Thread: Double free or corruption

  1. #1
    Registered User
    Join Date
    Jan 2012
    Posts
    2

    Double free or corruption

    Hello.
    I am having a weird problem with closing a previously opened file. I've never experienced this problem, file operations usually worked fine for me. It looks like the file has been closed twice even though it hasn't.

    Here is my code, I marked the line causing the problem:

    Code:
    int euler(double **p, double **q, double **t, double tmin, double tmax)
    {
       const double dt = 0.0005;
       const double m = 1;
       double dp, dq;
       int arrsize = (int)((tmax-tmin)/dt);
       FILE *file;
    
       if(tmax<tmin) return;
    
       *p = (double*) malloc(sizeof(double)*arrsize);
       *q = (double*) malloc(sizeof(double)*arrsize);
       *t = (double*) malloc(sizeof(double)*arrsize);
    
       **p=0; **q=2.5; **t=tmin;
    
       file = fopen("data.txt","w");
       while(tmin<=tmax)
       {
          fprintf(file, "t=%lf   q=%lf   p=%lf\n",**t,**q,**p);
    
          dp = -dt * der(&V,**q);
          dq = ((**p)/m) * dt;
    
          *((*p)+1)+=(**p)+dp;
          *((*q)+1)+=(**q)+dq;
    
          *p+=1; *q+=1; *t+=1;
    
          tmin += dt;
          **t=tmin;
       }
       fprintf(file,"t=%lf   q=%lf   p=%lf\n\n",**t,**q,**p);
       fclose(file); //<----- removing this line fixes the problem
       *p-=arrsize; *q-=arrsize; *t-=arrsize;
       return arrsize;
    }
    And here is the error:

    Code:
    *** glibc detected *** ./a.out: double free or corruption (out): 0x0918f200 ***
    ======= Backtrace: =========
    /lib/i386-linux-gnu/libc.so.6(+0x6b961)[0xe8d961]
    /lib/i386-linux-gnu/libc.so.6(+0x6d28b)[0xe8f28b]
    /lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0xe9241d]
    /lib/i386-linux-gnu/libc.so.6(fclose+0x14a)[0xe7d9ca]
    ./a.out[0x80487ba]
    ./a.out[0x8048879]
    /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0xe38e37]
    ./a.out[0x8048481]
    ======= Memory map: ========
    001fb000-00217000 r-xp 00000000 08:01 1090       /lib/i386-linux-gnu/ld-2.13.so
    00217000-00218000 r--p 0001b000 08:01 1090       /lib/i386-linux-gnu/ld-2.13.so
    00218000-00219000 rw-p 0001c000 08:01 1090       /lib/i386-linux-gnu/ld-2.13.so
    003ad000-003d1000 r-xp 00000000 08:01 1140       /lib/i386-linux-gnu/libm-2.13.so
    003d1000-003d2000 r--p 00023000 08:01 1140       /lib/i386-linux-gnu/libm-2.13.so
    003d2000-003d3000 rw-p 00024000 08:01 1140       /lib/i386-linux-gnu/libm-2.13.so
    006e4000-006e5000 r-xp 00000000 00:00 0          [vdso]
    0089d000-008b7000 r-xp 00000000 08:01 1131       /lib/i386-linux-gnu/libgcc_s.so.1
    008b7000-008b8000 r--p 00019000 08:01 1131       /lib/i386-linux-gnu/libgcc_s.so.1
    008b8000-008b9000 rw-p 0001a000 08:01 1131       /lib/i386-linux-gnu/libgcc_s.so.1
    00e22000-00f7c000 r-xp 00000000 08:01 1103       /lib/i386-linux-gnu/libc-2.13.so
    00f7c000-00f7d000 ---p 0015a000 08:01 1103       /lib/i386-linux-gnu/libc-2.13.so
    00f7d000-00f7f000 r--p 0015a000 08:01 1103       /lib/i386-linux-gnu/libc-2.13.so
    00f7f000-00f80000 rw-p 0015c000 08:01 1103       /lib/i386-linux-gnu/libc-2.13.so
    00f80000-00f83000 rw-p 00000000 00:00 0
    08048000-08049000 r-xp 00000000 08:01 139912     /home/mati/metody_projekt/a.out
    08049000-0804a000 r--p 00000000 08:01 139912     /home/mati/metody_projekt/a.out
    0804a000-0804b000 rw-p 00001000 08:01 139912     /home/mati/metody_projekt/a.out
    0918f000-091b0000 rw-p 00000000 00:00 0          [heap]
    b7700000-b7721000 rw-p 00000000 00:00 0
    b7721000-b7800000 ---p 00000000 00:00 0
    b7867000-b7869000 rw-p 00000000 00:00 0
    b7875000-b7879000 rw-p 00000000 00:00 0
    bffc0000-bffe1000 rw-p 00000000 00:00 0          [stack]
    /bin/bash: line 1:  6545 Aborted                 ./a.out
    Could someone please help me? Thank you in advance.

  2. #2
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,909
    It would be much better if you posted a complete program we could test. Without that, it's very hard to tell. Two possibilities I see are:

    1. You don't check if you successfully open data.txt, so the fclose could crash because of that (even if the fprintf calls don't crash)
    2. You end up changing your pointers p, q and t, or *p, *q and *t such that writing to them overwrites file, causing the crash on fclose. this is possible because floating point arithmetic is imprecise, and your tmin <= tmax loop condition might involve more than arrsize iterations.

