When I call malloc() to get some space, I get Segmentation fault

Discussion in 'C Programming' started by Zheng Da, Jun 2, 2005.

  1. Zheng Da

    Zheng Da Guest

    Program received signal SIGSEGV, Segmentation fault.
    0x40093343 in _int_malloc () from /lib/tls/libc.so.6
    (gdb) bt
    #0 0x40093343 in _int_malloc () from /lib/tls/libc.so.6
    #1 0x40094c54 in malloc () from /lib/tls/libc.so.6

    It's really strange; I just call malloc() like "tmp=malloc(size);"
    the system gives me Segmentation fault

    I want to write a code to do like a dynamic array, and the code is as
    follow:
    char *t=space->ptr;
    int size=0;
    char *tmp=NULL;
    printf("pointer:%p\tsize:%d\n" , space->ptr ,
    space->capacity*space->unit_size);
    space->capacity+=100;
    //printf("%s\n" , (char *)space->ptr);

    //space->ptr=realloc(space->ptr , space->capacity*space->unit_size);
    size=space->capacity*space->unit_size;
    tmp=malloc(size);
    printf("---pointer:%p\tnew size:%d\n" , tmp ,
    space->capacity*space->unit_size);
    space->ptr=tmp;
    memcpy(space->ptr , t , (space->capacity-100)*space->unit_size);
    free(t);
    if(space->ptr == NULL)
    err_quit("there is not enough space\n");

    At first I use realloc() to realize the dynamic array, but there is
    also Segmentation fault, so I change the code.
    The following is what the program print when it ran.
    The first time it goes well:
    pointer:(nil) size:0
    ---pointer:0x8051230 new size:100
    pointer:0x8051230 size:100
    ---pointer:0x8051b20 new size:200
    pointer:0x8051b20 size:200
    ---pointer:0x8051cd8 new size:300
    pointer:0x8051cd8 size:300
    ---pointer:0x8051e08 new size:400
    pointer:0x8051e08 size:400
    ---pointer:0x8051fa0 new size:500
    pointer:0x8051fa0 size:500
    ---pointer:0x8051cd8 new size:600
    pointer:0x8051cd8 size:600
    ---pointer:0x8051f38 new size:700
    free pointer:0x8051f38

    For the second time, there is something wrong, glibc says I have double
    free 0x08051230, but I'm sure I don't
    pointer:(nil) size:0
    ---pointer:0x8051230 new size:100
    pointer:0x8051230 size:100
    ---pointer:0x8051b20 new size:200
    *** glibc detected *** double free or corruption: 0x08051230 ***
    pointer:0x8051b20 size:200
    ---pointer:0x8052cf8 new size:300
    pointer:0x8052cf8 size:300
    ---pointer:0x8052e28 new size:400
    pointer:0x8052e28 size:400
    ---pointer:0x8052fc0 new size:500
    pointer:0x8052fc0 size:500
    ---pointer:0x8052cf8 new size:600
    pointer:0x8052cf8 size:600
    ---pointer:0x8052f58 new size:700
    pointer:0x8052f58 size:700
    ---pointer:0x8053218 new size:800
    pointer:0x8053218 size:800
    ---pointer:0x8052cf8 new size:900
    pointer:0x8052cf8 size:900
    ---pointer:0x8053080 new size:1000
    pointer:0x8053080 size:1000
    ---pointer:0x8053470 new size:1100
    pointer:0x8053470 size:1100
    ---pointer:0x8052cf8 new size:1200
    pointer:0x8052cf8 size:1200
    ---pointer:0x80531b0 new size:1300
    pointer:0x80531b0 size:1300
    ---pointer:0x80536c8 new size:1400
    pointer:0x80536c8 size:1400
    ---pointer:0x8052cf8 new size:1500
    pointer:0x8052cf8 size:1500
    ---pointer:0x80532d8 new size:1600
    pointer:0x80532d8 size:1600
    ---pointer:0x8053920 new size:1700
    free pointer:0x8053920

    The third time, I get Segmentation fault
    ---pointer:0x8051b20 new size:100
    pointer:0x8051b20 size:100

    Program received signal SIGSEGV, Segmentation fault.
    0x40093343 in _int_malloc () from /lib/tls/libc.so.6

    Why?
    It troubles me too much.
    Please help me!
    Thank you!
     
    Zheng Da, Jun 2, 2005
    #1
    1. Advertising

  2. Zheng Da

    S.Tobias Guest

    Zheng Da <> wrote:

    > It's really strange; I just call malloc() like "tmp=malloc(size);"
    > the system gives me Segmentation fault


    > I want to write a code to do like a dynamic array, and the code is as
    > follow:
    > char *t=space->ptr;


    What is `space', and `space->ptr'?

    > int size=0;
    > char *tmp=NULL;
    > printf("pointer:%p\tsize:%d\n" , space->ptr ,
    > space->capacity*space->unit_size);
    > space->capacity+=100;
    > //printf("%s\n" , (char *)space->ptr);


    > //space->ptr=realloc(space->ptr , space->capacity*space->unit_size);
    > size=space->capacity*space->unit_size;
    > tmp=malloc(size);
    > printf("---pointer:%p\tnew size:%d\n" , tmp ,
    > space->capacity*space->unit_size);
    > space->ptr=tmp;
    > memcpy(space->ptr , t , (space->capacity-100)*space->unit_size);
    > free(t);
    > if(space->ptr == NULL)

    (Isn't it a bit too late to check this here, after memcpy()?)
    > err_quit("there is not enough space\n");


    There are too many unknowns. No-one can help you until you send
    the smallest code that shows the problem, that everybody can
    compile.

