Thread: heap corruption + mcheck resulted core + identifying the exact cause

  1. #1
    Registered User
    Join Date
    Mar 2008
    Location
    India
    Posts
    125

    heap corruption + mcheck resulted core + identifying the exact cause

    Hi all,


    I facing an issue with heap corruption.
    In my code i am trying to extract line by line form one of the file using getline. After this i do some parsing and then free the line buffer once done.

    Here at free i it generates the core . Below is the core trace.

    Code:
    #0  0x0000003539435069 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
    #1  0x0000003539438168 in __GI_abort () at abort.c:89
    #2  0x000000353946e544 in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
    #3  0x000000353946e56e in __GI___libc_fatal (message=<optimized out>) at ../sysdeps/posix/libc_fatal.c:186
    #4  0x000000353947e4f5 in mabort (status=<optimized out>) at mcheck.c:363
    #5  0x000000353947e5a8 in checkhdr (hdr=hdr@entry=0x6214d0) at mcheck.c:114
    #6  0x000000353947e9b9 in checkhdr (hdr=0x6214d0) at mcheck.c:186
    #7  freehook (ptr=0x621500, caller=0x7f119dcdf3c6 <target_get_config_value+454>) at mcheck.c:187
    #8  0x00007f119dcdf3c6 in target_get_config_value (buf=buf@entry=0x7fff1c7a3760 "1", buf_len=buf_len@entry=16, fmt=fmt@entry=0x40fea2 "PORT_OFFSET_MAP")
        at xx/xx/xp/bsd/target/bsg/libsrc/lib/attrs/src/bsg_utils.c:94
    #9  0x0000000000408168 in ald_get_femu_config_vlaue () at xx/kedu/sources/fwd/sld/src/sld.c:712
    #10 0x0000000000408d67 in main (argc=1, argv=0x7fff1c7a3988) at xx/xx/xx/fwd/sld/src/sld.c:1061
    I have following queries here.

    1. what is the checkhdr() error.
    2. any more defensive program i should use to overcome this getline() and free() crash.


    Thanks
    Rama

  2. #2
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,907
    Really hard to say what the problem is without seeing any source code. If you post it, please make sure it's well formatted and post it in [code][/code] tags.

    You can also try Valgrind and Electric Fence to help you debug.

  3. #3
    Registered User
    Join Date
    Mar 2008
    Location
    India
    Posts
    125
    Thanks anduril,

    I have pasted my code here.. pastebin - Unnamed - post number 3694480

    When i run with Valgrind it never shows up this error. In documentation i learned the native execution memory layout would be different compared to valgrind, this might result in issue not surfacing.

  4. #4
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,907
    You missed the part about posting it in code tags. Please just post the code here, so anybody looking at the thread can easily following along.
    Code:
    get_config_value (
        char *buf,
        size_t buf_len,
        const char *fmt,
        ...)
    {
        FILE *fp;
        char *line = NULL;
        size_t len = 0;
        ssize_t read;
        va_list argp;
        char var[128];
        api_rc_t rc = 4;
    
    
        fp = fopen(CONFIG, "r");
        if (fp == NULL) {
            return (3);
        }
    
    
        va_start(argp, fmt);
        vsnprintf(var, sizeof(var), fmt, argp);
        va_end(argp);
    
    
        while ((read = getline(&line, &len, fp)) != -1) {
            char *tok;
            char *val;
    
    
            /* check for comment.  not very robust. */
            if (line[0] == '#') {
                continue;
            }
    
    
            /* get token. */
            tok = strtok(line, "=");
            if (!tok) {
                continue;
            }
    
    
            if (strcmp(tok, var)==0) {
                val = strtok(NULL, "=\n\r\t");
                if (!val) {
                    rc = 3;
                } else {
                    if (buf && buf_len) {
                        strncpy(buf, val, buf_len);
                    }
                    rc = API_OK;
                }
                break;
            }
        }
    
    
        if (rc == 2) {
            /* variable was not found. */
        }
    
    
        if (line) {
            free(line);
        }
        fclose(fp);
        return (rc);
    }

  5. #5
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,907
    I don't see any glaring memory issues off hand. However, it's possible that some other code is responsible for the corruption, such as the code that calls get_config_value. In particular, I notice from the trace that buf contains "1" but is said to be of size 16. Are you sure that is correct? Does buf actually have space for 16 bytes? If you write past the end of buf with your strncpy on line 51, this could cause the corruption.

    One other note: Line 40 is pointless. If the first call to strtok doesn't find the delimiter, it returns the whole string, not NULL.

  6. #6
    Registered User
    Join Date
    Jun 2015
    Posts
    1,643
    You need to free line within the loop, and reset it to NULL as well as reset len to 0.
    getline(3) - Linux manual page
    Code:
    #define _POSIX_C_SOURCE 200809L
    #include <stdio.h>
    #include <stdlib.h>
    
    int main(void) {
        ssize_t nread;
        size_t len = 0;
        char *line = NULL;
    
        while ((nread = getline(&line, &len, stdin)) != -1) {
    
            printf("[%d] [%d] %s", (int)len, (int)nread, line);
    
            free(line);
            line = NULL;
            len = 0;
        }
    
        // Even if getline fails, this may be necessary (according to doc).
        free(line);  // okay to pass NULL to free, which will then do nothing
    
        return 0;
    }
    Alternatively, and more efficiently, you can malloc your own line buffer, say of 1000 bytes. It will be automatically realloced by getline if necessary and you can then free it after the loop.

    EDIT: Now that I think about it, this is probably wrong and your original getline code should work!
    Last edited by algorism; 08-17-2016 at 12:01 PM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. This may be due to a corruption of the heap
    By Cobs in forum C++ Programming
    Replies: 3
    Last Post: 01-13-2011, 09:53 PM
  2. Possible Heap Corruption
    By Michael5978 in forum C++ Programming
    Replies: 2
    Last Post: 04-06-2010, 04:09 PM
  3. Why is this free corruption the heap?
    By braden87 in forum C Programming
    Replies: 1
    Last Post: 01-24-2010, 01:16 PM
  4. This may be due to a corruption of the heap
    By krishnampkkm in forum C++ Programming
    Replies: 4
    Last Post: 06-26-2009, 03:19 AM
  5. Heap corruption errors
    By VirtualAce in forum C++ Programming
    Replies: 0
    Last Post: 07-15-2006, 04:46 PM

Tags for this Thread