C Board  

Go Back   C Board > General Programming Boards > C Programming
malloc calloc and free malloc calloc and free
Register C and C++ FAQ Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Display Modes
Old 03-25-2009, 06:37 PM   #1
Registered User
 
Join Date: Jan 2008
Posts: 562
malloc calloc and free
I got the following weird error when trying to free a structure:

Code:
*** glibc detected *** receiver: free(): invalid next size (normal): 0x00000000010855b0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3bbba78228]
/lib64/libc.so.6(cfree+0x76)[0x3bbba7a866]
/lib64/libc.so.6(fclose+0x151)[0x3bbba68731]
receiver[0x400dce]
/lib64/libc.so.6(__libc_start_main+0xfa)[0x3bbba1e32a]
receiver[0x400a39]
======= Memory map: ========
00400000-00402000 r-xp 00000000 00:37 267920                             /p2/hh/project2/receiver
00601000-00602000 rw-p 00001000 00:37 267920                             /p2/hh/project2/receiver
01085000-010a6000 rw-p 01085000 00:00 0                                  [heap]
3bba800000-3bba81d000 r-xp 00000000 fd:01 1384464                        /lib64/ld-2.8.so
3bbaa1c000-3bbaa1d000 r--p 0001c000 fd:01 1384464                        /lib64/ld-2.8.so
3bbaa1d000-3bbaa1e000 rw-p 0001d000 fd:01 1384464                        /lib64/ld-2.8.so
3bbba00000-3bbbb62000 r-xp 00000000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbb62000-3bbbd62000 ---p 00162000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbd62000-3bbbd66000 r--p 00162000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbd66000-3bbbd67000 rw-p 00166000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbd67000-3bbbd6c000 rw-p 3bbbd67000 00:00 0
3ebe600000-3ebe616000 r-xp 00000000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
3ebe616000-3ebe815000 ---p 00016000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
3ebe815000-3ebe816000 rw-p 00015000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
7f9570000000-7f9570021000 rw-p 7f9570000000 00:00 0
7f9570021000-7f9574000000 ---p 7f9570021000 00:00 0
7f957573e000-7f9575740000 rw-p 7f957573e000 00:00 0
7f9575765000-7f9575768000 rw-p 7f9575765000 00:00 0
7fff7d753000-7fff7d768000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff7d7ff000-7fff7d800000 r-xp 7fff7d7ff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
can anyone tell me why? if we call calloc then do we have to free it as well just like malloc
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 06:46 PM   #2
Registered User
 
Join Date: Sep 2006
Posts: 3,157
I'm unsure about your error, but definitely, you need to treat calloc'd memory, the same as malloc.
(and free it).
Adak is offline   Reply With Quote
Old 03-25-2009, 06:51 PM   #3
Registered User
 
Join Date: Jan 2008
Posts: 562
this is weird.. so any ideas on how to debug it?
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 07:02 PM   #4
Registered User
 
Join Date: Sep 2004
Location: California
Posts: 3,020
It looks like your heap was corrupted from something. You can run memcheck (which is part of valgrind). It usually does a pretty good job with these sorts of problems.
bithub is offline   Reply With Quote
Old 03-25-2009, 07:05 PM   #5
Registered User
 
Join Date: Sep 2006
Posts: 3,157
Looks like you're trying to free something that has either been mangled by another *thing* in your program, or it's already been destroyed.

Can you set a pointer to that variable and watch it's value as you step through that portion of your program? If it goes to NULL it's been destroyed, if it never changes, then it's been mangled.
Adak is offline   Reply With Quote
Old 03-25-2009, 07:19 PM   #6
Registered User
 
Join Date: Jan 2008
Posts: 562
quite an off topic but say I have:

Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));

is that correct or should it be:

Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame*));
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 07:25 PM   #7
Registered User
 
carrotcake1029's Avatar
 
Join Date: Apr 2008
Posts: 310
The former looks like it should be correct.

