Thread: run time error: *** glibc detected *** : double free or corruption

  1. #1
    Registered User
    Join Date
    Nov 2007
    Posts
    33

    run time error: *** glibc detected *** : double free or corruption

    Hi,

    I've been writing a program, which acts just fine until I declare some user-defined variable.
    (I've declare these variables before in almost the same syntax and the program just have no problem.)

    However, now I receive the following error message and the program crash with seg fault:

    Maybe I've run out the memory (the error message indicate the memory corruption), but the program is not actually that big...

    Any idea?

    *** glibc detected *** ./composition: double free or corruption (!prev): 0x08092588 ***
    ======= Backtrace: =========
    /lib/tls/i686/cmov/libc.so.6[0xb7bff7cd]
    /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7c02e30]
    /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb7dc0d11]
    ./composition(_ZN9__gnu_cxx13new_allocatorIN3gil5Col orIhLj3EEEE10deallocateEPS3_j+0x11)[0x8051c13]
    ./composition(_ZNSt12_Vector_baseIN3gil5ColorIhLj3EE ESaIS2_EE13_M_deallocateEPS2_j+0x27)[0x8051c3d]
    ./composition(_ZNSt6vectorIN3gil5ColorIhLj3EEESaIS2_ EE14_M_fill_insertEN9__gnu_cxx17__normal_iteratorI PS2_S4_EEjRKS2_+0x4c3)[0x8052547]
    ./composition(_ZNSt6vectorIN3gil5ColorIhLj3EEESaIS2_ EE6insertEN9__gnu_cxx17__normal_iteratorIPS2_S4_EE jRKS2_+0x26)[0x80525b8]
    ./composition(_ZNSt6vectorIN3gil5ColorIhLj3EEESaIS2_ EE6resizeEjS2_+0xdd)[0x8052697]
    ./composition[0x805cd88]
    ./composition[0x805cfb5]
    ./composition[0x805d00c]
    ./composition[0x805666a]
    ./composition(__gxx_personality_v0+0x3bf)[0x804f533]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7badebc]
    ./composition(__gxx_personality_v0+0x22d)[0x804f3a1]
    ======= Memory map: ========
    08048000-08091000 r-xp 00000000 08:01 8488614 /home/jutirain/Research/Semi-automatic_Composition/Code/trunk/composition
    08091000-08092000 rw-p 00048000 08:01 8488614 /home/jutirain/Research/Semi-automatic_Composition/Code/trunk/composition
    08092000-0818e000 rw-p 08092000 00:00 0 [heap]
    b7200000-b7221000 rw-p b7200000 00:00 0
    b7221000-b7300000 ---p b7221000 00:00 0
    b7333000-b75a5000 rw-p b7333000 00:00 0
    b7610000-b77b2000 rw-p b7610000 00:00 0
    b781b000-b781d000 rw-p b781b000 00:00 0
    b781d000-b783b000 r-xp 00000000 08:01 6063550 /usr/lib/libexpat.so.1.0.0
    b783b000-b783d000 rw-p 0001d000 08:01 6063550 /usr/lib/libexpat.so.1.0.0
    b783d000-b783f000 r-xp 00000000 08:01 918792 /lib/tls/i686/cmov/libdl-2.5.so
    b783f000-b7841000 rw-p 00001000 08:01 918792 /lib/tls/i686/cmov/libdl-2.5.so
    b7841000-b7842000 rw-p b7841000 00:00 0
    b7842000-b7846000 r-xp 00000000 08:01 6063365 /usr/lib/libXdmcp.so.6.0.0
    b7846000-b7847000 rw-p 00003000 08:01 6063365 /usr/lib/libXdmcp.so.6.0.0
    b7847000-b7849000 r-xp 00000000 08:01 6063354 /usr/lib/libXau.so.6.0.0
    b7849000-b784a000 rw-p 00001000 08:01 6063354 /usr/lib/libXau.so.6.0.0
    b784a000-b7851000 r-xp 00000000 08:01 6063391 /usr/lib/libXrender.so.1.3.0
    b7851000-b7852000 rw-p 00006000 08:01 6063391 /usr/lib/libXrender.so.1.3.0
    b7852000-b78ba000 r-xp 00000000 08:01 6063017 /usr/lib/libfreetype.so.6.3.10
    b78ba000-b78bd000 rw-p 00068000 08:01 6063017 /usr/lib/libfreetype.so.6.3.10
    b78bd000-b78e0000 r-xp 00000000 08:01 6063556 /usr/lib/libfontconfig.so.1.2.0
    b78e0000-b78e8000 rw-p 00023000 08:01 6063556 /usr/lib/libfontconfig.so.1.2.0
    b78e8000-b78e9000 rw-p b78e8000 00:00 0
    b78e9000-b78fd000 r-xp 00000000 08:01 1671365 /usr/lib/libIex.so.2.0.2
