c - Code is causing segmentation fault when allocating memory or aborts program when freeing memory -
when try run code, causes segmentation fault on malloc on 89th line "s1 = malloc(65536);" persist if change calloc or realloc , causes written if have function free memory on line 82 or 86:
*** glibc detected *** /home/purlox/whaat: free(): invalid next size (normal): 0x00000000017b32b0 *** ======= backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7ff4f61aeb96] /home/purlox/whaat[0x400904] /home/purlox/whaat[0x4024de] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7ff4f615176d] /home/purlox/whaat[0x400699] ======= memory map: ======== 00400000-00404000 r-xp 00000000 00:15 524713 /home/purlox/whaat 00603000-00604000 r--p 00003000 00:15 524713 /home/purlox/whaat 00604000-00605000 rw-p 00004000 00:15 524713 /home/purlox/whaat 01793000-017b4000 rw-p 00000000 00:00 0 [heap] 7ff4f5f18000-7ff4f5f2d000 r-xp 00000000 08:05 4066792 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ff4f5f2d000-7ff4f612c000 ---p 00015000 08:05 4066792 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ff4f612c000-7ff4f612d000 r--p 00014000 08:05 4066792 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ff4f612d000-7ff4f612e000 rw-p 00015000 08:05 4066792 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ff4f6130000-7ff4f62e5000 r-xp 00000000 08:05 4067023 /lib/x86_64-linux-gnu/libc-2.15.so 7ff4f62e5000-7ff4f64e4000 ---p 001b5000 08:05 4067023 /lib/x86_64-linux-gnu/libc-2.15.so 7ff4f64e4000-7ff4f64e8000 r--p 001b4000 08:05 4067023 /lib/x86_64-linux-gnu/libc-2.15.so 7ff4f64e8000-7ff4f64ea000 rw-p 001b8000 08:05 4067023 /lib/x86_64-linux-gnu/libc-2.15.so 7ff4f64ea000-7ff4f64ef000 rw-p 00000000 00:00 0 7ff4f64f0000-7ff4f6512000 r-xp 00000000 08:05 4067008 /lib/x86_64-linux-gnu/ld-2.15.so 7ff4f6712000-7ff4f6713000 r--p 00022000 08:05 4067008 /lib/x86_64-linux-gnu/ld-2.15.so 7ff4f6713000-7ff4f6715000 rw-p 00023000 08:05 4067008 /lib/x86_64-linux-gnu/ld-2.15.so 7ff4f6715000-7ff4f671b000 rw-p 00000000 00:00 0 7fffa991c000-7fffa993f000 rw-p 00000000 00:00 0 [stack] 7fffa9a00000-7fffa9a01000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] aborted (core dumped) gdb says "free(str->string);" caused that, i'm not sure how. error allocating memory happens on 1 specific place , tried changing size of memory allocated more or less there (e.g. tried allocating 8 bytes or tried allocating 100 times as now), still caused same segmentation fault.
