chunk_alloc segfault

Discussion in 'C Programming' started by vlindos, Oct 22, 2003.

  1. vlindos

    vlindos Guest

    I have this code
    <code>
    #include <stdio.h>
    #include <stdlib.h>
    #include <mysql/mysql.h>

    char locale_loaded[2];

    int i18n_num;

    struct i18n_t{
    char *msg;
    char *gsm;
    } **i18n_cache;

    void i18n_init(char locale[2])
    {
    char qbuf[1024];
    MYSQL_ROW row;
    MYSQL_RES *res;

    strcpy(locale_loaded, locale);
    sprintf(qbuf, "select msg,%s from i18n", locale);
    if(mysql_query(mysql_sock, qbuf)) {
    fprintf(stderr, "FATAL ERROR: Cannot connect MySQL
    DB.\n");
    exit(0);
    }
    res = mysql_store_result(mysql_sock);
    i18n_num = 0;
    while((row = mysql_fetch_row(res)) != NULL) {
    i18n_cache = (struct i18n_t **) realloc(i18n_cache,
    ++i18n_num * (sizeof(struct i18n_t)));
    i18n_cache[i18n_num-1] = (struct i18n_t
    *)malloc(sizeof(struct i18n_t));
    if(row[0] == NULL) { i18n_num--; continue; }
    i18n_cache[i18n_num-1]->msg = (char
    *)malloc(sizeof(row[0]));
    strcpy(i18n_cache[i18n_num-1]->msg, row[0]);
    if(row[1] == NULL) continue;
    i18n_cache[i18n_num-1]->gsm = (char
    *)malloc(sizeof(row[1]));
    strcpy(i18n_cache[i18n_num-1]->msg, row[1]);
    }

    return;
    }
    </code>
    It parses sereval times results and gives the unexpected:
    <gdb-output>
    Breakpoint 1, main () at rebmin.c:31
    31 mysql_init(&mysql_t);
    (gdb) s 30
    31 while((row = mysql_fetch_row(res)) != NULL) {
    (gdb) s
    32 i18n_cache = (struct i18n_t **)
    realloc(i18n_cache, ++i18n_num * (sizeof(struct i18n_t)));
    (gdb) s

    Program received signal SIGSEGV, Segmentation fault.
    0x4207b7fd in chunk_realloc () from /lib/i686/libc.so.6
    (gdb)
    </gdb-output>
    any ideas ?
    vlindos, Oct 22, 2003
    #1
    1. Advertising

  2. On Wed, 22 Oct 2003 02:42:53 -0700, vlindos wrote:

    > I have this code
    > <code>
    > #include <stdio.h>


    You need this too:
    #include <string.h>

    > #include <stdlib.h>
    > #include <mysql/mysql.h>
    >
    > char locale_loaded[2];
    >
    > int i18n_num;
    >
    > struct i18n_t{
    > char *msg;
    > char *gsm;
    > } **i18n_cache;


    You seem to be relying on this being initialized to a null pointer.
    That's fine, but why not make it explicit?

    I hypothesize that you want to build an dynamically allocated array
    of pointers to struct i18n_t.

    Since we might want another pointer of this type, I'll go ahead and
    declare another one too.

    } **i18n_cache = NULL, **resized_cache = NULL;
    /* for dynamically allocated array of pointer to struct i18n_t */

    > void i18n_init(char locale[2])
    > {
    > char qbuf[1024];
    > MYSQL_ROW row;
    > MYSQL_RES *res;
    >
    > strcpy(locale_loaded, locale);
    > sprintf(qbuf, "select msg,%s from i18n", locale);
    > if(mysql_query(mysql_sock, qbuf)) {
    > fprintf(stderr, "FATAL ERROR: Cannot connect MySQL DB.\n");
    > exit(0);
    > }
    > res = mysql_store_result(mysql_sock);
    > i18n_num = 0;
    >
    > while((row = mysql_fetch_row(res)) != NULL) {
    > i18n_cache = (struct i18n_t **)

    realloc(i18n_cache, ++i18n_num * (sizeof(struct i18n_t)));

    That's a lot going on in one line. Let's see, we don't need the cast of
    realloc's return value, I'd prefer to increment i18n_num before this
    line, and look at that sizeof.

    You are trying to allocate an array of _pointers_ to struct i18n_t. That
    is clear from the next line. So sizeof(struct i18n_t) can't be right.
    We can get the correct size to allocate by finding out the size of the
    kind of thing that i18n_cache points to.

    Lastly, you need to check to make sure that realloc succeeded. Since
    it will return NULL on failure, it's probably a bad idea to assign
    its return value to i18n_cache, since you'll lose your only pointer
    to your array.

