} Response;
Valgrind throws me out this error:
==11204== Syscall param write(buf) points to uninitialised byte(s)
==11204== at 0x4109033: write (in /lib/libc-2.13.so)
==11204== by 0x8049654: main (mmboxman.c:289)
==11204== Address 0xbe92f861 is on thread 1's stack
==11204==
What's the problem? I can't find what uninitialised byte it is yelling about.
Here are the criminal lines of code (the mentioned 289 line is the one which calls the function lockUp):
Request request;
Response response;
fillRequest(&request, MANADDUSER, getpid(), argument1, NULL, NULL, 0, 0);
lockUp(&request, &response, NULL);
Here the functions prototype and structs declaration:
void fillRequest(Request *request, char code, pid_t pid, char *name1, char *name2, char *object, int id, size_t size)
{
int k;
request->code = code;
request->pid = getpid();
if(name1) for(k=0; k<strlen(name1)+1; k++) request->name1[k] = name1[k];
else request->name1[0] = '\0';
if(name2) for(k=0; k<strlen(name2)+1; k++) request->name2[k] = name2[k];
else request->name2[0] = '\0';
if(object) for(k=0; k<strlen(name2)+1; k++) request->name2[k] = name2[k];
else request->object[0] = '\0';
request->id = id;
request->size = size;
}
void lockUp(Request *request, Response *response, void **buffer)
{
int fifofrom, fifoto, lock; /* file descriptor delle fifo e del lock */
/* locko per l'accesso alle FIFO */
if((lock = open(LOCK, O_RDONLY)) == -1) logMmboxman("error in opening LOCK\n", 1);
else logMmboxman("opened LOCK\n", 0);
if(flock(lock, LOCK_EX) == -1) logMmboxman("error in acquiring LOCK\n", 1);
else logMmboxman("acquired LOCK\n", 0);
/* apro la fifoto e scrivo la mia richiesta */
if((fifoto = open(FIFOTOMMBOXD, O_WRONLY)) == -1) logMmboxman("error in opening FIFOTO\n", 1);
else logMmboxman("opened FIFOTO\n", 0);
if((write(fifoto, request, sizeof(Request))) != sizeof(Request)) logMmboxman("error in writing FIFOTO\n", 1);
else logMmboxman("written on FIFOTO\n", 0);
close(fifoto);
/* rimango in attesa della risposta da mmboxd sulla fifofrom */
if((fifofrom = open(FIFOFROMMMBOXD, O_RDONLY)) == -1) logMmboxman("error in opening FIFOFROM\n", 1);
else logMmboxman("opened FIFOFROM\n", 0);
if((read(fifofrom, response, sizeof(Response))) != sizeof(Response)) logMmboxman("error in reading FIFOFROM\n", 1);
else logMmboxman("read from FIFOFROM\n", 0);
close(fifofrom);
/* se mi deve comunicare un buffer riapro la fifo e lo leggo */
if(response->size)
{
if((fifofrom = open(FIFOFROMMMBOXD, O_RDONLY)) == -1) logMmboxman("error in opening FIFOFROM again for the buffer\n", 1);
else logMmboxman("opened FIFOFROM again for the buffer\n", 0);
*buffer = (void*)malloc(response->size);
if(read(fifofrom, *buffer, response->size) != response->size) logMmboxman("error in reading FIFOFROM again for the buffer\n", 1);
else logMmboxman("read from FIFOFROM again for the buffer\n", 0);
close(fifofrom);
}
/* letta la risposta rilascio il lock */
if(flock(lock, LOCK_UN) == -1) logMmboxman("error in releasing LOCK\n", 1);
else logMmboxman("released LOCK\n", 0);
return;
}
typedef struct
{
char code;
pid_t pid;
char name1[41];
char name2[41];
char object[101];
int id;
size_t size;
} Request;
typedef struct
{
char result;
int num;
int num2;
size_t size;
} Response;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的
Request结构具有数组name1、name2等,其中包含以 null 结尾的字符串。当您填充它们时,您不会写出超过空终止符的内容。稍后,当您将结构写入文件时,valgrind 会抱怨,因为这些字节未初始化。还可能存在其他未初始化的字节(例如,编译器插入的填充)。除了一个小安全问题之外,这不一定是问题:内存中可能包含敏感信息的先前内容将被写入文件。
您可以在填充其字段之前将该结构 memset 为 0 以避免此错误。
Your
Requeststructure has arraysname1,name2, etc. which contain null-terminated strings. When you fill them, you don't write past the null terminator. Later when you write the structure to the file, valgrind complains because these bytes are uninitialized. There may also be other uninitialized bytes (for example, padding inserted by the compiler).This is not necessarily a problem, other than a small security issue: The previous contents of memory, which may hold sensitive information, will get written to the file.
You can memset the structure to 0 before filling its fields to avoid this error.