views:

242

answers:

2

I'm running valgrind and I'm getting the following error (this is not the only one):

==21743== Conditional jump or move depends on uninitialised value(s)
==21743==    at 0x4A06509: index (mc_replace_strmem.c:164)
==21743==    by 0x33B7CBB3CD: gaih_inet (in /lib64/libc-2.5.so)
==21743==    by 0x33B7CBD629: getaddrinfo (in /lib64/libc-2.5.so)
==21743==    by 0x401A5F: tunnelURL (proxy.c:336)
==21743==    by 0x40142A: client_thread (proxy.c:194)
==21743==    by 0x33B8806616: start_thread (in /lib64/libpthread-2.5.so)
==21743==    by 0x33B7CD3C2C: clone (in /lib64/libc-2.5.so)

My tunnelURL() function looks like this:

char * tunnelURL(char *url) {
 char * a = strstr(url, "//");
 a += 2;
 char * path = strstr(a, "/");

 char host[256];
 strncpy (host, a, strlen(a)-strlen(path));

 /*
  * The following is courtesy of Beej's Guide
  */
 int status;
 int proxySocketFD;
 struct addrinfo hints;
 struct addrinfo *servinfo; // will point to the results

 memset(&hints, 0, sizeof(hints)); // make sure the struct is empty
 hints.ai_family = AF_INET; // don't care IPv4 or IPv6
 hints.ai_socktype = SOCK_STREAM; // TCP stream sockets
 hints.ai_flags = AI_PASSIVE; // fill in my IP for me

 if ((status = getaddrinfo(host, "80", &hints, &servinfo)) != 0) {
  perror("getaddrinfo() fail");
  exit(1);
 }

 // create socket
 if ((proxySocketFD = socket(servinfo->ai_family, servinfo->ai_socktype, servinfo->ai_protocol)) == -1) {
  perror("proxy socket() fail");
  exit(1);
 }

 // connect
 if (connect(proxySocketFD, servinfo->ai_addr, servinfo->ai_addrlen) != 0) {
  printf("connect() fail");
  exit(1);
 }

 // construct request
 char request[strlen(path) + strlen(host) + 26];
 sprintf(request, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n", path, host);
 printf("%s", request);

 // send request
 send(proxySocketFD, request, strlen(request), 0);

 // receive response
 int i = 0;
 int amntRecvd = 0;
 char *pageContentBuffer = (char*) malloc(4096 * sizeof(char));
 while ((amntRecvd = recv(proxySocketFD, pageContentBuffer + i, 4096, 0)) > 0) {
  i += amntRecvd;
  realloc(pageContentBuffer, i * 4096 * sizeof(char));
 }

 // close proxy socket
 close(proxySocketFD);

 // deallocate memory
 freeaddrinfo(servinfo);

 return pageContentBuffer;

}

Line 336 corresponds to the if statement with the getaddrinfo() function call. I'm not really sure what I haven't initialized. The string I'm passing in "should" be already set... I'm printing it out just fine. I also get another error corresponding to the same line of code:

==21743== Use of uninitialised value of size 8
==21743==    at 0x33B7D05816: __nscd_cache_search (in /lib64/libc-2.5.so)
==21743==    by 0x33B7D0438B: nscd_gethst_r (in /lib64/libc-2.5.so)
==21743==    by 0x33B7D04B26: __nscd_gethostbyname2_r (in /lib64/libc-2.5.so)
==21743==    by 0x33B7CE9F5E: gethostbyname2_r@@GLIBC_2.2.5 (in /lib64/libc-2.5.so)
==21743==    by 0x33B7CBC522: gaih_inet (in /lib64/libc-2.5.so)
==21743==    by 0x33B7CBD629: getaddrinfo (in /lib64/libc-2.5.so)
==21743==    by 0x401A5F: tunnelURL (proxy.c:336)
==21743==    by 0x40142A: client_thread (proxy.c:194)
==21743==    by 0x33B8806616: start_thread (in /lib64/libpthread-2.5.so)
==21743==    by 0x33B7CD3C2C: clone (in /lib64/libc-2.5.so)

Any ideas as to what might becausing this? This is written in C btw...

Thanks, Hristo

+1  A: 
 // receive response
 int i = 0;
 int amntRecvd = 0;
 char *pageContentBuffer = (char*) malloc(4096 * sizeof(char));
 while ((amntRecvd = recv(proxySocketFD, pageContentBuffer + i, 4096, 0)) > 0) {
  i += amntRecvd;
  realloc(pageContentBuffer, i * 4096 * sizeof(char));
 }

realloc(pageContentBuffer, i * 4096 * sizeof(char)) does not look right. If you received 4096 bytes first, you will be allocating 4096*4096 bytes next, 2*4096*4096 bytes next and so on. Perhaps you meant addition?

aaa
I tried with addition, and it fixed something, but it broke other things. Valgrind is still complaining, though I do agree with you, I meant addition... so 4096, then 8192, then 12888, etc...
Hristo
@H caf found you other problem
aaa
+2  A: 

You're not using realloc() correctly. realloc() may move the allocated block, and it returns the new address of the block - so you need to assign that return value to pageContentBuffer (iff it's not NULL).

caf
Thanks. That makes a lot of sense. I went ahead and made the changes and that definitely helped. There is still one issue that valgrind is complaining about... Syscall param socketcall.recvfrom(buf) points to unaddressable byte(s)
Hristo
The two multiplications in your `realloc()` look wrong as well - it's probably getting very large very fast and overflowing. Are you sure you didn't mean `i + 4096` instead? (Note that `sizeof(char)` is defined to be 1, so multiplying by it is unnecessary).
caf