On Thu, 9 Mar 2006, Junio C Hamano wrote: > > Linus Torvalds <torvalds@xxxxxxxx> writes: > > > it's entirely possible that it will load bytes from "string" _past_ the > > end of the string because of an unrolled inner loop that does things > > multiple bytes at a time. They won't be used in the eventual result, but > > just the fact that they are loaded from memory can mean that your program > > takes a SIGSEGV, for example, becaue it turns out "string" was just a > > single NUL byte at the end of a page, and there's nothing after it. > > Funny. I've seen this exact bug in memcmp and strcmp in earlier > SunOS (pre Solaris) libc when I was working on something like > Valgrind in my previous life. Well, Valgrind actually can complain for no good reason. System libraries often take advantage of knowing how the CPU and the system memory layout works. For example, just from knowing that pages are always aligned to a certain (largish) boundary, you can know that it's perfectly safe to do certain optimizations and prefetch past the end of an object, as long as it's in the same page (and the easiest way to verify that is to just do it when something is aligned). So Valgrind will sometimes complain about perfectly bug-free code, just because the bug-free code accesses outside the "strictly allowable" region because it knows it can. Valgrind can be taught about system libraries like that, but especially if it's an early port to a new architecture or OS, valgrind will often complain unnecessarily. Linus - : send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html