mudflap error while using socket()

When compiling like this I get the following mudflap violation and I have no clue what it means:

(I am using Debian squeeze, gcc 4.4.5 and eglibc 2.11.2)

mudflap:

myuser@linux:~/Desktop$ export MUDFLAP_OPTIONS="-mode-check -viol-abort -internal-checking -print-leaks -check-initialization -verbose-violations -crumple-zone=32"
myuser@linux:~/Desktop$ gcc -std=c99 -D_POSIX_C_SOURCE=200112L -ggdb3 -O0 -fmudflap -funwind-tables -lmudflap -rdynamic myprogram.c
myuser@linux:~/Desktop$ ./a.out
*******
mudflap violation 1 (check/read): time=1303221485.951128 ptr=0x70cf10 size=16
pc=0x7fc51c9b1cc1 location=`myprogram.c:22:18 (main)'
      /usr/lib/libmudflap.so.0(__mf_check+0x41) [0x7fc51c9b1cc1]
      ./a.out(main+0x113) [0x400b97]
      /lib/libc.so.6(__libc_start_main+0xfd) [0x7fc51c665c4d]
Nearby object 1: checked region begins 0B into and ends 15B into
mudflap object 0x70cf90: name=`malloc region'
bounds=[0x70cf10,0x70cf5b] size=76 area=heap check=1r/0w liveness=1
alloc time=1303221485.949881 pc=0x7fc51c9b1431
      /usr/lib/libmudflap.so.0(__mf_register+0x41) [0x7fc51c9b1431]
      /usr/lib/libmudflap.so.0(__wrap_malloc+0xd2) [0x7fc51c9b2a12]
      /lib/libc.so.6(+0xaada5) [0x7fc51c6f1da5]
      /lib/libc.so.6(getaddrinfo+0x162) [0x7fc51c6f4782]
Nearby object 2: checked region begins 640B before and ends 625B before
mudflap dead object 0x70d3f0: name=`malloc region'
bounds=[0x70d190,0x70d3c7] size=568 area=heap check=0r/0w liveness=0
alloc time=1303221485.950059 pc=0x7fc51c9b1431
      /usr/lib/libmudflap.so.0(__mf_register+0x41) [0x7fc51c9b1431]
      /usr/lib/libmudflap.so.0(__wrap_malloc+0xd2) [0x7fc51c9b2a12]
      /lib/libc.so.6(+0x6335b) [0x7fc51c6aa35b]
      /lib/libc.so.6(+0xac964) [0x7fc51c6f3964]
dealloc time=1303221485.950696 pc=0x7fc51c9b0fe6
      /usr/lib/libmudflap.so.0(__mf_unregister+0x36) [0x7fc51c9b0fe6]
      /usr/lib/libmudflap.so.0(__real_free+0xa0) [0x7fc51c9b2f40]
      /lib/libc.so.6(fclose+0x14d) [0x7fc51c6a9a1d]
      /lib/libc.so.6(+0xacc1a) [0x7fc51c6f3c1a]
number of nearby objects: 2
Aborted (core dumped)
myuser@linux:~/Desktop$

gdb:

