Thread: malloc calloc and free

  1. 03-25-2009 #1
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569

    malloc calloc and free

    I got the following weird error when trying to free a structure:

    Code:
    *** glibc detected *** receiver: free(): invalid next size (normal): 0x00000000010855b0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3bbba78228]
/lib64/libc.so.6(cfree+0x76)[0x3bbba7a866]
/lib64/libc.so.6(fclose+0x151)[0x3bbba68731]
receiver[0x400dce]
/lib64/libc.so.6(__libc_start_main+0xfa)[0x3bbba1e32a]
receiver[0x400a39]
======= Memory map: ========
00400000-00402000 r-xp 00000000 00:37 267920                             /p2/hh/project2/receiver
00601000-00602000 rw-p 00001000 00:37 267920                             /p2/hh/project2/receiver
01085000-010a6000 rw-p 01085000 00:00 0                                  [heap]
3bba800000-3bba81d000 r-xp 00000000 fd:01 1384464                        /lib64/ld-2.8.so
3bbaa1c000-3bbaa1d000 r--p 0001c000 fd:01 1384464                        /lib64/ld-2.8.so
3bbaa1d000-3bbaa1e000 rw-p 0001d000 fd:01 1384464                        /lib64/ld-2.8.so
3bbba00000-3bbbb62000 r-xp 00000000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbb62000-3bbbd62000 ---p 00162000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbd62000-3bbbd66000 r--p 00162000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbd66000-3bbbd67000 rw-p 00166000 fd:01 1384466                        /lib64/libc-2.8.so
3bbbd67000-3bbbd6c000 rw-p 3bbbd67000 00:00 0
3ebe600000-3ebe616000 r-xp 00000000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
3ebe616000-3ebe815000 ---p 00016000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
3ebe815000-3ebe816000 rw-p 00015000 fd:01 1384510                        /lib64/libgcc_s-4.3.0-20080428.so.1
7f9570000000-7f9570021000 rw-p 7f9570000000 00:00 0
7f9570021000-7f9574000000 ---p 7f9570021000 00:00 0
7f957573e000-7f9575740000 rw-p 7f957573e000 00:00 0
7f9575765000-7f9575768000 rw-p 7f9575765000 00:00 0
7fff7d753000-7fff7d768000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff7d7ff000-7fff7d800000 r-xp 7fff7d7ff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    can anyone tell me why? if we call calloc then do we have to free it as well just like malloc
  2. 03-25-2009 #2
    Adak
    Adak is offline
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    I'm unsure about your error, but definitely, you need to treat calloc'd memory, the same as malloc.
    (and free it).
  3. 03-25-2009 #3
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    this is weird.. so any ideas on how to debug it?
  4. 03-25-2009 #4
    bithub
    bithub is offline
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    It looks like your heap was corrupted from something. You can run memcheck (which is part of valgrind). It usually does a pretty good job with these sorts of problems.
  5. 03-25-2009 #5
    Adak
    Adak is offline
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    Looks like you're trying to free something that has either been mangled by another *thing* in your program, or it's already been destroyed.

    Can you set a pointer to that variable and watch it's value as you step through that portion of your program? If it goes to NULL it's been destroyed, if it never changes, then it's been mangled.
  6. 03-25-2009 #6
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    quite an off topic but say I have:

    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));

    is that correct or should it be:

    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame*));
  7. 03-25-2009 #7
    carrotcake1029
    carrotcake1029 is offline
    Registered User carrotcake1029's Avatar
    Join Date
    Apr 2008
    Posts
    404
    The former looks like it should be correct.

