malloc calloc and free

This is a discussion on malloc calloc and free within the C Programming forums, part of the General Programming Boards category; I got the following weird error when trying to free a structure: Code: *** glibc detected *** receiver: free(): invalid ...

  1. #1
    Registered User
    Join Date
    Jan 2008
    Posts
    569

    malloc calloc and free

    I got the following weird error when trying to free a structure:

    Code:
    *** glibc detected *** receiver: free(): invalid next size (normal): 0x00000000010855b0 ***
    ======= Backtrace: =========
    /lib64/libc.so.6[0x3bbba78228]
    /lib64/libc.so.6(cfree+0x76)[0x3bbba7a866]
    /lib64/libc.so.6(fclose+0x151)[0x3bbba68731]
    receiver[0x400dce]
    /lib64/libc.so.6(__libc_start_main+0xfa)[0x3bbba1e32a]
    receiver[0x400a39]
    ======= Memory map: ========
    00400000-00402000 r-xp 00000000 00:37 267920                             /p2/hh/project2/receiver
    00601000-00602000 rw-p 00001000 00:37 267920                             /p2/hh/project2/receiver
    01085000-010a6000 rw-p 01085000 00:00 0                                  [heap]
    3bba800000-3bba81d000 r-xp 00000000 fd:01 1384464                        /lib64/ld-2.8.so
    3bbaa1c000-3bbaa1d000 r--p 0001c000 fd:01 1384464                        /lib64/ld-2.8.so
    3bbaa1d000-3bbaa1e000 rw-p 0001d000 fd:01 1384464                        /lib64/ld-2.8.so
    3bbba00000-3bbbb62000 r-xp 00000000 fd:01 1384466                        /lib64/libc-2.8.so
    3bbbb62000-3bbbd62000 ---p 00162000 fd:01 1384466                        /lib64/libc-2.8.so
    3bbbd62000-3bbbd66000 r--p 00162000 fd:01 1384466                        /lib64/libc-2.8.so
    3bbbd66000-3bbbd67000 rw-p 00166000 fd:01 1384466                        /lib64/libc-2.8.so
    3bbbd67000-3bbbd6c000 rw-p 3bbbd67000 00:00 0
    3ebe600000-3ebe616000 r-xp 00000000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
    3ebe616000-3ebe815000 ---p 00016000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
    3ebe815000-3ebe816000 rw-p 00015000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
    7f9570000000-7f9570021000 rw-p 7f9570000000 00:00 0
    7f9570021000-7f9574000000 ---p 7f9570021000 00:00 0
    7f957573e000-7f9575740000 rw-p 7f957573e000 00:00 0
    7f9575765000-7f9575768000 rw-p 7f9575765000 00:00 0
    7fff7d753000-7fff7d768000 rw-p 7ffffffea000 00:00 0                      [stack]
    7fff7d7ff000-7fff7d800000 r-xp 7fff7d7ff000 00:00 0                      [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    can anyone tell me why? if we call calloc then do we have to free it as well just like malloc

  2. #2
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    I'm unsure about your error, but definitely, you need to treat calloc'd memory, the same as malloc.
    (and free it).

  3. #3
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    this is weird.. so any ideas on how to debug it?

  4. #4
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,246
    It looks like your heap was corrupted from something. You can run memcheck (which is part of valgrind). It usually does a pretty good job with these sorts of problems.

  5. #5
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    Looks like you're trying to free something that has either been mangled by another *thing* in your program, or it's already been destroyed.

    Can you set a pointer to that variable and watch it's value as you step through that portion of your program? If it goes to NULL it's been destroyed, if it never changes, then it's been mangled.

  6. #6
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    quite an off topic but say I have:

    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));

    is that correct or should it be:

    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame*));

  7. #7
    Registered User carrotcake1029's Avatar
    Join Date
    Apr 2008
    Posts
    398
    The former looks like it should be correct.

    Like bithub suggested, run it through memcheck. You may need to throw down a compiler switch to get a more specific location, but I kind of forget which.

  8. #8
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    I think this is where the problem is, but I don't see anything wrong here:

    Code:
    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));
    		   frame_ack->hdr.type = TYPE_ACK;
    		   frame_ack->hdr.seq = (SeqNum) LFR+10;
    		   frame_ack->hdr.size = (u_char) 0;
    		   printf("\ntrying to send ACK for %d!\n", LFR);
    		   flag = sendto(sock_fd,(void*)frame_ack, sizeof(Frame),0,(struct sockaddr *)&sin, sizeof(sin));
    		   if (flag == -1){
    			perror("Error: Can't send the ACK to sender \n");
    			close(sock_fd);
    			exit(1);
    		   }
    		    printf("flag is %d frame sequence number is %d!\n", flag, frame->hdr.seq);
    		   LAF = LFR + RWS;
    		   free(frame_ack);
    when I comment out free(frame_ack) it works... but I want to free it.. any reason why?

