Thread: block overrun

Hello,

Can anyone please help me to understand, i am really tired of debugging this code now. The following the is my version of stringtok function. I did a valgrind to see if there are any memory leak. But i dint get any memory leak but i got a block overrun. I have been trying to find out where i am over running. It cant see anything here

Code:

char ** TokentheString( char *Line, char *Del )
{
    char **Tokenised, **ExtraToken = NULL;
    char Token[BUFSIZ], FormatSpec[15];
    char *TempLine = Line;
    int iOffset, iMAXS = 2,iIndex ;
    
    if( ( Tokenised = malloc( sizeof(char *) * iMAXS ) ) != NULL )
    {
        iIndex = 0;
        sprintf(FormatSpec, "%s%s%s", "%[^", Del, "]%n");
        
        while( sscanf(TempLine, FormatSpec, Token, &iOffset) == 1 )
        {
            if( iIndex >= iMAXS )
            {
                iMAXS += 5;
    
                if( ( ExtraToken = realloc( Tokenised, sizeof(char *) * iMAXS ) ) != NULL )
                {
                    Tokenised = ExtraToken;
                    ExtraToken = NULL;
                    free(ExtraToken);
                }
                else
                {
                    printf("Error: Realloc failed\n");
                    return NULL;
                }
            }
            
            if( iIndex < iMAXS )
            {
                if( ( Tokenised[iIndex] = malloc( sizeof(char) * strlen(Token) + 1) ) != NULL )
                {  
                    strcpy( Tokenised[iIndex], Token );          
                    TempLine += iOffset;
                    
                    if( *TempLine != Del[0] )
                          break;                                
                    ++TempLine;
                }
                else
                {
                    printf("Error: Memory allocation failed\n");
                    return NULL;
                }
            }
            ++iIndex ;
        }
        
        if( ( Tokenised[iIndex] = malloc( sizeof(char) * 15) ) != NULL )
            strcpy( Tokenised[iIndex], "NULL");
    }
    else
    {
         printf("Error: Memory allocation failed\n");
        return NULL;
    }
    
    return Tokenised;
}

And the valgrind output

Code:

==18652== Invalid write of size 4
==18652==    at 0x8049C8F: TokentheString (glLib.c:277)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==  Address 0x4030818 is 0 bytes after a block of size 408 alloc'd
==18652==    at 0x40055E2: realloc (vg_replace_malloc.c:306)
==18652==    by 0x8049B5C: TokentheString (glLib.c:244)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==
==18652== Invalid read of size 4
==18652==    at 0x8049C91: TokentheString (glLib.c:277)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==  Address 0x4030818 is 0 bytes after a block of size 408 alloc'd
==18652==    at 0x40055E2: realloc (vg_replace_malloc.c:306)
==18652==    by 0x8049B5C: TokentheString (glLib.c:244)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==
==18652== Invalid read of size 4
==18652==    at 0x8049CA0: TokentheString (glLib.c:278)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==  Address 0x4030818 is 0 bytes after a block of size 408 alloc'd
==18652==    at 0x40055E2: realloc (vg_replace_malloc.c:306)
==18652==    by 0x8049B5C: TokentheString (glLib.c:244)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==
==18652== Invalid read of size 4
==18652==    at 0x80493AA: PopulateData (glLib.c:24)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==  Address 0x4030818 is 0 bytes after a block of size 408 alloc'd
==18652==    at 0x40055E2: realloc (vg_replace_malloc.c:306)
==18652==    by 0x8049B5C: TokentheString (glLib.c:244)
==18652==    by 0x80491BC: PopulateData (glLib.c:22)
==18652==    by 0x8048E59: main (FlyComp.c:19)
==18652==

The red color highlighted line is the one which shows that i am over running. I dont really see anything wrong over there. Anyone find pit fall there?

thanks a lot

ssharish

Hi Dave,

Well, that was one of my confusion which i had. The Tokensized string is freed in the calling function 'Yes'. But what about the ExtraToken thats just used for the reallocation purpose like you can see what i am doing with that.

ssharish

Originally Posted by Dave_Sinkula

Oh, wait. ExtraToken is NULLed, so that line is a no-op.

My confusion here was, when i free the ExtraToken i get seg fault. But when NULL it and then free, it dons't give me seg fault. I dont understand that bit?

ssharish

You take your life into your own hands when you free ExtraToken, since it is also Tokenised. And you're still using that.

Originally Posted by Elysia

But I only get memory leaks. How about a test case? The code runs fine without crashes.

Hi Elysia, the code works fine with no error. You mentioned about the memory leak. Where was it.I through there was no leaks at all. And perhaps if you could at my first post in this thread. I have copied the output generated by the valgrind. It complains about the block overrun which i am not able to figure it out.

Does anyone see any mistakes i am doing or the usage of realloc function. Do i have to free ExtraToken is that ok if i leave it like that.

Maps, ok freeing null wouldn't have any affect. So how do i free the ExtraToken or shouldn't i have to do that. I am pretty sure if i don't do that, it would be a memory leak.

thank you

ssharish