    Like bithub suggested, run it through memcheck. You may need to throw down a compiler switch to get a more specific location, but I kind of forget which.
  8. 03-25-2009 #8
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    I think this is where the problem is, but I don't see anything wrong here:

    Code:
    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));
		   frame_ack->hdr.type = TYPE_ACK;
		   frame_ack->hdr.seq = (SeqNum) LFR+10;
		   frame_ack->hdr.size = (u_char) 0;
		   printf("\ntrying to send ACK for %d!\n", LFR);
		   flag = sendto(sock_fd,(void*)frame_ack, sizeof(Frame),0,(struct sockaddr *)&sin, sizeof(sin));
		   if (flag == -1){
			perror("Error: Can't send the ACK to sender \n");
			close(sock_fd);
			exit(1);
		   }
		    printf("flag is %d frame sequence number is %d!\n", flag, frame->hdr.seq);
		   LAF = LFR + RWS;
		   free(frame_ack);
    when I comment out free(frame_ack) it works... but I want to free it.. any reason why?
  9. 03-25-2009 #9
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    valgrind gave me these results:

    Code:
    ==2367== Invalid write of size 1
==2367==    at 0x4A07FF4: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332bb is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid write of size 1
==2367==    at 0x4A07FFD: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332ba is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid write of size 1
==2367==    at 0x4A08007: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332b9 is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid write of size 1
==2367==    at 0x4A08011: memcpy (mc_replace_strmem.c:402)
==2367==    by 0x400F19: main (receiver.c:121)
==2367==  Address 0x4c332b8 is not stack'd, malloc'd or (recently) free'd
Header sequence is 1 and LFR+1 is 1!
==2367==
==2367== Invalid read of size 1
==2367==    at 0x3BBBA73C51: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c332bb is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid read of size 1
==2367==    at 0x3BBBA73C6D: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c332ba is not stack'd, malloc'd or (recently) free'd
==2367==
==2367== Invalid read of size 1
==2367==    at 0x4A089D6: mempcpy (mc_replace_strmem.c:676)
==2367==    by 0x3BBBA73D0E: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c331c0 is 0 bytes after a block of size 8 alloc'd
==2367==    at 0x4A05174: calloc (vg_replace_malloc.c:397)
==2367==    by 0x400EEE: main (receiver.c:120)
==2367==
==2367== Invalid read of size 1
==2367==    at 0x4A089C8: mempcpy (mc_replace_strmem.c:676)
==2367==    by 0x3BBBA73D0E: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.8.so)
==2367==    by 0x3BBBA69D27: fwrite (in /lib64/libc-2.8.so)
==2367==    by 0x400FB3: main (receiver.c:132)
==2367==  Address 0x4c331c1 is 1 bytes after a block of size 8 alloc'd
==2367==    at 0x4A05174: calloc (vg_replace_malloc.c:397)
==2367==    by 0x400EEE: main (receiver.c:120)
--2367-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--2367-- si_code=80;  Faulting address: 0x0;  sp: 0x402E8BE50

valgrind: the 'impossible' happened:
   Killed by fatal signal
==2367==    at 0x3802421D: vgPlain_arena_malloc (m_mallocfree.c:206)
==2367==    by 0x38002A75: vgMemCheck_new_block (mc_malloc_wrappers.c:195)
==2367==    by 0x38002CCD: vgMemCheck_calloc (mc_malloc_wrappers.c:270)
==2367==    by 0x380380B7: vgPlain_scheduler (scheduler.c:1277)
==2367==    by 0x38048E40: run_a_thread_NORETURN (syswrap-linux.c:89)
  10. 03-25-2009 #10
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    what am I doing wrong in my memcpy?

    Code:
    Frame** win_slots = (Frame**) calloc(RWS, sizeof(Frame*));
Frame* frame = (Frame*) calloc(1, sizeof(Frame));
win_slots[current_frame_index] = calloc(1, sizeof(Frame)); 
memcpy(win_slots[current_frame_index], frame, sizeof(Frame));
    win_slots is just an array of Frame
  11. 03-25-2009 #11
    bithub
    bithub is offline
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Can you post the code in receiver.c from lines 110-140?
  12. 03-25-2009 #12
    -EquinoX-
    -EquinoX- is offline
    Registered User
    Join Date
    Jan 2008
    Posts
    569
    hmm.. I think the receiver.c is fixed now, it used to be:

    win_slots[current_frame_index] = calloc(1, sizeof(Frame*));

    but now I changed it to:

    win_slots[current_frame_index] = calloc(1, sizeof(Frame));

    I think that's where the problem is.. It doesn't give me that weird long error on the first page again.