    ++i18n_num;
    resized_cache = realloc(i18n_cache, i18n_num * sizeof *i18n_cache);
    if (resized_cache == NULL) {
    /* oops, realloc() failed */
    break; /* exit while */
    }

    i18n_cache = resized_cache;

    > i18n_cache[i18n_num-1] = (struct i18n_t *)malloc(sizeof(struct i18n_t));


    You don't need to cast the result of malloc, but you do need to
    make sure that it succeeded. Also, I've changed the sizeof to
    find the size of the thing we're allocating instead of the size
    of its type, as above.

    i18n_cache[i18n_num-1] = malloc(sizeof **i18n_cache);
    if (i18n_cache[i18n_num-1] == NULL) {
    /* oops, malloc() failed */
    break; /* exit while */
    }

    > if(row[0] == NULL) { i18n_num--; continue; }


    Why is this line here? Presumably you know whether row[0] is a
    null pointer or not right after mysql_fetch_row() is called.
    If you test it at the top of the while loop, then you won't
    call realloc and malloc before you actually need the space.

    > i18n_cache[i18n_num-1]->msg = malloc(sizeof(row[0]));


    Whoa! Without knowing anything about MySQL, this line looks
    mighty suspicious. In the next line, you are using strcpy() to
    copy a string that is pointed to by row[0]. Here you are
    allocating a buffer for that string, but you are only
    allocating enough space for a pointer! I know this is because
    MYSQL_ROW is defined in mysql/mysql.h as:

    typedef char **MYSQL_ROW;

    This error is probably the cause of your segmentation fault.
    So you need to allocate a buffer big enough to contain the
    entire string, and of course you need to check to make sure
    that malloc succeeded:

    i18n_cache[i18n_num-1]->msg = malloc(strlen(row[0])+1);
    if (i18n_cache[i18n_num-1]->msg == NULL) {
    /* oops, malloc() failed */
    break; /* exit while */
    }


    > strcpy(i18n_cache[i18n_num-1]->msg, row[0]);
    > if(row[1] == NULL) continue;
    > i18n_cache[i18n_num-1]->gsm = (char *)malloc(sizeof(row[1]));


    You have the exact same problem here:

    i18n_cache[i18n_num-1]->gsm = malloc(strlen(row[1])+1);
    if (i18n_cache[i18n_num-1]->msg == NULL) {
    /* oops, malloc() failed */
    break; /* exit while */
    }

    > strcpy(i18n_cache[i18n_num-1]->msg, row[1]);


    Surely this is supposed to copy into ->gsm instead of ->msg?

    > strcpy(i18n_cache[i18n_num-1]->gsm, row[1]);


    > }
    >
    > return;
    > }


    Here's the code again, in full, direct from my emacs. I've
    compiled it

    gcc -Wall -O2 -pedantic -std=c99 -c test.c

    But haven't tried to test it.

    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #include <mysql/mysql.h>

    char locale_loaded[2];

    int i18n_num;

    MYSQL *mysql_sock;

    struct i18n_t {
    char *msg;
    char *gsm;
    } **i18n_cache = NULL, **resized_cache = NULL;

    void i18n_init(char locale[2])
    {
    char qbuf[1024];
    MYSQL_ROW row;
    MYSQL_RES *res;

    strcpy(locale_loaded, locale);
    sprintf(qbuf, "select msg,%s from i18n", locale);

    if (mysql_query(mysql_sock, qbuf))
    {
    fprintf(stderr, "FATAL ERROR: Cannot connect MySQL DB.\n");
    exit(0);
    }

    res = mysql_store_result(mysql_sock);

    i18n_num = 0;

    while ((row = mysql_fetch_row(res)) != NULL)
    {
    if (row[0] == NULL) continue;

    ++i18n_num;

    resized_cache = realloc(i18n_cache, i18n_num * sizeof *i18n_cache);
    if (resized_cache == NULL) {
    /* oops, realloc() failed */
    break; /* exit while loop */
    }

    i18n_cache = resized_cache;

    i18n_cache[i18n_num - 1] = malloc(sizeof i18n_cache);
    if (i18n_cache[i18n_num-1] == NULL) {
    /* oops, malloc() failed */
    break; /* exit while */
    }

    i18n_cache[i18n_num-1]->msg = malloc(strlen(row[0])+1);
    if (i18n_cache[i18n_num-1]->msg == NULL) {
    /* oops, malloc() failed */
    break; /* exit while */
    }

    strcpy(i18n_cache[i18n_num - 1]->msg, row[0]);

    if (row[1] == NULL) continue;

    i18n_cache[i18n_num-1]->gsm = malloc(strlen(row[1])+1);
    if (i18n_cache[i18n_num-1]->gsm == NULL) {
    /* oops, malloc() failed */
    break; /* exit while */
    }

    strcpy(i18n_cache[i18n_num - 1]->gsm, row[1]);
    }

    return;
    }
    Sheldon Simms, Oct 22, 2003
    #2
    1. Advertising

  3. vlindos

    Mark Gordon Guest

    On 22 Oct 2003 02:42:53 -0700
    (vlindos) wrote:

    > I have this code
    > <code>
    > #include <stdio.h>
    > #include <stdlib.h>
    > #include <mysql/mysql.h>


