Unpredictable segmentation fault

Discussion in 'C Programming' started by Andrea, Jun 3, 2007.

  1. Andrea

    Andrea Guest

    I wrote this code:

    void * xmalloc (size_t size){
    register void *value = OPENSSL_malloc(size);
    if (value == 0)
    printf("virtual memory exhausted");
    return value;
    }

    int _chooseTSK(char* message,int seed){
    _hash hash,hash2;
    char *strp,*prova,*res;
    int result;
    BIGNUM *mess,*cmp,*rem,*k;
    BN_CTX *ctx;
    mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
    ctx = BN_CTX_new();
    _evp_hash(&hash,message);
    prova=xmalloc(2*strlen(hash.digest)+1);
    strcpy(prova,hex2str(hash.digest,hash.digest_size));
    BN_hex2bn(&mess,(const char*) prova);
    BN_set_word(k,K);
    BN_mod(rem,mess,k,ctx);
    strp=xmalloc(BN_num_bytes(mess));
    strp = BN_bn2dec(mess);
    res = BN_bn2dec(rem);
    result=atoi((const char *) res);
    _evp_hash(&hash2,message);
    BN_dec2bn(&cmp,(const char*) hash2.digest);
    OPENSSL_free(strp);
    OPENSSL_free(mess);
    OPENSSL_free(rem);
    OPENSSL_free(k);
    OPENSSL_free(cmp);
    BN_CTX_end(ctx);
    return result;
    }


    int main(int argc,char** argv){
    int i,j;
    char* prova;
    char* speriamo="spero";
    prova=xmalloc(strlen(argv[1])+1+5);
    for(i=0;i<10;i++){
    printf("\n%d",_chooseTSK(argv[1],i));
    }
    printf("\n");
    for(j=0;j<1;j++){
    for(i=0;i<1000;i++){
    sprintf( prova, "%s|%d",argv[1],i);
    printf("\n%d: %d",i,_chooseTSK(prova,i));
    *prova="\0";
    }
    }
    free(prova);
    return 0;
    }


    During the execution of this program i always obtain unpredictable
    segmentation fault. After running it trough gdb debugger it tolds me
    this:
    Program received signal SIGSEGV, Segmentation fault.
    0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
    48 prova=xmalloc(strlen(argv[1])+1+5);

    But i receive seg fault some time after 5 iteration sometime after 100
    iteration,
    any suggestion?
     
    Andrea, Jun 3, 2007
    #1
    1. Advertising

  2. Andrea

    Andrea Guest

    On Jun 3, 10:43 pm, Andrea <> wrote:
    > I wrote this code:
    >
    > void * xmalloc (size_t size){
    > register void *value = OPENSSL_malloc(size);
    > if (value == 0)
    > printf("virtual memory exhausted");
    > return value;
    >
    > }
    >
    > int _chooseTSK(char* message,int seed){
    > _hash hash,hash2;
    > char *strp,*prova,*res;
    > int result;
    > BIGNUM *mess,*cmp,*rem,*k;
    > BN_CTX *ctx;
    > mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
    > ctx = BN_CTX_new();
    > _evp_hash(&hash,message);
    > prova=xmalloc(2*strlen(hash.digest)+1);
    > strcpy(prova,hex2str(hash.digest,hash.digest_size));
    > BN_hex2bn(&mess,(const char*) prova);
    > BN_set_word(k,K);
    > BN_mod(rem,mess,k,ctx);
    > strp=xmalloc(BN_num_bytes(mess));
    > strp = BN_bn2dec(mess);
    > res = BN_bn2dec(rem);
    > result=atoi((const char *) res);
    > _evp_hash(&hash2,message);
    > BN_dec2bn(&cmp,(const char*) hash2.digest);
    > OPENSSL_free(strp);
    > OPENSSL_free(mess);
    > OPENSSL_free(rem);
    > OPENSSL_free(k);
    > OPENSSL_free(cmp);
    > BN_CTX_end(ctx);
    > return result;
    >
    > }
    >
    > int main(int argc,char** argv){
    > int i,j;
    > char* prova;
    > char* speriamo="spero";
    > prova=xmalloc(strlen(argv[1])+1+5);
    > for(i=0;i<10;i++){
    > printf("\n%d",_chooseTSK(argv[1],i));
    > }
    > printf("\n");
    > for(j=0;j<1;j++){
    > for(i=0;i<1000;i++){
    > sprintf( prova, "%s|%d",argv[1],i);
    > printf("\n%d: %d",i,_chooseTSK(prova,i));
    > *prova="\0";
    > }
    > }
    > free(prova);
    > return 0;
    >
    > }
    >
    > During the execution of this program i always obtain unpredictable
    > segmentation fault. After running it trough gdb debugger it tolds me
    > this:
    > Program received signal SIGSEGV, Segmentation fault.
    > 0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
    > 48 prova=xmalloc(strlen(argv[1])+1+5);
    >
    > But i receive seg fault some time after 5 iteration sometime after 100
    > iteration,
    > any suggestion?