    b78fd000-b78ff000 rw-p 00013000 08:01 1671365 /usr/lib/libIex.so.2.0.2
    b78ff000-b7941000 r-xp 00000000 08:01 1671364 /usr/lib/libHalf.so.2.0.2
    b7941000-b7942000 rw-p 00041000 08:01 1671364 /usr/lib/libHalf.so.2.0.2
    b7942000-b7947000 r-xp 00000000 08:01 1671367 /usr/lib/libImath.so.2.0.2
    b7947000-b7948000 rw-p 00004000 08:01 1671367 /usr/lib/libImath.so.2.0.2
    b7948000-b79c1000 r-xp 00000000 08:01 1671366 /usr/lib/libIlmImf.so.2.0.2
    b79c1000-b79c3000 rw-p 00078000 08:01 1671366 /usr/lib/libIlmImf.so.2.0.2
    b79c3000-b7a13000 r-xp 00000000 08:01 6064057 /usr/lib/libtiff.so.4.2.1
    b7a13000-b7a15000 rw-p 00050000 08:01 6064057 /usr/lib/libtiff.so.4.2.1
    b7a15000-b7a16000 rw-p b7a15000 00:00 0
    b7a16000-b7a34000 r-xp 00000000 08:01 6063832 /usr/lib/libjpeg.so.62.0.0
    b7a34000-b7a35000 rw-p 0001d000 08:01 6063832 /usr/lib/libjpeg.so.62.0.0
    b7a35000-b7a48000 r-xp 00000000 08:01 6064109 /usr/lib/libz.so.1.2.3
    b7a48000-b7a49000 rw-p 00012000 08:01 6064109 /usr/lib/libz.so.1.2.3
    b7a49000-b7a6b000 r-xp 00000000 08:01 6062928 /usr/lib/libpng12.so.0.15.0
    b7a6b000-b7a6c000 rw-p 00021000 08:01 6062928 /usr/lib/libpng12.so.0.15.0
    b7a6c000-b7b59000 r-xp 00000000 08:01 6063348 /usr/lib/libX11.so.6.2.0
    b7b59000-b7b5d000 rw-p 000ed000 08:01 6063348 /usr/lib/libX11.so.6.2.0
    b7b5d000-b7b6a000 r-xp 00000000 08:01 6063369 /usr/lib/libXext.so.6.4.0
    b7b6a000-b7b6b000 rw-p 0000d000 08:01 6063369 /usr/lib/libXext.so.6.4.0
    b7b6b000-b7b7e000 r-xp 00000000 08:01 918812 /lib/tls/i686/cmov/libpthread-2.5.so
    b7b7e000-b7b80000 rw-p 00013000 08:01 918812 /lib/tls/i686/cmov/libpthread-2.5.so
    b7b80000-b7b83000 rw-p b7b80000 00:00 0
    b7b83000-b7b85000 r-xp 00000000 08:01 6063379 /usr/lib/libXinerama.so.1.0.0
    b7b85000-b7b86000 rw-p 00001000 08:01 6063379 /usr/lib/libXinerama.so.1.0.0
    b7b86000-b7b97000 r-xp 00000000 08:01 6063375 /usr/lib/libXft.so.2.1.2
    b7b97000-b7b98000 rw-p 00010000 08:01 6063375 /usr/lib/libXft.so.2.1.2
    b7b98000-b7cd3000 r-xp 00000000 08:01 918786 /lib/tls/i686/cmov/libc-2.5.so
    b7cd3000-b7cd4000 r--p 0013b000 08:01 918786 /lib/tls/i686/cmov/libc-2.5.so
    b7cd4000-b7cd6000 rw-p 0013c000 08:01 918786 /lib/tls/i686/cmov/libc-2.5.so
    b7cd6000-b7cd9000 rw-p b7cd6000 00:00 0
    b7cd9000-b7ce4000 r-xp 00000000 08:01 884800 /lib/libgcc_s.so.1
    b7ce4000-b7ce5000 rw-p 0000a000 08:01 884800 /lib/libgcc_s.so.1
    b7ce5000-b7d0a000 r-xp 00000000 08:01 918794 /lib/tls/i686/cmov/libm-2.5.so
    b7d0a000-b7d0c000 rw-p 00024000 08:01 918794 /lib/tls/i686/cmov/libm-2.5.so
    b7d0c000-b7deb000 r-xp 00000000 08:01 6064045 /usr/lib/libstdc++.so.6.0.8
    b7deb000-b7dee000 r--p 000de000 08:01 6064045 /usr/lib/libstdc++.so.6.0.8
    b7dee000-b7df0000 rw-p 000e1000 08:01 6064045 /usr/lib/libstdc++.so.6.0.8
    b7df0000-b7df6000 rw-p b7df0000 00:00 0
    b7df6000-b7e34000 r-xp 00000000 08:01 9097537 /usr/lib/libgil2.so
    b7e34000-b7e36000 rw-p 0003e000 08:01 9097537 /usr/lib/libgil2.so
    b7e36000-b7ea1000 rw-p b7e36000 00:00 0
    b7ea1000-b7f35000 r-xp 00000000 08:01 1671309 /usr/lib/libfltk.so.1.1
    b7f35000-b7f3b000 rw-p 00093000 08:01 1671309 /usr/lib/libfltk.so.1.1
    b7f3b000-b7f3e000 rw-p b7f3b000 00:00 0
    b7f3e000-b7f4d000 r-xp 00000000 08:01 1671312 /usr/lib/libfltk_images.so.1.1
    b7f4d000-b7f4e000 rw-p 0000f000 08:01 1671312 /usr/lib/libfltk_images.so.1.1
    b7f5d000-b7f5f000 rw-p b7f5d000 00:00 0
    b7f5f000-b7f78000 r-xp 00000000 08:01 884757 /lib/ld-2.5.so
    b7f78000-b7f7a000 rw-p 00019000 08:01 884757 /lib/ld-2.5.so
    bfd47000-bfd5c000 rw-p bfd47000 00:00 0 [stack]
    ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
    Aborted (core dumped)

