chunk_alloc segfault

[vlindos]

I have this code
<code>
#include <stdio.h>
#include <stdlib.h>
#include <mysql/mysql.h>

char locale_loaded[2];

int i18n_num;

struct i18n_t{
char *msg;
char *gsm;
} **i18n_cache;

void i18n_init(char locale[2])
{
char qbuf[1024];
MYSQL_ROW row;
MYSQL_RES *res;

strcpy(locale_loaded, locale);
sprintf(qbuf, "select msg,%s from i18n", locale);
if(mysql_query(mysql_sock, qbuf)) {
fprintf(stderr, "FATAL ERROR: Cannot connect MySQL
DB.\n");
exit(0);
}
res = mysql_store_result(mysql_sock);
i18n_num = 0;
while((row = mysql_fetch_row(res)) != NULL) {
i18n_cache = (struct i18n_t **) realloc(i18n_cache,
++i18n_num * (sizeof(struct i18n_t)));
i18n_cache[i18n_num-1] = (struct i18n_t
*)malloc(sizeof(struct i18n_t));
if(row[0] == NULL) { i18n_num--; continue; }
i18n_cache[i18n_num-1]->msg = (char
*)malloc(sizeof(row[0]));
strcpy(i18n_cache[i18n_num-1]->msg, row[0]);
if(row[1] == NULL) continue;
i18n_cache[i18n_num-1]->gsm = (char
*)malloc(sizeof(row[1]));
strcpy(i18n_cache[i18n_num-1]->msg, row[1]);
}

return;
}
</code>
It parses sereval times results and gives the unexpected:
<gdb-output>
Breakpoint 1, main () at rebmin.c:31
31 mysql_init(&mysql_t);
(gdb) s 30
31 while((row = mysql_fetch_row(res)) != NULL) {
(gdb) s
32 i18n_cache = (struct i18n_t **)
realloc(i18n_cache, ++i18n_num * (sizeof(struct i18n_t)));
(gdb) s

Program received signal SIGSEGV, Segmentation fault.
0x4207b7fd in chunk_realloc () from /lib/i686/libc.so.6
(gdb)
</gdb-output>
any ideas ?

 

[Sheldon Simms]

I have this code
<code>
#include <stdio.h>

You need this too:

#include <stdlib.h>
#include <mysql/mysql.h>

char locale_loaded[2];

int i18n_num;

struct i18n_t{
char *msg;
char *gsm;
} **i18n_cache;

You seem to be relying on this being initialized to a null pointer.
That's fine, but why not make it explicit?

I hypothesize that you want to build an dynamically allocated array
of pointers to struct i18n_t.

Since we might want another pointer of this type, I'll go ahead and
declare another one too.

} **i18n_cache = NULL, **resized_cache = NULL;
/* for dynamically allocated array of pointer to struct i18n_t */

void i18n_init(char locale[2])
{
char qbuf[1024];
MYSQL_ROW row;
MYSQL_RES *res;

strcpy(locale_loaded, locale);
sprintf(qbuf, "select msg,%s from i18n", locale);
if(mysql_query(mysql_sock, qbuf)) {
fprintf(stderr, "FATAL ERROR: Cannot connect MySQL DB.\n");
exit(0);
}
res = mysql_store_result(mysql_sock);
i18n_num = 0;

while((row = mysql_fetch_row(res)) != NULL) {
i18n_cache = (struct i18n_t **)

realloc(i18n_cache, ++i18n_num * (sizeof(struct i18n_t)));

That's a lot going on in one line. Let's see, we don't need the cast of
realloc's return value, I'd prefer to increment i18n_num before this
line, and look at that sizeof.

You are trying to allocate an array of _pointers_ to struct i18n_t. That
is clear from the next line. So sizeof(struct i18n_t) can't be right.
We can get the correct size to allocate by finding out the size of the
kind of thing that i18n_cache points to.

Lastly, you need to check to make sure that realloc succeeded. Since
it will return NULL on failure, it's probably a bad idea to assign
its return value to i18n_cache, since you'll lose your only pointer
to your array.