  9. #9
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    valgrind gave me these results:

    Code:
    ==2367== Invalid write of size 1
    ==2367==    at 0x4A07FF4: memcpy (mc_replace_strmem.c:402)
    ==2367==    by 0x400F19: main (receiver.c:121)
    ==2367==  Address 0x4c332bb is not stack'd, malloc'd or (recently) free'd
    ==2367==
    ==2367== Invalid write of size 1
    ==2367==    at 0x4A07FFD: memcpy (mc_replace_strmem.c:402)
    ==2367==    by 0x400F19: main (receiver.c:121)
    ==2367==  Address 0x4c332ba is not stack'd, malloc'd or (recently) free'd
    ==2367==
    ==2367== Invalid write of size 1
    ==2367==    at 0x4A08007: memcpy (mc_replace_strmem.c:402)
    ==2367==    by 0x400F19: main (receiver.c:121)
    ==2367==  Address 0x4c332b9 is not stack'd, malloc'd or (recently) free'd
    ==2367==
    ==2367== Invalid write of size 1
    ==2367==    at 0x4A08011: memcpy (mc_replace_strmem.c:402)
    ==2367==    by 0x400F19: main (receiver.c:121)
    ==2367==  Address 0x4c332b8 is not stack'd, malloc'd or (recently) free'd
    Header sequence is 1 and LFR+1 is 1!
    ==2367==
    ==2367== Invalid read of size 1
    ==2367==    at 0x3BBBA73C51: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
    ==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
    ==2367==    by 0x400FB3: main (receiver.c:132)
    ==2367==  Address 0x4c332bb is not stack'd, malloc'd or (recently) free'd
    ==2367==
    ==2367== Invalid read of size 1
    ==2367==    at 0x3BBBA73C6D: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
    ==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
    ==2367==    by 0x400FB3: main (receiver.c:132)
    ==2367==  Address 0x4c332ba is not stack'd, malloc'd or (recently) free'd
    ==2367==
    ==2367== Invalid read of size 1
    ==2367==    at 0x4A089D6: mempcpy (mc_replace_strmem.c:676)
    ==2367==    by 0x3BBBA73D0E: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
    ==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
    ==2367==    by 0x400FB3: main (receiver.c:132)
    ==2367==  Address 0x4c331c0 is 0 bytes after a block of size 8 alloc'd
    ==2367==    at 0x4A05174: calloc (vg_replace_malloc.c:397)
    ==2367==    by 0x400EEE: main (receiver.c:120)
    ==2367==
    ==2367== Invalid read of size 1
    ==2367==    at 0x4A089C8: mempcpy (mc_replace_strmem.c:676)
    ==2367==    by 0x3BBBA73D0E: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
    ==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
    ==2367==    by 0x400FB3: main (receiver.c:132)
    ==2367==  Address 0x4c331c1 is 1 bytes after a block of size 8 alloc'd
    ==2367==    at 0x4A05174: calloc (vg_replace_malloc.c:397)
    ==2367==    by 0x400EEE: main (receiver.c:120)
    --2367-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
    --2367-- si_code=80;  Faulting address: 0x0;  sp: 0x402E8BE50
    
    valgrind: the 'impossible' happened:
       Killed by fatal signal
    ==2367==    at 0x3802421D: vgPlain_arena_malloc (m_mallocfree.c:206)
    ==2367==    by 0x38002A75: vgMemCheck_new_block (mc_malloc_wrappers.c:195)
    ==2367==    by 0x38002CCD: vgMemCheck_calloc (mc_malloc_wrappers.c:270)
    ==2367==    by 0x380380B7: vgPlain_scheduler (scheduler.c:1277)
    ==2367==    by 0x38048E40: run_a_thread_NORETURN (syswrap-linux.c:89)

  10. #10
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    what am I doing wrong in my memcpy?

    Code:
    Frame** win_slots = (Frame**) calloc(RWS, sizeof(Frame*));
    Frame* frame = (Frame*) calloc(1, sizeof(Frame));
    win_slots[current_frame_index] = calloc(1, sizeof(Frame)); 
    memcpy(win_slots[current_frame_index], frame, sizeof(Frame));
    win_slots is just an array of Frame

  11. #11
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,246
    Can you post the code in receiver.c from lines 110-140?

