libpcap: segfault on free after calloc

Discussion in 'C Programming' started by Pieter Claassen, Aug 3, 2004.

  1. I am baffled. I get the following error when I try to free some memory
    obtained with calloc.

    Error:

    LEN is 36
    STR SIZE BEFORE 0
    STR SIZE AFTER 36
    1234567890abcdefghijklmnopqrstuvwxyzJUST BEFORE FREE
    Segmentation fault


    ......code start........

    void handle_data(u_int32_t total_hdr_len, const struct pcap_pkthdr* pkthdr, const u_char* packet){
    char *str;
    u_int32_t len;
    int n;

    len = packet_length - total_hdr_len;
    printf("LEN is %d\n",len);
    str = (char*)calloc(len + 1,1);
    printf("STR SIZE BEFORE %d\n", strlen(str));
    if (str == NULL){
    printf("Failed to calloc memory\n");
    exit(1);
    }
    str=(char*)(packet + total_hdr_len);
    printf("STR SIZE AFTER %d\n", strlen(str));

    # ifdef DEBUG
    fprintf(stderr,"DATA:\n");
    for (n=0;n<len; n++){
    printf("%c",str[n]);
    }
    dump("DATA",(void*)str,len);
    # endif
    printf("JUST BEFORE FREE\n");
    free(str);
    printf("JUST AFTER FREE\n");

    }

    ......code end.......

    Where am I cocking up? I have tried it with malloc as well with similar
    results.

    Pieter
    Pieter Claassen, Aug 3, 2004
    #1
    1. Advertising

  2. In article <>,
    Pieter Claassen <> wrote:
    >I am baffled. I get the following error when I try to free some memory
    >obtained with calloc.


    No, you're freeing some completely other memory:

    > str = (char*)calloc(len + 1,1);

    ....
    > str=(char*)(packet + total_hdr_len);

    ....
    > free(str);


    -- Richard
    Richard Tobin, Aug 3, 2004
    #2
    1. Advertising

  3. Pieter Claassen

    Eric Sosman Guest

    Pieter Claassen wrote:
    > I am baffled. I get the following error when I try to free some memory
    > obtained with calloc.


    This sounds like Question 7.19 in the comp.lang.c
    Frequently Asked Questions (FAQ) list

    http://www.eskimo.com/~scs/C-faq/top.html

    .... but the difficulty in this case isn't what the FAQ
    calls the "most common," but the next-to-last of the
    causes it lists. Specifically,

    > str = (char*)calloc(len + 1,1);


    `str' now points to dynamically-allocated memory
    (assuming calloc() succeeds) ...

    > str=(char*)(packet + total_hdr_len);


    `str' now points somewhere else entirely, not to
    the memory obtained from calloc() ...

    > free(str);


    Ka-BOOM!

    --
    Eric Sosman, Aug 3, 2004
    #3
  4. Pieter Claassen

    -berlin.de Guest

    Pieter Claassen <> wrote:
    > I am baffled. I get the following error when I try to free some memory
    > obtained with calloc.


    > Error:


    > LEN is 36
    > STR SIZE BEFORE 0
    > STR SIZE AFTER 36
    > 1234567890abcdefghijklmnopqrstuvwxyzJUST BEFORE FREE
    > Segmentation fault



    > .....code start........


    > void handle_data(u_int32_t total_hdr_len, const struct pcap_pkthdr* pkthdr, const u_char* packet){
    > char *str;
    > u_int32_t len;
    > int n;
    >
    > len = packet_length - total_hdr_len;
    > printf("LEN is %d\n",len);
    > str = (char*)calloc(len + 1,1);


    What's the cast good for? Did you forget to include <stdlib.h> and
    want to keep the compiler from complaining about that mistake?

    > printf("STR SIZE BEFORE %d\n", strlen(str));


    You should do that only _after_ checking that str isn't NULL. And it
    doesn't make much sense anyway since strlen(str) should be always 0,
    why else would you use calloc()?

    > if (str == NULL){
    > printf("Failed to calloc memory\n");
    > exit(1);
    > }
    > str=(char*)(packet + total_hdr_len);


    And here things go badly wrong. Before that line str was pointing to
    newly allocated memory. After that line it points somewhere else and
    you have lost all information about the memory you have allocated,
    so you just created a memory leak because you're not able anymore to
    free() it.

    Are you sure you don't want to use a memcpy() or strcpy()? Strings
    (or char arrays) aren't copied by assigning pointers!

    Another thing since you are using string functions like strlen():
    is what packet points to a '\0'-terminated string? If not you can
    not use strlen(), if yes be careful to obtain enough memory for
    the terminating '\0' character...

    > printf("STR SIZE AFTER %d\n", strlen(str));
    >
    > # ifdef DEBUG
    > fprintf(stderr,"DATA:\n");
    > for (n=0;n<len; n++){
    > printf("%c",str[n]);
    > }
    > dump("DATA",(void*)str,len);
    > # endif
    > printf("JUST BEFORE FREE\n");
    > free(str);


    And here you try to free() a pointer that you probably haven't gotten
    from a call of malloc(), calloc() or realloc(). No big surprise that
    you then get a segmentation fault - free() really hates it when it gets
    a wrong pointer:)
    Regards, Jens
    --
    \ Jens Thoms Toerring ___ -berlin.de
    \__________________________ http://www.toerring.de
    -berlin.de, Aug 3, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. which version libpcap

    , Apr 13, 2007, in forum: Python
    Replies:
    1
    Views:
    280
    Jorgen Grahn
    Apr 13, 2007
  2. Gabriel

    python libpcap equivalent

    Gabriel, Feb 3, 2009, in forum: Python
    Replies:
    0
    Views:
    229
    Gabriel
    Feb 3, 2009
  3. Mag Gam

    libpcap and python

    Mag Gam, Feb 1, 2010, in forum: Python
    Replies:
    2
    Views:
    1,255
    gashero
    Feb 3, 2010
  4. Andrey Vul
    Replies:
    8
    Views:
    683
    Richard Bos
    Jul 30, 2010
  5. William Morgan

    libpcap-ruby

    William Morgan, Aug 19, 2004, in forum: Ruby
    Replies:
    3
    Views:
    126
    William Morgan
    Aug 23, 2004
Loading...

Share This Page