    Other part of my code is listed below:

    void * xmalloc2 (size_t size){
    register void *value = OPENSSL_malloc(size);
    if (value == 0)
    printf("virtual memory exhausted");
    return value;
    }
    int _evp_hash(_hash *hash,char *message){
    const EVP_MD *md;
    EVP_MD_CTX mdctx;
    unsigned char *ret;
    unsigned int md_len,i;
    OpenSSL_add_all_digests();
    md = EVP_get_digestbyname(HASH);
    if(!md) {
    printf("Unknown message digest %s\n",HASH);
    exit(1);
    }
    if(!(ret=(unsigned char*) xmalloc2(EVP_MAX_MD_SIZE)))
    return NULL;
    EVP_DigestInit(&mdctx, md);
    EVP_DigestUpdate(&mdctx, message, strlen(message));
    EVP_DigestFinal(&mdctx, hash->digest , &md_len);
    hash->digest_size=md_len;
    hash->digest_size=md_len;
    free(ret);
    return 0;
    }
    void print_hex(unsigned char *bs, unsigned int n){
    int i;
    for (i=0;i<n;i++){
    printf("%02x",bs);
    }
    }


    char* hex2str(unsigned char *hex,unsigned int len){
    int i;
    char app[3];
    char *buf;
    //app=malloc(sizeof(char));
    buf=xmalloc2(2*len+1);
    strcpy(buf,"");
    for (i=0;i<len;i++){
    sprintf(app,"%02x",hex);
    strcat(buf,app);
    }
    //free(app);
    return buf;
    }

    I runned again gdb and this is the problem:

    *** glibc detected *** malloc(): memory corruption (fast): 0x0804cc38
    ***
    9: 3
    Program received signal SIGABRT, Aborted.
    0xffffe410 in __kernel_vsyscall ()

    Program received signal SIGSEGV, Segmentation fault.
    0xb7e70be4 in lh_insert () from /usr/lib/i686/cmov/libcrypto.so.0.9.8
     
    Andrea, Jun 3, 2007
    #2
    1. Advertising

  3. Andrea

    Default User Guest

    Andrea wrote:


    > During the execution of this program i always obtain unpredictable
    > segmentation fault. After running it trough gdb debugger it tolds me
    > this:
    > Program received signal SIGSEGV, Segmentation fault.
    > 0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
    > 48 prova=xmalloc(strlen(argv[1])+1+5);
    >
    > But i receive seg fault some time after 5 iteration sometime after 100
    > iteration,
    > any suggestion?


    If it seg faults during a malloc() or related call, then you've likely
    corrupted memory by overrunning an array boundary or the like.

    Start cutting down the code to isolate the problem.




    Brian
     
    Default User, Jun 3, 2007
    #3
  4. In article <>,
    Default User <> wrote:

    >If it seg faults during a malloc() or related call, then you've likely
    >corrupted memory by overrunning an array boundary or the like.


    True. Or you have double-free()ed memory or, or free()ed non-malloc()ed
    memory, or something similar.

    >Start cutting down the code to isolate the problem.


    Most modern systems have tools to make solving this sort of problem
    much more efficient. For example, if you are using a unix-like system
    you may have a program called "valgrind" available, or your debugger
    may have a built-in memory-checking mode. Don't waste time doing by
    hand what a program can do for you.

    -- Richard
    --
    "Consideration shall be given to the need for as many as 32 characters
    in some alphabets" - X3.4, 1963.
     
