-- Mats, Attached is output from the valgrind memory leak diagnostic, run on ftp. The source is inetutils-1.9.1, except for your small patch to domacro.c::155.
Perhaps may be useful to you. My comments therein. Glenn
# # Hi Mats, # # Fwiw, here's the output from # # $ valgrind --leak-check=yes ./ftp -v ftp.archlinux.org # # Even if nothing here turns out to be related to the free() problem at main.c:333, # at least it does seem to point up some other out-of-bounds accesses that might # (or might not) be related, possibly worth looking into just for ftp's general # health, being as the patient is already on the operating table so to speak. # # Interestingly, valgrind did NOT seem to explicitly detect the free() error that # we're actually searching for; in fact, ftp exits normally while run under valgrind. # Heisenburg at play I suppose. # # Anyway, thought it might be useful. My comments inline, preceded by #. # # - Glenn # ==8485== Memcheck, a memory error detector ==8485== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==8485== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==8485== Command: ./ftp -v ftp.archlinux.org ==8485== Parent PID: 1281 ==8485== # # This one is in libresolv, may well be a benign uninitialized dereference. # ==8485== Syscall param sendmsg(mmsg[0].msg_hdr) points to uninitialised byte(s) ==8485== at 0x417928A: sendmmsg (in /usr/lib/libc-2.17.so) ==8485== by 0x46B15FA: ??? (in /usr/lib/libresolv-2.17.so) ==8485== by 0x46AED18: __libc_res_nquery (in /usr/lib/libresolv-2.17.so) ==8485== by 0x46AF367: ??? (in /usr/lib/libresolv-2.17.so) ==8485== by 0x46AF9EE: __libc_res_nsearch (in /usr/lib/libresolv-2.17.so) ==8485== by 0x46A3679: _nss_dns_gethostbyname4_r (in /usr/lib/libnss_dns-2.17.so) ==8485== by 0x415DE67: gaih_inet (in /usr/lib/libc-2.17.so) ==8485== by 0x416018A: getaddrinfo (in /usr/lib/libc-2.17.so) ==8485== by 0x804F45B: hookup (ftp.c:144) ==8485== by 0x804A88A: setpeer (cmds.c:229) ==8485== by 0x8053B6D: main (main.c:244) ==8485== Address 0xbed049e8 is on thread 1's stack ==8485== # # The above error occurs prior to appearance of "Connected to ftp.archlinux.org.". # Everything below here results from executing the "$myget" macro at the ftp cmd prompt. # # # # This may be relevant: In domacro.c, just after parsing the leading "$" of the # macro name. (But just guessing here, that code is not exactly a pleasure to follow.) # ==8485== Invalid write of size 1 ==8485== at 0x804F219: domacro (domacro.c:130) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== # # This one looks like fallout from the above. # ==8485== Invalid write of size 1 ==8485== at 0x804F23B: domacro (domacro.c:136) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== # # No clue on these, which are all in slurpstring(). Honestly, I just don't have # the patience to go thru code which is written based on an FSM which I don't have # the diagram of in front of me. :) # ==8485== Invalid read of size 1 ==8485== at 0x805406E: slurpstring (main.c:498) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x8054098: slurpstring (main.c:508) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x8053FD9: slurpstring (main.c:464) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x8053F0F: slurpstring (main.c:415) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x8053F19: slurpstring (main.c:415) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x8053F80: slurpstring (main.c:435) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== # # This one is in the region of cmdscanner() that you were concerned about (I think): # (*c->c_handler) (margc, margv); # ==8485== Invalid read of size 1 ==8485== at 0x402BF53: __GI_strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x40F1B0D: puts (in /usr/lib/libc-2.17.so) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== # # The rest of these are in domacro, and I did not look at them closely. # ==8485== Invalid read of size 1 ==8485== at 0x40FB6D8: _IO_file_xsputn@@GLIBC_2.1 (in /usr/lib/libc-2.17.so) ==8485== by 0x40F1BAE: puts (in /usr/lib/libc-2.17.so) ==8485== by 0x804F2E7: domacro (domacro.c:161) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5d is 14 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x40FB6EB: _IO_file_xsputn@@GLIBC_2.1 (in /usr/lib/libc-2.17.so) ==8485== by 0x40F1BAE: puts (in /usr/lib/libc-2.17.so) ==8485== by 0x804F2E7: domacro (domacro.c:161) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c5c is 13 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 4 ==8485== at 0x410862C: __GI_mempcpy (in /usr/lib/libc-2.17.so) ==8485== by 0x40FB634: _IO_file_xsputn@@GLIBC_2.1 (in /usr/lib/libc-2.17.so) ==8485== by 0x40F1BAE: puts (in /usr/lib/libc-2.17.so) ==8485== by 0x804F2E7: domacro (domacro.c:161) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c4e is 6 bytes inside a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== Invalid read of size 1 ==8485== at 0x805403A: slurpstring (main.c:480) ==8485== by 0x8053ED8: makeargv (main.c:398) ==8485== by 0x804F242: domacro (domacro.c:137) ==8485== by 0x8053E27: cmdscanner (main.c:372) ==8485== by 0x8053BC0: main (main.c:254) ==8485== Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x8053BC0: main (main.c:254) ==8485== ==8485== # # Summary of leaks, etc. after program exits. # ==8485== HEAP SUMMARY: ==8485== in use at exit: 56,677 bytes in 182 blocks ==8485== total heap usage: 360 allocs, 178 frees, 77,494 bytes allocated ==8485== ==8485== 10 bytes in 1 blocks are definitely lost in loss record 4 of 35 ==8485== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==8485== by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp) ==8485== by 0x804F9CB: login (ftp.c:273) ==8485== by 0x804A955: setpeer (cmds.c:245) ==8485== by 0x8053B6D: main (main.c:244) ==8485== ==8485== LEAK SUMMARY: ==8485== definitely lost: 10 bytes in 1 blocks ==8485== indirectly lost: 0 bytes in 0 blocks ==8485== possibly lost: 0 bytes in 0 blocks ==8485== still reachable: 56,667 bytes in 181 blocks ==8485== suppressed: 0 bytes in 0 blocks ==8485== Reachable blocks (those to which a pointer was found) are not shown. ==8485== To see them, rerun with: --leak-check=full --show-reachable=yes ==8485== ==8485== For counts of detected and suppressed errors, rerun with: -v ==8485== Use --track-origins=yes to see where uninitialised values come from ==8485== ERROR SUMMARY: 209 errors from 15 contexts (suppressed: 0 from 0)