    --
    Stan Tobias
    mailx `echo LID | sed s/[[:upper:]]//g`
     
    S.Tobias, Jun 2, 2005
    #2
    1. Advertising

  3. Zheng Da wrote:
    > Program received signal SIGSEGV, Segmentation fault.
    > 0x40093343 in _int_malloc () from /lib/tls/libc.so.6
    > (gdb) bt
    > #0 0x40093343 in _int_malloc () from /lib/tls/libc.so.6
    > #1 0x40094c54 in malloc () from /lib/tls/libc.so.6
    >
    > It's really strange; I just call malloc() like "tmp=malloc(size);"
    > the system gives me Segmentation fault
    >
    > I want to write a code to do like a dynamic array, and the code is as
    > follow:
    > char *t=space->ptr;
    > int size=0;
    > char *tmp=NULL;
    > printf("pointer:%p\tsize:%d\n" , space->ptr ,
    > space->capacity*space->unit_size);


    Passing a pointer to printf you should cast it to (void*).
    This is not your problem I'd guess.

    > space->capacity+=100;
    > //printf("%s\n" , (char *)space->ptr);
    >
    > //space->ptr=realloc(space->ptr , space->capacity*space->unit_size);


    This was a better way to do it. Except that you always need to use a
    temporary variable when reallocing to avoid memory leakage/original
    pointer loss on failure. i.e. if the realloc fails here, you no longer
    have the pointer to
    your original space...

    > size=space->capacity*space->unit_size;
    > tmp=malloc(size);
    > printf("---pointer:%p\tnew size:%d\n" , tmp ,
    > space->capacity*space->unit_size);
    > space->ptr=tmp;
    > memcpy(space->ptr , t , (space->capacity-100)*space->unit_size);
    > free(t);
    > if(space->ptr == NULL)


    You'd have probably crashed before this, because you have copied into
    the NULL pointer.

    > err_quit("there is not enough space\n");
    >
    > At first I use realloc() to realize the dynamic array, but there is
    > also Segmentation fault, so I change the code.


    Your code above looks basically OK. Crashes in malloc are often
    far removed from the scene of the crime, which makes them hard
    to diagnose. For example, if in other code you overwrote the bounds
    of dynamically allocated memory, the problem might only manifest
    itself here. Since I see above that this is a char* string (based
    on your commented out printf), such problems often include failure
    to account for the '\0' character that is at the end of the string
    resulting in a 1 byte overrun.

    If you can provide a small self contained (and compilable) set of code,
    I expect folks here would see the problem in moments. If not, I
    recommend
    you find some tools on your system that are good at diagnosing this
    sort of problem (examples include
    valgrind/purify/boundschecker/electric fence/glibc
    MALLOC_CHECK/insure++). Note that questions on these tools
    should be addressed to a newsgroup dedicated to your system, for
    example comp.unix.programmer if you are using unix.

    -David
     
    David Resnick, Jun 2, 2005
    #3
  4. Zheng Da

    Guest

    Zheng Da wrote:

    > Program received signal SIGSEGV, Segmentation fault.
    > 0x40093343 in _int_malloc () from /lib/tls/libc.so.6
    > (gdb) bt
    > #0 0x40093343 in _int_malloc () from /lib/tls/libc.so.6
    > #1 0x40094c54 in malloc () from /lib/tls/libc.so.6
    >
    > It's really strange; I just call malloc() like "tmp=malloc(size);"
    > the system gives me Segmentation fault
    >

    <snip><snip>

    > Why?
    > It troubles me too much.
    > Please help me!
    > Thank you!



    Okay, very generic comment, but might come in handy.
    I have seen mallocs and frees give segmentation fault when you have memory
    corruption in your code BEFORE you call that malloc /free. The generic
    reason is, malloc/free work on a linked list of memory blocks. If you
    overwrite some of the control areas of this link-list (which generally
    reside just after or before the memory blocks, making them prone to buffer
    overflows), malloc/free can generate a segmentation fault as they could be
    trying to access some wrong locations as next free/allocated block.

    Check your code again to see if there are such issues before the call to
    malloc.


    --
    -IG
     
    , Jun 2, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bin Lu

    malloc segmentation fault

    Bin Lu, Oct 3, 2003, in forum: C Programming
    Replies:
    9
    Views:
    7,585
    Mark McIntyre
    Oct 23, 2003
  2. Alexandre

    Segmentation fault in mallopt/malloc call

    Alexandre, Feb 18, 2005, in forum: C Programming
    Replies:
    7
    Views:
    484
    RoSsIaCrIiLoIA
    Mar 6, 2005
  3. Dawn Minnis

    Malloc returning segmentation fault

    Dawn Minnis, Mar 15, 2005, in forum: C Programming
    Replies:
    2
    Views:
    473
  4. I_have_nothing
    Replies:
    6
    Views:
    846
    I_have_nothing
    Jun 15, 2005
  5. segmentation fault, malloc error

    , Nov 12, 2007, in forum: C Programming
    Replies:
    7
    Views:
    807
Loading...

Share This Page