    Richard Tobin, Jun 3, 2007
    #4
  5. On Sun, 03 Jun 2007 20:43:23 -0000, Andrea <> wrote:

    >I wrote this code:
    >
    >void * xmalloc (size_t size){
    > register void *value = OPENSSL_malloc(size);
    > if (value == 0)
    > printf("virtual memory exhausted");
    > return value;
    >}
    >
    >int _chooseTSK(char* message,int seed){
    > _hash hash,hash2;
    > char *strp,*prova,*res;
    > int result;
    > BIGNUM *mess,*cmp,*rem,*k;
    > BN_CTX *ctx;
    > mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
    > ctx = BN_CTX_new();
    > _evp_hash(&hash,message);
    > prova=xmalloc(2*strlen(hash.digest)+1);
    > strcpy(prova,hex2str(hash.digest,hash.digest_size));
    > BN_hex2bn(&mess,(const char*) prova);
    > BN_set_word(k,K);
    > BN_mod(rem,mess,k,ctx);
    > strp=xmalloc(BN_num_bytes(mess));
    > strp = BN_bn2dec(mess);
    > res = BN_bn2dec(rem);
    > result=atoi((const char *) res);
    > _evp_hash(&hash2,message);
    > BN_dec2bn(&cmp,(const char*) hash2.digest);
    > OPENSSL_free(strp);
    > OPENSSL_free(mess);
    > OPENSSL_free(rem);
    > OPENSSL_free(k);
    > OPENSSL_free(cmp);
    > BN_CTX_end(ctx);
    > return result;
    >}
    >
    >
    >int main(int argc,char** argv){
    > int i,j;
    > char* prova;
    > char* speriamo="spero";
    > prova=xmalloc(strlen(argv[1])+1+5);


    Is argc at least 2? Are you sure argv[1] exists and is not NULL?

    > for(i=0;i<10;i++){
    > printf("\n%d",_chooseTSK(argv[1],i));
    > }
    > printf("\n");
    > for(j=0;j<1;j++){
    > for(i=0;i<1000;i++){
    > sprintf( prova, "%s|%d",argv[1],i);
    > printf("\n%d: %d",i,_chooseTSK(prova,i));
    > *prova="\0";
    > }
    > }
    > free(prova);
    > return 0;
    >}
    >
    >
    >During the execution of this program i always obtain unpredictable
    >segmentation fault. After running it trough gdb debugger it tolds me
    >this:
    >Program received signal SIGSEGV, Segmentation fault.
    >0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
    >48 prova=xmalloc(strlen(argv[1])+1+5);
    >
    >But i receive seg fault some time after 5 iteration sometime after 100
    >iteration,
    >any suggestion?


    Iterations of what? You do not call main recursively. You call
    xmalloc with argv[1] as part of the argument only once in main and
    that call is not inside a loop.

    You call a dynamic allocation routine several times and make no effort
    to determine if it succeeded before dereferencing the returned value.
    Any allocation failure would result in undefined behavior at the point
    of dereference.

    Your code contains numerous non-standard functions and types and you
    give us no information about any of them. In spite of appearances,
    most of us are not clairvoyant.

    If hash.digest is really an array of bytes containing hex data that
    will be expanded 2 for 1 as your code suggests, then passing that
    array to strlen will often not produce the correct value for the size
    of the resulting string when passed to hex2str. This is the same
    mistake you made in your other message (HEXADECIMAL to STRING) earlier
    today. My response to that message explains the problem in detail.
    Once your strcpy overflows the allocated space, you have invoked
    undefined behavior. One of the common manifestations of this kind of
    undefined behavior is for future calls to malloc or free to result in
    a segfault because you have screwed up the internal data they use to
    keep track of allocations.


    Remove del for email
     
    Barry Schwarz, Jun 4, 2007
    #5
  6. "Andrea" <> schrieb im Newsbeitrag
    news:...
    >I wrote this code:
    >
    > void * xmalloc (size_t size){
    > register void *value = OPENSSL_malloc(size);
    > if (value == 0)
    > printf("virtual memory exhausted");
    > return value;
    > }
    >
    > int _chooseTSK(char* message,int seed){
    > _hash hash,hash2;
    > char *strp,*prova,*res;
    > int result;
    > BIGNUM *mess,*cmp,*rem,*k;
    > BN_CTX *ctx;
    > mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
    > ctx = BN_CTX_new();
    > _evp_hash(&hash,message);
    > prova=xmalloc(2*strlen(hash.digest)+1);

    Sure prova isn't NULL?

    > strcpy(prova,hex2str(hash.digest,hash.digest_size));
    > BN_hex2bn(&mess,(const char*) prova);
    > BN_set_word(k,K);
    > BN_mod(rem,mess,k,ctx);
    > strp=xmalloc(BN_num_bytes(mess));

    sure strp isn't NULL?