Like bithub suggested, run it through memcheck. You may need to throw down a compiler switch to get a more specific location, but I kind of forget which.
carrotcake1029 is offline   Reply With Quote
Old 03-25-2009, 07:28 PM   #8
Registered User
 
Join Date: Jan 2008
Posts: 562
I think this is where the problem is, but I don't see anything wrong here:

Code:
Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));
		   frame_ack->hdr.type = TYPE_ACK;
		   frame_ack->hdr.seq = (SeqNum) LFR+10;
		   frame_ack->hdr.size = (u_char) 0;
		   printf("\ntrying to send ACK for %d!\n", LFR);
		   flag = sendto(sock_fd,(void*)frame_ack, sizeof(Frame),0,(struct sockaddr *)&sin, sizeof(sin));
		   if (flag == -1){
			perror("Error: Can't send the ACK to sender \n");
			close(sock_fd);
			exit(1);
		   }
		    printf("flag is %d frame sequence number is %d!\n", flag, frame->hdr.seq);
		   LAF = LFR + RWS;
		   free(frame_ack);
when I comment out free(frame_ack) it works... but I want to free it.. any reason why?
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 07:44 PM   #9
Registered User
 
Join Date: Jan 2008
Posts: 562
valgrind gave me these results:

Code:
==2367== Invalid write of size 1
==2367==    at 0x4A07FF4: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332bb is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid write of size 1
==2367==    at 0x4A07FFD: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332ba is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid write of size 1
==2367==    at 0x4A08007: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332b9 is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid write of size 1
==2367==    at 0x4A08011: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332b8 is not stack'd, malloc'd or (recently) free'd
Header sequence is 1 and LFR+1 is 1!
==2367==
==2367== Invalid read of size 1
==2367==    at 0x3BBBA73C51: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c332bb is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid read of size 1
==2367==    at 0x3BBBA73C6D: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c332ba is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid read of size 1
==2367==    at 0x4A089D6: mempcpy (mc_replace_strmem.c:676)
==2367==    by 0x3BBBA73D0E: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c331c0 is 0 bytes after a block of size 8 alloc'd
==2367==    at 0x4A05174: calloc (vg_replace_malloc.c:397)
==2367==    by 0x400EEE: main (receiver.c:120)
==2367==
==2367== Invalid read of size 1
==2367==    at 0x4A089C8: mempcpy (mc_replace_strmem.c:676)
==2367==    by 0x3BBBA73D0E: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c331c1 is 1 bytes after a block of size 8 alloc'd
==2367==    at 0x4A05174: calloc (vg_replace_malloc.c:397)
==2367==    by 0x400EEE: main (receiver.c:120)
--2367-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--2367-- si_code=80;  Faulting address: 0x0;  sp: 0x402E8BE50

valgrind: the 'impossible' happened:
   Killed by fatal signal
==2367==    at 0x3802421D: vgPlain_arena_malloc (m_mallocfree.c:206)
==2367==    by 0x38002A75: vgMemCheck_new_block (mc_malloc_wrappers.c:195)
==2367==    by 0x38002CCD: vgMemCheck_calloc (mc_malloc_wrappers.c:270)
==2367==    by 0x380380B7: vgPlain_scheduler (scheduler.c:1277)
==2367==    by 0x38048E40: run_a_thread_NORETURN (syswrap-linux.c:89)
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 07:48 PM   #10
Registered User
 
Join Date: Jan 2008
Posts: 562
what am I doing wrong in my memcpy?

Code:
Frame** win_slots = (Frame**) calloc(RWS, sizeof(Frame*));
Frame* frame = (Frame*) calloc(1, sizeof(Frame));
win_slots[current_frame_index] = calloc(1, sizeof(Frame)); 
memcpy(win_slots[current_frame_index], frame, sizeof(Frame));
win_slots is just an array of Frame
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 08:10 PM   #11
Registered User
 
Join Date: Sep 2004
Location: California
Posts: 3,020
Can you post the code in receiver.c from lines 110-140?
bithub is offline   Reply With Quote
Old 03-25-2009, 08:12 PM   #12
Registered User
 
Join Date: Jan 2008
Posts: 562
hmm.. I think the receiver.c is fixed now, it used to be:

win_slots[current_frame_index] = calloc(1, sizeof(Frame*));

but now I changed it to:

win_slots[current_frame_index] = calloc(1, sizeof(Frame));

I think that's where the problem is.. It doesn't give me that weird long error on the first page again.