  3. #3
    Registered User
    Join Date
    Jun 2011
    Posts
    88
    Quote Originally Posted by MaTi View Post
    Hello.
    I am having a weird problem with closing a previously opened file. I've never experienced this problem, file operations usually worked fine for me. It looks like the file has been closed twice even though it hasn't.

    Here is my code, I marked the line causing the problem:



    Could someone please help me? Thank you in advance.
    while(tmin<=tmax)
    the <= will push *p, *q, and *t past their malloced length;

    Code:
    prompt > cat n.c
    #include <stdio.h>
    int euler( double tmin, double tmax)
    {
       const double dt = 0.0005;
       int cnt=0;
    
       int arrsize = (int)((tmax-tmin)/dt);
       while(tmin<=tmax)
       {
          if(cnt >= arrsize)
          {
             printf("BADNESS tmin=%f tmax = %f cnt = %d arrsize = %d\n", tmin, tmax, cnt, arrsize);
          }
          cnt++;
          tmin += dt;
       }
       return(0);
    }
    
    int
    main(int argc , const char **argv, const char **envr)
    {
       euler(1.0, 2.0);
       euler(10.0, 20.0);
       euler(100.0, 200.0);
       return(0);
    }
    
    prompt > gcc -o n.out n.c
    prompt > ./n.out
    BADNESS tmin=2.000000 tmax = 2.000000 cnt = 2000 arrsize = 2000
    BADNESS tmin=20.000000 tmax = 20.000000 cnt = 20000 arrsize = 20000
    BADNESS tmin=200.000000 tmax = 200.000000 cnt = 200000 arrsize = 200000
    prompt >

  4. #4
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    A double free would be:
    Code:
    free( t );
    free( t );
    I'm going to make this a bit easier to read:
    Code:
    int euler(double **p, double **q, double **t, double tmin, double tmax)
    {
       const double dt = 0.0005;
       const double m = 1;
       double dp, dq;
       int arrsize = (int)((tmax-tmin)/dt);
       FILE *file;
     
       if(tmax<tmin) return;  /* return needs to have a value */
          /* should be <= since if they are equal, you get a size of zero */
    
       if( p == NULL || q == NULL || t == NULL )
          return -1; /* return some error value */
    
       /* switch to array notation and save yourself the head ache */  
       double *pc, *qc, *tc;
       pc = malloc(sizeof(double)*arrsize);
       qc = malloc(sizeof(double)*arrsize);
       tc = malloc(sizeof(double)*arrsize);
    
       /* check for errors */
       if( pc == NULL || qc == NULL || tc == NULL )
       {
          ... do something (like return a value )
       }
    
       int counter = 0;
       pc[ counter ] = 0.0;
       qc[ counter ] = 2.5;
       tc[ counter ] = tmin;
     
       file = fopen("data.txt","w");
       /* make sure it actually opened */
       if( file == NULL )
       {
       }
    
       for( counter = 0; counter < arraysize && tmin <= tmax; counter++, tmin += dt )
       {
          fprintf(file, "t=%lf   q=%lf   p=%lf\n",tc[ counter ],qc[ counter ],pc[ counter ]);
     
          dp = -dt * der(&V,q[ counter ] );
          dq = ((pc[ counter ])/m) * dt;
    
          pc[ counter + 1 ] += pc[ counter ] + dp; 
          qc[ counter + 1 ] += qc[ counter ] + dq;
     
          tmin += dt;
          tc[ counter ] = tmin;
       }
       fprintf(file,"t=%lf   q=%lf   p=%lf\n\n",tc[ couner ],qc[ counter ],p[ counter ]);
       fclose(file);
    
       *p = pc;
       *q = qc;
       *t = tc;
       return arrsize;
    }
    Something like that. It's much easier to read this way. I wandered off half way through writing this so be sure to take a look at what the others have replied already, since they've probably covered some points I've omitted.


    Quzah.
    Last edited by quzah; 01-24-2012 at 03:45 PM.
    Hope is the first step on the road to disappointment.

  5. #5
    Registered User
    Join Date
    Jan 2012
    Posts
    2
    Yes, it seems the problem was with the q, t, and p pointers. Thank you for the code quzah, it really helped, but instead of allocating the memory inside of the function i simply allocated it outside of it and then passed single pointers to function euler(). That fixed the problem and simplified the code.

    Thank you for help everyone!

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. double free or corruption (fasttop)
    By pepito in forum C Programming
    Replies: 6
    Last Post: 01-20-2011, 11:18 AM
  2. Help: double free corruption??
    By GOGO1104 in forum C Programming
    Replies: 7
    Last Post: 09-28-2010, 01:12 PM
  3. double free or corruption (out)
    By Mouser58907 in forum C Programming
    Replies: 5
    Last Post: 02-25-2009, 12:20 AM
  4. Malloc - Free giving double free or corruption error
    By andrew.bolster in forum C Programming
    Replies: 2
    Last Post: 11-02-2007, 06:22 AM
  5. double free or corruption???
    By hwttdz in forum C++ Programming
    Replies: 2
    Last Post: 07-22-2006, 03:02 PM

Tags for this Thread