  12. #12
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    hmm.. I think the receiver.c is fixed now, it used to be:

    win_slots[current_frame_index] = calloc(1, sizeof(Frame*));

    but now I changed it to:

    win_slots[current_frame_index] = calloc(1, sizeof(Frame));

    I think that's where the problem is.. It doesn't give me that weird long error on the first page again.


    But now I have a problem with the sender.c

    it says:

    ==6195== Invalid read of size 1
    ==6195== at 0x4A07B24: strlen (mc_replace_strmem.c:242)
    ==6195== by 0x3BBBA4A56F: vfprintf (in /lib64/libc-2.8.so)
    ==6195== by 0x3BBBA51079: printf (in /lib64/libc-2.8.so)
    ==6195== by 0x401653: main (sender.c:193)
    ==6195== Address 0x4c35384 is 0 bytes after a block of size 260 alloc'd
    ==6195== at 0x4A05174: calloc (vg_replace_malloc.c:397)
    ==6195== by 0x4015FF: main (sender.c:190)

    line 190 was just:
    Frame* frame = (Frame*) calloc(1, sizeof(Frame));
    line 193 was just:
    printf("body is %s\n", frame->body);

    and here's the struct Frame:
    Code:
    typedef struct Frame {
        FrameHdr	hdr;		/* Frame header */
        u_char	body[256];	/* Body */
    } Frame;
    Last edited by -EquinoX-; 03-25-2009 at 08:23 PM.

  13. #13
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    Quote Originally Posted by -EquinoX- View Post
    I think this is where the problem is, but I don't see anything wrong here:

    Code:
    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));
    		   frame_ack->hdr.type = TYPE_ACK;
    		   frame_ack->hdr.seq = (SeqNum) LFR+10;
    		   frame_ack->hdr.size = (u_char) 0;
    		   printf("\ntrying to send ACK for %d!\n", LFR);
    		   flag = sendto(sock_fd,(void*)frame_ack, sizeof(Frame),0,(struct sockaddr *)&sin, sizeof(sin));
    		   if (flag == -1){
    			perror("Error: Can't send the ACK to sender \n");
    			close(sock_fd);
    			exit(1);
    		   }
    		    printf("flag is %d frame sequence number is %d!\n", flag, frame->hdr.seq);
    		   LAF = LFR + RWS;
    		   free(frame_ack);
    when I comment out free(frame_ack) it works... but I want to free it.. any reason why?
    I have two questions about the line of code in red:

    1) Shouldn't a pointer to the frame be calloc'd to the size of the frame pointer, instead of the size of the frame itself?

    2) I thought it was incorrect to cast the return from calloc/malloc ? That it hid the error when you forgot to include stdlib.h?
    Last edited by Adak; 03-25-2009 at 08:29 PM.

  14. #14
    CSharpener vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,471
    and why do you want to malloc/free a variable which needs to be available only in one function? why not to make it simple automatic var?
    The first 90% of a project takes 90% of the time,
    the last 10% takes the other 90% of the time.

  15. #15
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,407
    Quote Originally Posted by Adak
    1) Shouldn't a pointer to the frame be calloc'd to the size of the frame pointer, instead of the size of the frame itself?
    No, the size specified should be the size of each object for which space is to be allocated.

    Quote Originally Posted by Adak
    2) I thought it was incorrect to cast the return from calloc/malloc ? That it hid the error when you forgot to include stdlib.h?
    I think it is more a matter of bad practice than "incorrect", since it would be correct if the code is intended to be compilable as C++. However, I think that you may be right: a failure to #include <stdlib.h> could be the problem.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. To find the memory leaks without using any tools
    By asadullah in forum C Programming
    Replies: 2
    Last Post: 05-12-2008, 07:54 AM
  2. segmentation fault (calloc, free)
    By kentadams in forum C Programming
    Replies: 2
    Last Post: 09-07-2007, 08:50 AM
  3. We Got _DEBUG Errors
    By Tonto in forum Windows Programming
    Replies: 5
    Last Post: 12-22-2006, 04:45 PM
  4. confused about arrays
    By sal817 in forum C Programming
    Replies: 17
    Last Post: 09-20-2004, 03:45 PM
  5. sizeof, calloc and free questions
    By gogo in forum C Programming
    Replies: 3
    Last Post: 10-25-2001, 05:32 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21