But now I have a problem with the sender.c

it says:

==6195== Invalid read of size 1
==6195== at 0x4A07B24: strlen (mc_replace_strmem.c:242)
==6195== by 0x3BBBA4A56F: vfprintf (in /lib64/libc-2.8.so)
==6195== by 0x3BBBA51079: printf (in /lib64/libc-2.8.so)
==6195== by 0x401653: main (sender.c:193)
==6195== Address 0x4c35384 is 0 bytes after a block of size 260 alloc'd
==6195== at 0x4A05174: calloc (vg_replace_malloc.c:397)
==6195== by 0x4015FF: main (sender.c:190)

line 190 was just:
Frame* frame = (Frame*) calloc(1, sizeof(Frame));
line 193 was just:
printf("body is %s\n", frame->body);

and here's the struct Frame:
Code:
typedef struct Frame {
    FrameHdr	hdr;		/* Frame header */
    u_char	body[256];	/* Body */
} Frame;
Last edited by -EquinoX-; 03-25-2009 at 08:23 PM.
-EquinoX- is offline   Reply With Quote
Old 03-25-2009, 08:25 PM   #13
Registered User
 
Join Date: Sep 2006
Posts: 3,157
Quote:
Originally Posted by -EquinoX- View Post
I think this is where the problem is, but I don't see anything wrong here:

Code:
Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));
		   frame_ack->hdr.type = TYPE_ACK;
		   frame_ack->hdr.seq = (SeqNum) LFR+10;
		   frame_ack->hdr.size = (u_char) 0;
		   printf("\ntrying to send ACK for %d!\n", LFR);
		   flag = sendto(sock_fd,(void*)frame_ack, sizeof(Frame),0,(struct sockaddr *)&sin, sizeof(sin));
		   if (flag == -1){
			perror("Error: Can't send the ACK to sender \n");
			close(sock_fd);
			exit(1);
		   }
		    printf("flag is %d frame sequence number is %d!\n", flag, frame->hdr.seq);
		   LAF = LFR + RWS;
		   free(frame_ack);
when I comment out free(frame_ack) it works... but I want to free it.. any reason why?
I have two questions about the line of code in red:

1) Shouldn't a pointer to the frame be calloc'd to the size of the frame pointer, instead of the size of the frame itself?

2) I thought it was incorrect to cast the return from calloc/malloc ? That it hid the error when you forgot to include stdlib.h?
Last edited by Adak; 03-25-2009 at 08:29 PM.
Adak is offline   Reply With Quote
Old 03-25-2009, 10:43 PM   #14
CSharpener
 
vart's Avatar
 
Join Date: Oct 2006
Posts: 5,336
and why do you want to malloc/free a variable which needs to be available only in one function? why not to make it simple automatic var?
__________________
If I have eight hours for cutting wood, I spend six sharpening my axe.
vart is offline   Reply With Quote
Old 03-25-2009, 10:50 PM   #15
C++ Witch
 
laserlight's Avatar
 
Join Date: Oct 2003
Location: Singapore
Posts: 11,372
Quote:
Originally Posted by Adak
1) Shouldn't a pointer to the frame be calloc'd to the size of the frame pointer, instead of the size of the frame itself?
No, the size specified should be the size of each object for which space is to be allocated.

Quote:
Originally Posted by Adak
2) I thought it was incorrect to cast the return from calloc/malloc ? That it hid the error when you forgot to include stdlib.h?
I think it is more a matter of bad practice than "incorrect", since it would be correct if the code is intended to be compilable as C++. However, I think that you may be right: a failure to #include <stdlib.h> could be the problem.
__________________
C + C++ Compiler: MinGW port of GCC
Build + Version Control System: SCons + Bazaar

Look up a C/C++ Reference and learn How To Ask Questions The Smart Way
laserlight is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
To find the memory leaks without using any tools asadullah C Programming 2 05-12-2008 07:54 AM
segmentation fault (calloc, free) kentadams C Programming 2 09-07-2007 08:50 AM
We Got _DEBUG Errors Tonto Windows Programming 5 12-22-2006 05:45 PM
confused about arrays sal817 C Programming 17 09-20-2004 03:45 PM
sizeof, calloc and free questions gogo C Programming 3 10-25-2001 05:32 AM


All times are GMT -6. The time now is 11:33 PM.

Contact Us - C and C++ Programming at Cprogramming.com - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22