GMP 5.1.1: Valgrind reports incorrect read in __gmpn_copyd (called from __gmpz_mul_2exp)

Alexander Kruppa akruppa at gmail.com
Thu Feb 21 19:05:00 CET 2013 

2013/2/21 Torbjorn Granlund <tg at gmplib.org>:
> Alexander Kruppa <akruppa at gmail.com> writes:
>
>   2013/2/21 Torbjorn Granlund <tg at gmplib.org>:
>
>   > We should make sure this is really a valid 16-bit aligned read before we
>   > report any valgrind bug.
>   >
>   > --
>   > Torbjörn
>
>   %rsi is divisible by 16, so looks properly aligned.
>
> But are some of the bytes within an operand?  We don't want to make a
> completely spurious 16-byte read.
>
>
> --
> Torbjörn

==11523== Invalid read of size 8
==11523==    at 0x401A74: __gmpn_copyd (in /users/caramel/kruppaal/test_mpmod)
==11523==    by 0x4009CF: __gmpz_mul_2exp (in
/users/caramel/kruppaal/test_mpmod)
==11523==    by 0x40086D: main (test_mpmod.c:20)
==11523==  Address 0x51f45a8 is 0 bytes after a block of size 984 alloc'd
==11523==    at 0x4C2C861: realloc (vg_replace_malloc.c:662)
==11523==    by 0x401C9B: __gmp_default_reallocate (in
/users/caramel/kruppaal/test_mpmod)
==11523==    by 0x400A26: __gmpz_realloc (in /users/caramel/kruppaal/test_mpmod)
==11523==    by 0x400AE5: __gmpz_set (in /users/caramel/kruppaal/test_mpmod)
==11523==    by 0x400854: main (test_mpmod.c:17)
[...]

0x0000000000401a74 in __gmpn_copyd ()
(gdb) bt
#0  0x0000000000401a74 in __gmpn_copyd ()
#1  0x00000000004009d0 in __gmpz_mul_2exp ()
#2  0x000000000040086e in main () at test_mpmod.c:20
(gdb) frame 2
#2  0x000000000040086e in main () at test_mpmod.c:20
20	  mpz_mul_2exp (temp1, R2, Nbits);
(gdb) print R2[0]
$1 = {_mp_alloc = 123, _mp_size = 123, _mp_d = 0x51f41d0}
(gdb) frame 0
#0  0x0000000000401a74 in __gmpn_copyd ()
(gdb) disas 0x401a6f,0x401a7d
Dump of assembler code from 0x401a6f to 0x401a7d:
   0x0000000000401a6f <__gmpn_copyd+175>:	retq
   0x0000000000401a70 <__gmpn_copyd+176>:	sub    $0x10,%rdx
=> 0x0000000000401a74 <__gmpn_copyd+180>:	movaps (%rsi),%xmm0
   0x0000000000401a77 <__gmpn_copyd+183>:	jb     0x401afe <__gmpn_copyd+318>
End of assembler dump.
(gdb) info reg
rax            0x51f45f0	85935600
rbx            0xf6	246
rcx            0x0	0
rdx            0x6b	107
rsi            0x51f45a0	85935520
[...]
(gdb) print/x 0x51f41d0 + 123*8
$3 = 0x51f45a8


R2->_mp_d occupies addresses 0x51f41d0 <= x < 0x51f45a8. The read is
for 16 bytes, starting at addresses 0x51f45a0. Hence the first 8 bytes
are valid, the other 8 are invalid.

Alex

More information about the gmp-bugs mailing list