    > strp = BN_bn2dec(mess);

    Writing to strp twice? Loosing the first value creates a memory leak!

    > res = BN_bn2dec(rem);
    > result=atoi((const char *) res);
    > _evp_hash(&hash2,message);
    > BN_dec2bn(&cmp,(const char*) hash2.digest);
    > OPENSSL_free(strp);

    freeing something that hasn't been malloc-ed? (assuming OPENSSL_free() calls
    free() and BN_bn2dec() did not use malloc() to obtain memory)

    > OPENSSL_free(mess);
    > OPENSSL_free(rem);
    > OPENSSL_free(k);
    > OPENSSL_free(cmp);
    > BN_CTX_end(ctx);
    > return result;
    > }
    >
    >
    > int main(int argc,char** argv){
    > int i,j;
    > char* prova;
    > char* speriamo="spero";
    > prova=xmalloc(strlen(argv[1])+1+5);

    Sure argv[1] isn't NULL before the call? Sure prova isn't NULL after the
    all? Better check

    > for(i=0;i<10;i++){
    > printf("\n%d",_chooseTSK(argv[1],i));
    > }
    > printf("\n");
    > for(j=0;j<1;j++){
    > for(i=0;i<1000;i++){
    > sprintf( prova, "%s|%d",argv[1],i);
    > printf("\n%d: %d",i,_chooseTSK(prova,i));
    > *prova="\0";
    > }
    > }
    > free(prova);
    > return 0;
    > }
    >
    >
    > During the execution of this program i always obtain unpredictable
    > segmentation fault. After running it trough gdb debugger it tolds me
    > this:
    > Program received signal SIGSEGV, Segmentation fault.
    > 0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
    > 48 prova=xmalloc(strlen(argv[1])+1+5);
    >
    > But i receive seg fault some time after 5 iteration sometime after 100
    > iteration,
    > any suggestion?



    Bye, Jojo
     
    Joachim Schmitz, Jun 4, 2007
    #6
  7. Andrea

    Tor Rustad Guest

    Andrea wrote:

    <snip>

    > But i receive seg fault some time after 5 iteration sometime after 100
    > iteration, any suggestion?


    You have posted a couple of basic questions, now you pull in the OpenSSL
    library, which isn't really supposed to be used by a newbie. Even if
    multiple ppl here have used this library before, OpenSSL is off-topic.

    To improve your chances of getting help, you should post a *minimal*
    example, illustrating your C problem, if any. If your problem is OpenSSL
    specific, sci.crypt is a better place to ask.

    A good start, is to post code that actually compile..!

    Your code was so ill-formated (hard to read), that it completely turned
    me off.

    $man indent

    --
    Tor <torust [at] online [dot] no>
     
    Tor Rustad, Jun 4, 2007
    #7
  8. Others have already mentioned several good suggestions, I have but one
    thing left to point out immediately (Yes I know this is at the top)

    Andrea wrote:
    > void * xmalloc (size_t size){
    > register void *value = OPENSSL_malloc(size);
    > if (value == 0)
    > printf("virtual memory exhausted");
    > return value;
    > }

    The printf() statement contains a string with no newline, I am not
    completely sure this will be printed on the screen if there is no other
    output before the program crashes.

    A better handling IMO would be something like this:

    if (!value)
    {
    fprintf(stderr,"virtual memory exhausted\n");
    exit(EXIT_FAILURE/*or some other suitable error code*/);
    }

    Making the output of something that is clearly an error message better
    go to stderr so it is *always* visible even if the output is piped
    somewhere.
    Immediately terminate the program with a defined error code in a case
    where it surely does not continue to work anyway.
     
    Johan Bengtsson, Jun 4, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew

    Unpredictable program behavior ..

    Andrew, Dec 6, 2003, in forum: C Programming
    Replies:
    3
    Views:
    385
    Andrew
    Dec 7, 2003
  2. Replies:
    44
    Views:
    996
  3. Replies:
    8
    Views:
    488
    red floyd
    May 17, 2006
  4. a
    Replies:
    5
    Views:
    291
    Barry Schwarz
    Dec 1, 2007
  5. Replies:
    5
    Views:
    357
    Ron Natalie
    Jan 11, 2008
Loading...

Share This Page