    #include <string.h> /* You need it for strcpy */

    > char locale_loaded[2];


    Are you sure you mean 2? that's space for 1 char followed by a null
    terminator. If I am right this could cause a segmentation violation or
    anything else. I think you want

    char locale_loaded[3];

    > int i18n_num;
    >
    > struct i18n_t{
    > char *msg;
    > char *gsm;
    > } **i18n_cache;
    >
    > void i18n_init(char locale[2])


    Again, I think it is more than 2 characters! Anyway, I would just do:

    void i18n_init(char *locale)

    > {
    > char qbuf[1024];
    > MYSQL_ROW row;
    > MYSQL_RES *res;
    >
    > strcpy(locale_loaded, locale);


    Not very safe. What is a string longer than 1 characters (or 2
    characters after my suggested change) is passed in?

    > sprintf(qbuf, "select msg,%s from i18n", locale);
    > if(mysql_query(mysql_sock, qbuf)) {


    You did not include a definition of mysql_sock in the posted code. I
    assume this is a global and has been properly initialised?

    Anything to do with mysql is off topic for this group.

    > fprintf(stderr, "FATAL ERROR: Cannot connect MySQL
    > DB.\n");
    > exit(0);
    > }
    > res = mysql_store_result(mysql_sock);
    > i18n_num = 0;
    > while((row = mysql_fetch_row(res)) != NULL) {
    > i18n_cache = (struct i18n_t **) realloc(i18n_cache,
    > ++i18n_num * (sizeof(struct i18n_t)));


    BAD for numerous reasons. Try

    struct i18n_t **tmp_i18n_cache =
    realloc(i18n_cache, ++i18n_num * sizeof *tmp_i18n_cache);
    if (tmp_i18n_cache == NULL) {
    fprintf(stderr, "FATAL ERROR: realloc i18n_cache failed\n");
    exit(0);
    /* You can used some error recovery if you want instead.
    i18n_cache still points to the data you had */
    }
    i18n_cache = tmp_i18n_cache;

    > i18n_cache[i18n_num-1] = (struct i18n_t
    > *)malloc(sizeof(struct i18n_t));


    Bad. Use
    i18n_cache[i18n_num-1] = malloc(sizeof **i18n_cache);
    if (i18n_cache[i18n_num-1] == NULL) {
    fprintf(stderr,
    "FATAL ERROR: malloc i18n_cache[] failed\n");
    exit(0);
    }

    or something similar.

    > if(row[0] == NULL) { i18n_num--; continue; }
    > i18n_cache[i18n_num-1]->msg = (char
    > *)malloc(sizeof(row[0]));
    > strcpy(i18n_cache[i18n_num-1]->msg, row[0]);


    Almost certainly wrong, but MySQL is off topic here.

    > if(row[1] == NULL) continue;
    > i18n_cache[i18n_num-1]->gsm = (char
    > *)malloc(sizeof(row[1]));
    > strcpy(i18n_cache[i18n_num-1]->msg, row[1]);


    Almost certainly wrong, but MySQL is off topic here.

    > }
    >
    > return;
    > }
    > </code>
    > It parses sereval times results and gives the unexpected:
    > <gdb-output>
    > Breakpoint 1, main () at rebmin.c:31
    > 31 mysql_init(&mysql_t);
    > (gdb) s 30
    > 31 while((row = mysql_fetch_row(res)) != NULL) {
    > (gdb) s
    > 32 i18n_cache = (struct i18n_t **)
    > realloc(i18n_cache, ++i18n_num * (sizeof(struct i18n_t)));
    > (gdb) s
    >
    > Program received signal SIGSEGV, Segmentation fault.
    > 0x4207b7fd in chunk_realloc () from /lib/i686/libc.so.6
    > (gdb)
    > </gdb-output>
    > any ideas ?


    One of the errors above (or something else where in your code) has
    probably run off the end of a buffer and overwritten something critical.
    --
    Mark Gordon
    Paid to be a Geek & a Senior Software Developer
    Although my email address says spamtrap, it is real and I read it.
    Mark Gordon, Oct 22, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vedran Vyroubal

    STL string segfault

    Vedran Vyroubal, Mar 3, 2004, in forum: C++
    Replies:
    5
    Views:
    1,330
    Vedran Vyroubal
    Mar 4, 2004
  2. Arthur J. O'Dwyer

    multiset segfault

    Arthur J. O'Dwyer, Jun 17, 2004, in forum: C++
    Replies:
    10
    Views:
    715
    Dave Townsend
    Jun 18, 2004
  3. Jim Strathmeyer

    istream segfault

    Jim Strathmeyer, Jul 22, 2004, in forum: C++
    Replies:
    4
    Views:
    425
    Mike Wahler
    Jul 23, 2004
  4. William Payne
    Replies:
    4
    Views:
    497
    Karthiik Kumar
    Aug 28, 2004
  5. Andrey Vul
    Replies:
    8
    Views:
    683
    Richard Bos
    Jul 30, 2010
Loading...

Share This Page