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    Posting the source code would be more useful.

    As you seem to be using Linux, then try this
    g++ -g prog.cpp -lefence
    gdb a.out
    run

    The electric fence is a memory allocation wrapper which has the ability to trap where mistakes such as buffer overrun actually happen, rather than perhaps in your case where it happens to get noticed.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Install Valgrind, run your program through it, be enlightened The wonderful thing about Linux memory corruption bugs is that Valgrind can always find them, provided you can reproduce them. EDIT: I should say "dynamic memory corruption" because Valgrind can't find stack overflows.

    Other than that, we can't help figure out your problem without seeing source code.
    Last edited by brewbuck; 11-26-2007 at 11:50 AM.

  4. #4
    Registered User
    Join Date
    Nov 2007
    Posts
    33
    I can fix the error by only changing the ORDER of the declarations of variable?

    That's odd enough.

    The code is not suitable for posting here for its size, however, I'll try to use electric fense & valgrind and post the result.
    Thanks for help.

  5. #5
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by jutirain View Post
    I can fix the error by only changing the ORDER of the declarations of variable?

    That's odd enough.
    That's not odd at all, and in fact is a piece of evidence telling you exactly where your problem is.

  6. #6
    Registered User
    Join Date
    Nov 2007
    Posts
    33
    OK, here is my valgrind output:
    http://graphics.csie.ntu.edu.tw/~jon...ind.output.txt

    and here is my source code, in which I have problem with:
    http://graphics.csie.ntu.edu.tw/~jon...mageBox.h.html
    (I didn't list all the files since there are about 10 of them)

    I just cut the declarations in line 134 ~ 136 to line after 116 and the problem was solved.
    However, I still very curious about what's going on actually.

    Any ideas?

  7. #7
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Valgrind is telling you that the ImageBox::init_markup_colors() function is writing beyond the end of the vector allocated in the ImageBox::ImageBox constructor. If you compile with debugging enabled (-g) Valgrind will also print exact line numbers.

    But you should start by looking at the code in ImageBox::init_markup_color(), particularly the code which accesses this vector, whatever it is.

    I just cut the declarations in line 134 ~ 136 to line after 116 and the problem was solved.
    However, I still very curious about what's going on actually.
    It doesn't solve anything, it just causes the program to corrupt some OTHER bit of memory instead of this one. It's still wrong.

  8. #8
    Registered User
    Join Date
    Nov 2007
    Posts
    33
    You're right.

    I've found the bugs, thanks!

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. double free or corruption (fasttop)
    By yougene in forum C Programming
    Replies: 6
    Last Post: 01-17-2009, 06:44 PM
  2. Replies: 48
    Last Post: 09-26-2008, 03:45 AM
  3. Replies: 1
    Last Post: 09-19-2008, 01:21 AM
  4. Replies: 3
    Last Post: 08-08-2008, 07:40 AM
  5. double free or corruption???
    By hwttdz in forum C++ Programming
    Replies: 2
    Last Post: 07-22-2006, 03:02 PM