whaat.c
#include "sstring.h" #include <string.h> #include <stdio.h> int main(void) { char* s1, s2; // 12 byte long strings char s3[8] = "nequeou", s4[8] = "quisqua"; // 256 byte long strings char s5[256] = "pellentesque venenatis rhoncus urna id tincidunt. quisque blandit rhoncus nisi, vel facilisis odio ornare nec. maecenas id tellus sit amet nunc auctor commodo. proin egestas molestie malesuada. vestibulum in lacus quis nisl ultricies cursus non ac nullam.", s6[256] = "sed tristique porta lorem. ut elementum est in magna laoreet, in lacinia ante blandit. vestibulum condimentum sem vel ligula feugiat, vel venenatis ante placerat. phasellus nec turpis viverra sapien vehicula sagittis vitae tincidunt lectus. fusce posuere."; // 65 536 byte long strings char s7[65536], s8[65536]; s_string ss1, ss2, ss3, ss4, ss5, ss6, ss7, ss8; file *loremipsum; int i; s_init(&ss3, "nequeou ", 8); s_init(&ss4, "quisqua ", 8); s_init(&ss5, "pellentesque venenatis rhoncus urna id tincidunt. quisque blandit rhoncus nisi, vel facilisis odio ornare nec. maecenas id tellus sit amet nunc auctor commodo. proin egestas molestie malesuada. vestibulum in lacus quis nisl ultricies cursus non ac nullam. ", 256); s_init(&ss6, "sed tristique porta lorem. ut elementum est in magna laoreet, in lacinia ante blandit. vestibulum condimentum sem vel ligula feugiat, vel venenatis ante placerat. phasellus nec turpis viverra sapien vehicula sagittis vitae tincidunt lectus. fusce posuere. ", 256); s_init(&ss7, null, 65536); s_init(&ss8, null, 65536); loremipsum = fopen("lorem ipsum", "r"); if(loremipsum == null) { perror("error opening file "); return 1; } fgets(s7, 65536, loremipsum); fgets(s8, 65536, loremipsum); fgets(ss7.string, 65536, loremipsum); ss7.string[65535] = ' '; fgets(ss8.string, 65536, loremipsum); ss8.string[65535] = ' '; if(fclose(loremipsum) == eof) { perror("error closing file "); return 2; } s1 = malloc(8); strcpy(s1, ""); strcat(s1, s3); free(s1); s_init(&ss1, null, 8); s_strcat(&ss1, &ss3); s_free(&ss1); s_init(&ss1, null, 8); s_strcat2(&ss1, &ss3); s_free(&ss1); s1 = malloc(256); strcpy(s1, ""); strcat(s1, s5); free(s1); s_init(&ss1, null, 256); s_strcat(&ss1, &ss5); s_free(&ss1); s_init(&ss1, null, 256); s_strcat2(&ss1, &ss5); s_free(&ss1); s1 = malloc(65536); strcpy(s1, ""); strcat(s1, s7); free(s1); s_init(&ss1, null, 65536); s_strcat(&ss1, &ss7); s_free(&ss1); s_init(&ss1, null, 65536); s_strcat2(&ss1, &ss7); s_free(&ss1); s_free(&ss3); s_free(&ss4); s_free(&ss5); s_free(&ss6); s_free(&ss7); s_free(&ss8); return 0; } sstring.h
#include <stdlib.h> typedef struct { unsigned int length; char *string; } s_string; s_string *s_init(s_string *str, char *array, size_t num) { int i; if(str == null) str = malloc(sizeof(s_string)); if(array == null) { str->length = num; if(num != 0) str->string = malloc(num); else str->string = null; } else { if(num == 0) { str->string = null; for(i = 0; array[i] != '\0'; i++) { str->string = realloc((void *)(str->string), + 1); str->string[i] = array[i]; } str->length = i; } else { str->string = malloc(num); str->length = num; for(i = 0; < num; i++) str->string[i] = array[i]; } } return str; } void s_free(s_string* str) { if(str != null && str->string != null) { free(str->string); str->length = 0; } } s_string *s_strcat(s_string *destination, const s_string *source) { int i, j; for(i = destination->length, j = 0; j < source->length; i++, j++) destination->string[i] = source->string[j]; destination->length += source->length; return destination; } // second version s_string *s_strcat2(s_string *destination, const s_string *source) { int i; for(i = 0; < source->length; i++) destination->string[i + destination->length] = source->string[i]; destination->length += source->length; return destination; }
consider 1 of first tests s_strcat():
s_init(&ss1, null, 8); s_strcat(&ss1, &ss3); at end of s_init(), ss1 initialized memory allocated 8 bytes.
if(array == null) { str->length = num; if(num != 0) str->string = malloc(num); however, s_strcat() implemented go end of allocated memory, , copying data ss3:
for(i = destination->length, j = 0; j < source->length; i++, j++) destination->string[i] = source->string[j]; that loop writing beyond end of allocated memory, corrupting heap data structures used malloc() , friends.
s_strcat2() has similar problem, writing beyond destination->length, represents size of allocated memory.
for(i = 0; < source->length; i++) destination->string[i + destination->length] = source->string[i]; you can debug problems more utilizing memory debugging tool such valgrind. valgrind can identify lines of code in software have memory related bugs, such writing unallocated memory, writing beyond allocated memory, , freeing unallocated memory.
Comments
Post a Comment