pointer suddenly destroys

[Eric Sosman]

Hello, All!

I faced with unknown problem for me, hopefully local guru can help me out.

#define MSGLEN 32
#define BUFFLEN 1024

typedef struct msg_s {
unsigned char msg_flag;
unsigned char msg_type;
unsigned char msg_rc;
char msg_id[MSGLEN];
char msg_passwd[MSGLEN];
char msg_fqdn[MSGLEN];
char msg_ipaddr[MSGLEN];
char msg_serialno[MSGLEN];
} msg_t;
...
msg_t *msg, *msg2;
char szQuery[BUFFLEN] = { 0 };

msg = malloc( sizeof(msg_t) );
msg2 = malloc( sizeof(msg_t) );
if ( !msg || !msg2 ) {
/* error message */
}

/* keep copy of buffer */

Why? It doesn't contain anything valuable: memory
obtained from malloc() has indeterminate content.

memcpy(msg2, msg, sizeof(msg_t));
...

Here function is called, which absolutely doesn't deal with 'msg',
nevertheless after this 'msg' pointer is crashed and I'm unable to access it
properly, resulting with 'segmentation fault'.
(for reference: in GDB "print *msg" or "print *msg2" gives "Cannot access
memory at address 0x0"). Seems like memory occupied by 'msg' and 'msg2' was
corrupted and flew away, but how? Might be there are some common ways,
methods or rules to check correctness of memory allocation and keeping? Are
there any typical errors to look for in code...

You haven't provided enough code for a serious attempt
at debugging, so all I can do is guess. My guess is that
the mystery function tries to put more characters in szQuery
than will fit there, possibly with a call like

strncpy(szQuery, "Hello, world!", BUFSIZ);

(Note the change from BUFFLEN to BUFSIZ.)

Of course, I'm only guessing.

 

[Roman Mashak]

Hello, All!

I faced with unknown problem for me, hopefully local guru can help me out.

#define MSGLEN 32
#define BUFFLEN 1024

typedef struct msg_s {
unsigned char msg_flag;
unsigned char msg_type;
unsigned char msg_rc;
char msg_id[MSGLEN];
char msg_passwd[MSGLEN];
char msg_fqdn[MSGLEN];
char msg_ipaddr[MSGLEN];
char msg_serialno[MSGLEN];
} msg_t;
....
msg_t *msg, *msg2;
char szQuery[BUFFLEN] = { 0 };

msg = malloc( sizeof(msg_t) );
msg2 = malloc( sizeof(msg_t) );
if ( !msg || !msg2 ) {
/* error message */
}

/* keep copy of buffer */
memcpy(msg2, msg, sizeof(msg_t));
....

Here function is called, which absolutely doesn't deal with 'msg',
nevertheless after this 'msg' pointer is crashed and I'm unable to access it
properly, resulting with 'segmentation fault'.
(for reference: in GDB "print *msg" or "print *msg2" gives "Cannot access
memory at address 0x0"). Seems like memory occupied by 'msg' and 'msg2' was
corrupted and flew away, but how? Might be there are some common ways,
methods or rules to check correctness of memory allocation and keeping? Are
there any typical errors to look for in code...

Big thanks for any help~

With best regards, Roman Mashak. E-mail: (e-mail address removed)

 

[Michael Mair]

Hello, All!

I faced with unknown problem for me, hopefully local guru can help me out.

#define MSGLEN 32
#define BUFFLEN 1024

typedef struct msg_s {
unsigned char msg_flag;
unsigned char msg_type;
unsigned char msg_rc;
char msg_id[MSGLEN];
char msg_passwd[MSGLEN];
char msg_fqdn[MSGLEN];
char msg_ipaddr[MSGLEN];
char msg_serialno[MSGLEN];
} msg_t;
...
msg_t *msg, *msg2;
char szQuery[BUFFLEN] = { 0 };

msg = malloc( sizeof(msg_t) );
msg2 = malloc( sizeof(msg_t) );
if ( !msg || !msg2 ) {
/* error message */
}

/* keep copy of buffer */
memcpy(msg2, msg, sizeof(msg_t));
...

Here function is called, which absolutely doesn't deal with 'msg',
nevertheless after this 'msg' pointer is crashed and I'm unable to access it
properly, resulting with 'segmentation fault'.
(for reference: in GDB "print *msg" or "print *msg2" gives "Cannot access
memory at address 0x0"). Seems like memory occupied by 'msg' and 'msg2' was
corrupted and flew away, but how? Might be there are some common ways,
methods or rules to check correctness of memory allocation and keeping? Are
there any typical errors to look for in code...

You don't provide enough information for us to help you.
<OT>
Use gdb's watch command; I have not worked with it for a while
but IIRC you have to abuse it to get what you want. Something
along the lines of getting the address of msg and watching
*((msg_t *)address) (otherwise, the watchpoint evaporates when
in the new function. With this, you just continue and wait until
the break at the watch point when the contents at &msg are
changed.
Try it or ask for details in gnu.gcc.help as my memory may be
wrong.
</OT>

Cheers
Michael

 

[Roman Mashak]

Hello, Eric!
You wrote on Fri, 25 Nov 2005 10:38:14 -0500:

ES> You haven't provided enough code for a serious attempt
ES> at debugging, so all I can do is guess. My guess is that
ES> the mystery function tries to put more characters in szQuery
ES> than will fit there, possibly with a call like

ES> strncpy(szQuery, "Hello, world!", BUFSIZ);

ES> (Note the change from BUFFLEN to BUFSIZ.)

ES> Of course, I'm only guessing.
Thank you for reply, seems like I missed the correct version of MySQL header
files and library while linking code. Perhaps it caused the above-mentioned
behavior, when I made connection to MySQL. At least now pointer is not
corrupted.

With best regards, Roman Mashak. E-mail: (e-mail address removed)