[petsc-users] many valgrind error of petsc string functions

Gong Ding gdiso at ustc.edu
Sat Dec 3 23:23:19 CST 2011 

I don't have any long options. For example. I takes a look at following code
==12208== Conditional jump or move depends on uninitialised value(s)
==12208==    at 0x171A9FA: PetscStrlen (str.c:149)
==12208==    by 0x16EFF89: PetscOptionsHasName (options.c:1242)
==12208==    by 0x141AA4A: main (main.cc:101)
==12208==
In the line 101 of main.cc I just call PetscOptionsHasName to check -p command line argument.
And the -p argument don't have parameter.
  // performace log flag
  PetscBool     log_flg;
  PetscOptionsHasName(PETSC_NULL,"-p", &log_flg);
  if(!log_flg)
    perflog.disable_logging();
I checked petsc source file options.c
In the source file options.c line 1098
static PetscErrorCode PetscOptionsFindPair_Private(const char pre[],const char name[],char *value[],PetscBool  *flg)
the tmp buffer has a fixed size of 256. the strncpy function has a max number of 256.
  /* append prefix to name */
  if (pre) {
    if (pre[0] == '-') SETERRQ(PETSC_COMM_SELF,PETSC_ERR_ARG_WRONG,"Prefix should not begin with a -");
    ierr = PetscStrncpy(tmp,pre,256);CHKERRQ(ierr);
    ierr = PetscStrlen(tmp,&len);CHKERRQ(ierr);
    ierr = PetscStrncat(tmp,name+1,256-len-1);CHKERRQ(ierr);
  } else {
    ierr = PetscStrncpy(tmp,name+1,256);CHKERRQ(ierr);
  }
This should OK if name string has a length less than 256. The length of -p option is only 2.
However, valgrind reported here has uninitialised value.
I try to init both tmp (line 1103) and tmp2 (line 1152) as tmp[256]={0}, tmp2[256]={0}, the valgrind complain disappeared.
I'v no idea what's wrong here. Maybe something wrong in valgrind.
On Sat, Dec 3, 2011 at 06:18, Gong Ding<gdiso at ustc.edu> wrote:
 In the function of PetscOptionsFindPair_Private (options.c line 1098), there are still some code with the same problem.
Are you passing a full path to the option? Or just many very long prefixes?
This absolutely needs to be fixed, but I think there are a lot of places where fixed-length temporary buffers are used for building options keys and values. I would like to know how you are triggering these overflows so that I can stand a decent chance of getting all of them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/petsc-users/attachments/20111204/e675f9fc/attachment.htm>

More information about the petsc-users mailing list