这是一个项目的valgrind输出:
==2433== Invalid free() / delete / delete[] / realloc()
==2433== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2433== by 0x43F345B: av_freep (mem.c:172)
==2433== by 0x5A6F4D2: (below main) (libc-start.c:226)
==2433== Address 0xb3fd830 is 48 bytes inside a block of size 111,634 alloc'd
==2433== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2433== by 0x80BB6B5: _talloc_realloc (talloc.c:997)
与以 Invalid 开头的行相比,以 Address 开头的行多缩进一个空格。这是否意味着一个导致另一个?还是它们是分开的?
如果它们是分开的,by 0x5A6F4D2: (below main) (libc-start.c:226)从何而来?我感觉(below main)与它有关,但我在硬盘上的任何地方都找不到libc-start.c。
是的,它为您提供了有关无效免费的更多信息。前四行描述无效调用(在本例中为 free)和 free 时的调用堆栈。以下三行提供了其他数据。在这种情况下,valgrind 识别传递给free的地址包含在分配的区域中,并提供该分配的偏移量、块的大小和调用堆栈。
根据 valgrind.org,层次结构应该是平面的,如下所示:
==3016== Invalid write of size 1
==3016== at 0x80484DA: main (in /jfs/article/sample2)
==3016== by 0x40271507: __libc_start_main (../sysdeps/generic/libc-start.c:129)
==3016== by 0x80483B1: free@@GLIBC_2.0 (in /jfs/article/sample2)
==3016== Address 0x40CA0224 is 0 bytes after a block of size 512 alloc'd
==3016== at 0x400483E4: malloc (vg_clientfuncs.c:100)
==3016== by 0x80484AA: main (in /jfs/article/sample2)
==3016== by 0x40271507: __libc_start_main (../sysdeps/generic/libc-start.c:129)
==3016== by 0x80483B1: free@@GLIBC_2.0 (in /jfs/article/sample2)
我会将输出中Address的缩进视为上述内容,因为它可能是特定于版本的更改,以使输出更具可读性。