    But now I have a problem with the sender.c

    it says:

    ==6195== Invalid read of size 1
    ==6195== at 0x4A07B24: strlen (mc_replace_strmem.c:242)
    ==6195== by 0x3BBBA4A56F: vfprintf (in /lib64/libc-2.8.so)
    ==6195== by 0x3BBBA51079: printf (in /lib64/libc-2.8.so)
    ==6195== by 0x401653: main (sender.c:193)
    ==6195== Address 0x4c35384 is 0 bytes after a block of size 260 alloc'd
    ==6195== at 0x4A05174: calloc (vg_replace_malloc.c:397)
    ==6195== by 0x4015FF: main (sender.c:190)

    line 190 was just:
    Frame* frame = (Frame*) calloc(1, sizeof(Frame));
    line 193 was just:
    printf("body is %s\n", frame->body);

    and here's the struct Frame:
    Code:
    typedef struct Frame {
    FrameHdr	hdr;		/* Frame header */
    u_char	body[256];	/* Body */
} Frame;
    Last edited by -EquinoX-; 03-25-2009 at 08:23 PM.
  13. 03-25-2009 #13
    Adak
    Adak is offline
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    Quote Originally Posted by -EquinoX- View Post
    I think this is where the problem is, but I don't see anything wrong here:

    Code:
    Frame* frame_ack = (Frame*) calloc(1, sizeof(Frame));
		   frame_ack->hdr.type = TYPE_ACK;
		   frame_ack->hdr.seq = (SeqNum) LFR+10;
		   frame_ack->hdr.size = (u_char) 0;
		   printf("\ntrying to send ACK for %d!\n", LFR);
		   flag = sendto(sock_fd,(void*)frame_ack, sizeof(Frame),0,(struct sockaddr *)&sin, sizeof(sin));
		   if (flag == -1){
			perror("Error: Can't send the ACK to sender \n");
			close(sock_fd);
			exit(1);
		   }
		    printf("flag is %d frame sequence number is %d!\n", flag, frame->hdr.seq);
		   LAF = LFR + RWS;
		   free(frame_ack);
    when I comment out free(frame_ack) it works... but I want to free it.. any reason why?
    I have two questions about the line of code in red:

    1) Shouldn't a pointer to the frame be calloc'd to the size of the frame pointer, instead of the size of the frame itself?

    2) I thought it was incorrect to cast the return from calloc/malloc ? That it hid the error when you forgot to include stdlib.h?
    Last edited by Adak; 03-25-2009 at 08:29 PM.
  14. 03-25-2009 #14
    vart
    vart is offline
    Hurry Slowly vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,788
    and why do you want to malloc/free a variable which needs to be available only in one function? why not to make it simple automatic var?
    All problems in computer science can be solved by another level of indirection,
    except for the problem of too many layers of indirection.
    – David J. Wheeler
  15. 03-25-2009 #15
    laserlight
    laserlight is offline
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Quote Originally Posted by Adak
    1) Shouldn't a pointer to the frame be calloc'd to the size of the frame pointer, instead of the size of the frame itself?
    No, the size specified should be the size of each object for which space is to be allocated.

    Quote Originally Posted by Adak
    2) I thought it was incorrect to cast the return from calloc/malloc ? That it hid the error when you forgot to include stdlib.h?
    I think it is more a matter of bad practice than "incorrect", since it would be correct if the code is intended to be compilable as C++. However, I think that you may be right: a failure to #include <stdlib.h> could be the problem.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. To find the memory leaks without using any tools
    By asadullah in forum C Programming
    Replies: 2
    Last Post: 05-12-2008, 07:54 AM
  2. segmentation fault (calloc, free)
    By kentadams in forum C Programming
    Replies: 2
    Last Post: 09-07-2007, 08:50 AM
  3. We Got _DEBUG Errors
    By Tonto in forum Windows Programming
    Replies: 5
    Last Post: 12-22-2006, 05:45 PM
  4. confused about arrays
    By sal817 in forum C Programming
    Replies: 17
    Last Post: 09-20-2004, 03:45 PM
  5. sizeof, calloc and free questions
    By gogo in forum C Programming
    Replies: 3
    Last Post: 10-25-2001, 05:32 AM