http://www.oschina.net/translate/valgrind-memcheck
1、使用未初始化的内存
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
char *p;
char c = *p;
printf("
[%c]
",c);
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# valgrind --tool=memcheck ./a.out
==2054== Memcheck, a memory error detector
==2054== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==2054== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==2054== Command: ./a.out
==2054==
==2054== Use of uninitialised value of size 4
==2054== at 0x80483F1: main (main.c:8)
==2054==
2、在内存释放后读写
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
char *p = malloc(1);
*p = 'a';
char c = *p;
printf("
[%c]
",c);
free(p);
c = *p;
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# valgrind --tool=memcheck ./a.out
==2131== Memcheck, a memory error detector
==2131== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==2131== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==2131== Command: ./a.out
==2131==
[a]
==2131== Invalid read of size 1
==2131== at 0x80484A5: main (main.c:14)
==2131== Address 0x4199028 is 0 bytes inside a block of size 1 free'd
==2131== at 0x4025FE9: free (vg_replace_malloc.c:446)
==2131== by 0x80484A0: main (main.c:13)
3. 从已分配内存块的尾部进行读/写
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
char *p = malloc(1);
*p = 'a';
char c = *(p+1);
printf("
[%c]
",c);
free(p);
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# valgrind --tool=memcheck ./a.out
==2153== Memcheck, a memory error detector
==2153== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==2153== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==2153== Command: ./a.out
==2153==
==2153== Invalid read of size 1
==2153== at 0x804847B: main (main.c:9)
==2153== Address 0x4199029 is 0 bytes after a block of size 1 alloc'd
==2153== at 0x40265DC: malloc (vg_replace_malloc.c:270)
==2153== by 0x8048468: main (main.c:6)
==2153==
4、内存泄漏
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
char *p = malloc(1);
*p = 'a';
char c = *p;
printf("
[%c]
",c);
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# valgrind --tool=memcheck --leak-check=full ./a.out
==2179== Memcheck, a memory error detector
==2179== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==2179== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==2179== Command: ./a.out
==2179==
[a]
==2179==
==2179== HEAP SUMMARY:
==2179== in use at exit: 1 bytes in 1 blocks
==2179== total heap usage: 1 allocs, 0 frees, 1 bytes allocated
==2179==
==2179== 1 bytes in 1 blocks are definitely lost in loss record 1 of 1
==2179== at 0x40265DC: malloc (vg_replace_malloc.c:270)
==2179== by 0x8048428: main (main.c:6)
==2179==
==2179== LEAK SUMMARY:
==2179== definitely lost: 1 bytes in 1 blocks
==2179== indirectly lost: 0 bytes in 0 blocks
==2179== possibly lost: 0 bytes in 0 blocks
==2179== still reachable: 0 bytes in 0 blocks
==2179== suppressed: 0 bytes in 0 blocks
==2179==
==2179== For counts of detected and suppressed errors, rerun with: -v
==2179== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 11 from 6)
5. 不匹配地使用malloc/new/new[] 和 free/delete/delete[]
#include <stdio.h>
#include <stdlib.h>
#include<iostream>
int main(void)
{
char *p = (char*)malloc(1);
*p = 'a';
char c = *p;
printf("
[%c]
",c);
delete p;
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# g++ main.c -g
root@ubuntu:/home/naviwork/valgrind_use# valgrind --tool=memcheck --leak-check=full ./a.out
==2201== Memcheck, a memory error detector
==2201== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==2201== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==2201== Command: ./a.out
==2201==
[a]
==2201== Mismatched free() / delete / delete []
==2201== at 0x4025BD6: operator delete(void*) (vg_replace_malloc.c:480)
==2201== by 0x804867F: main (main.c:13)
==2201== Address 0x42d3028 is 0 bytes inside a block of size 1 alloc'd
==2201== at 0x40265DC: malloc (vg_replace_malloc.c:270)
==2201== by 0x8048648: main (main.c:7)
==2201==
==2201==
==2201== HEAP SUMMARY:
==2201== in use at exit: 0 bytes in 0 blocks
==2201== total heap usage: 1 allocs, 1 frees, 1 bytes allocated
==2201==
==2201== All heap blocks were freed -- no leaks are possible
==2201==
==2201== For counts of detected and suppressed errors, rerun with: -v
==2201== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 17 from 6)
6. 两次释放内存
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
char *p = (char*)malloc(1);
*p = 'a';
char c = *p;
printf("
[%c]
",c);
free(p);
free(p);
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# valgrind --tool=memcheck --leak-check=full ./a.out
==2221== Memcheck, a memory error detector
==2221== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==2221== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==2221== Command: ./a.out
==2221==
[a]
==2221== Invalid free() / delete / delete[] / realloc()
==2221== at 0x4025FE9: free (vg_replace_malloc.c:446)
==2221== by 0x804858B: main (main.c:12)
==2221== Address 0x42d3028 is 0 bytes inside a block of size 1 free'd
==2221== at 0x4025FE9: free (vg_replace_malloc.c:446)
==2221== by 0x804857F: main (main.c:11)
==2221==
==2221==
==2221== HEAP SUMMARY:
==2221== in use at exit: 0 bytes in 0 blocks
==2221== total heap usage: 1 allocs, 2 frees, 1 bytes allocated
==2221==
==2221== All heap blocks were freed -- no leaks are possible
==2221==
==2221== For counts of detected and suppressed errors, rerun with: -v
==2221== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 17 from 6)
6、内存重叠
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void)
{
char buf[12] = {0};
memcpy(buf, buf + 5, 6);
return 0;
}
root@ubuntu:/home/naviwork/valgrind_use# valgrind ./a.out
==1886== Memcheck, a memory error detector
==1886== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==1886== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==1886== Command: ./a.out
==1886==
==1886== Source and destination overlap in memcpy(0xbe9306b0, 0xbe9306b5, 6)
==1886== at 0x4028693: memcpy (mc_replace_strmem.c:878)
==1886== by 0x804856F: main (main.c:9)