(gdb) bt
#0  0x00007fd30f18136e in __libc_waitpid (pid=, stat_loc=0x7fff3689d75c, options=) at ../sysdeps/unix/sysv/linux/waitpid.c:32
#1  0x00007fd30f11f299 in do_system (line=) at ../sysdeps/posix/system.c:149
#2  0x00007fd30f44a9c3 in __mf_violation (ptr=, sz=, pc=0, location=0x7fff3689d880 "\360\323p", type=)
    at ../../../src/libmudflap/mf-runtime.c:2174
#3  0x00007fd30f44ba5d in __mfu_check (ptr=0x70cf10, sz=, type=, location=)
    at ../../../src/libmudflap/mf-runtime.c:1037
#4  0x00007fd30f44bcc1 in __mf_check (ptr=0x70cf10, sz=16, type=0, location=0x400e5a "myprogram.c:22:18 (main)") at ../../../src/libmudflap/mf-runtime.c:816
#5  0x0000000000400b97 in main () at myprogram.c:5
(gdb) bt full
#0  0x00007fd30f18136e in __libc_waitpid (pid=, stat_loc=0x7fff3689d75c, options=) at ../sysdeps/unix/sysv/linux/waitpid.c:32
        oldtype = 
        result = 
#1  0x00007fd30f11f299 in do_system (line=) at ../sysdeps/posix/system.c:149
        __result = -512
        _buffer = {__routine = 0x7fd30f11f5f0 , __arg = 0x7fff3689d758, __canceltype = 915003406, __prev = 0x7fd30f459348}
        _avail = 0
        status = 
        save = 
        pid = 5385
        sa = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {65536, 0 }}, sa_flags = 0, sa_restorer = 0x7fd30f0ec578}
        omask = {__val = {0, 4294967295, 206158430240, 1, 2212816, 0, 140734108391560, 3, 140544470949888, 140544474854386, 140544214827009, 0, 7394247, 140544467453304, 
            140544471045644, 140734108391424}}
#2  0x00007fd30f44a9c3 in __mf_violation (ptr=, sz=, pc=0, location=0x7fff3689d880 "\360\323p", type=)
    at ../../../src/libmudflap/mf-runtime.c:2174
        buf = "gdb --pid=5384\000\000\037\317p\000\000\000\000\000\377\377\377\377\000\000\000\000(\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000`\306!", '\000' , "\037\317p\000\000\000\000\000\020\317p\000\000\000\000\000\000 D\017\323\177\000\000\362\263\177\017\323\177\000\000\001\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000\340Pp\000\000\000\000\000hHD\017\323\177\000"
        violation_number = 1
#3  0x00007fd30f44ba5d in __mfu_check (ptr=0x70cf10, sz=, type=, location=)
    at ../../../src/libmudflap/mf-runtime.c:1037
        entry_idx = 1
        entry = 0x604ec0
        judgement = -512
        ptr_high = 140734108391840
        __PRETTY_FUNCTION__ = "__mfu_check"
#4  0x00007fd30f44bcc1 in __mf_check (ptr=0x70cf10, sz=16, type=0, location=0x400e5a "myprogram.c:22:18 (main)") at ../../../src/libmudflap/mf-runtime.c:816
        __PRETTY_FUNCTION__ = "__mf_check"
#5  0x0000000000400b97 in main () at myprogram.c:5
    开发者_高级运维    hints = {ai_flags = 0, ai_family = 0, ai_socktype = 1, ai_protocol = 6, ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, ai_next = 0x0}
        result = 0x70cf10
        newsocket = 0
(gdb) quit

source code:

#include "stdio.h" // quotes inserted instead of usual chars for correct website view
#include "sys/socket.h"
#include "netdb.h"

int main(void)
{
    struct addrinfo hints, *result;
    hints.ai_flags      = 0;
    hints.ai_family     = AF_UNSPEC;
    hints.ai_socktype   = SOCK_STREAM;
    hints.ai_protocol   = IPPROTO_TCP;
    hints.ai_addrlen    = 0;
    hints.ai_canonname  = NULL;
    hints.ai_addr       = NULL;
    hints.ai_next       = NULL;

    if(getaddrinfo("localhost", "25", &hints, &result) != 0)
    {
        return -1;
    }

    int newsocket = socket(result->ai_family, result->ai_socktype, result->ai_protocol); // line 22
    if(newsocket == -1)
    {
        freeaddrinfo(result);
        return -2;
    }

    return 0;
}

It appears to be complaining about a read of ununitialized data ("mudflap violation 1 (check/read)"). It looks like there are a couple known regions near the bad address. One a bit further on ("checked region begins 640B before and ends 625B before") has already been freed ("mudflap dead object"). The other actually begins in the same place as the bad read ("checked region begins 0B into and ends 15B into mudflap object 0x70cf90: name=`malloc region'").

Why don't you set -viol-gdb in MUDFLAP_OPTIONS and use GDB to examine the erroneous code?

ETA: The violation occurs because the access history for this region is "check=1r/0w". This indicates that are reading from it, but, as far as libmudflap knows, the region has never been written to. The read thus represents a "use before initialization" error. This is exactly what the -check-initialization flag you supplied to libmudflap is intended to catch.

Of course, the problem is just that your libc is not instrumented by libmudflap, so while libmudflap can intercept the malloc call, it cannot intercept the pointer accesses that are used to initialize the memory. When your program tries to work with the pointer, it thus looks like all its memory has been allocated but never written to (indeed, never accessed at all).

You can ignore this error, drop -check-initialization so it stops being flagged as an error, or build a libc instrumented for libmudflap and link your executable against that version of libc.