++i18n_num;
resized_cache = realloc(i18n_cache, i18n_num * sizeof *i18n_cache);
if (resized_cache == NULL) {
/* oops, realloc() failed */
break; /* exit while */
}

i18n_cache = resized_cache;

i18n_cache[i18n_num-1] = (struct i18n_t *)malloc(sizeof(struct i18n_t));

You don't need to cast the result of malloc, but you do need to
make sure that it succeeded. Also, I've changed the sizeof to
find the size of the thing we're allocating instead of the size
of its type, as above.

i18n_cache[i18n_num-1] = malloc(sizeof **i18n_cache);
if (i18n_cache[i18n_num-1] == NULL) {
/* oops, malloc() failed */
break; /* exit while */
}

if(row[0] == NULL) { i18n_num--; continue; }

Why is this line here? Presumably you know whether row[0] is a
null pointer or not right after mysql_fetch_row() is called.
If you test it at the top of the while loop, then you won't
call realloc and malloc before you actually need the space.

i18n_cache[i18n_num-1]->msg = malloc(sizeof(row[0]));

Whoa! Without knowing anything about MySQL, this line looks
mighty suspicious. In the next line, you are using strcpy() to
copy a string that is pointed to by row[0]. Here you are
allocating a buffer for that string, but you are only
allocating enough space for a pointer! I know this is because
MYSQL_ROW is defined in mysql/mysql.h as:

typedef char **MYSQL_ROW;

This error is probably the cause of your segmentation fault.
So you need to allocate a buffer big enough to contain the
entire string, and of course you need to check to make sure
that malloc succeeded:

i18n_cache[i18n_num-1]->msg = malloc(strlen(row[0])+1);
if (i18n_cache[i18n_num-1]->msg == NULL) {
/* oops, malloc() failed */
break; /* exit while */
}

strcpy(i18n_cache[i18n_num-1]->msg, row[0]);
if(row[1] == NULL) continue;
i18n_cache[i18n_num-1]->gsm = (char *)malloc(sizeof(row[1]));

You have the exact same problem here:

i18n_cache[i18n_num-1]->gsm = malloc(strlen(row[1])+1);
if (i18n_cache[i18n_num-1]->msg == NULL) {
/* oops, malloc() failed */
break; /* exit while */
}

strcpy(i18n_cache[i18n_num-1]->msg, row[1]);

Surely this is supposed to copy into ->gsm instead of ->msg?

strcpy(i18n_cache[i18n_num-1]->gsm, row[1]);

}

return;
}

Here's the code again, in full, direct from my emacs. I've
compiled it

gcc -Wall -O2 -pedantic -std=c99 -c test.c

But haven't tried to test it.

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <mysql/mysql.h>

char locale_loaded[2];

int i18n_num;

MYSQL *mysql_sock;

struct i18n_t {
char *msg;
char *gsm;
} **i18n_cache = NULL, **resized_cache = NULL;

void i18n_init(char locale[2])
{
char qbuf[1024];
MYSQL_ROW row;
MYSQL_RES *res;

strcpy(locale_loaded, locale);
sprintf(qbuf, "select msg,%s from i18n", locale);

if (mysql_query(mysql_sock, qbuf))
{
fprintf(stderr, "FATAL ERROR: Cannot connect MySQL DB.\n");
exit(0);
}

res = mysql_store_result(mysql_sock);

i18n_num = 0;

while ((row = mysql_fetch_row(res)) != NULL)
{
if (row[0] == NULL) continue;

++i18n_num;

resized_cache = realloc(i18n_cache, i18n_num * sizeof *i18n_cache);
if (resized_cache == NULL) {
/* oops, realloc() failed */
break; /* exit while loop */
}

i18n_cache = resized_cache;

i18n_cache[i18n_num - 1] = malloc(sizeof i18n_cache);
if (i18n_cache[i18n_num-1] == NULL) {
/* oops, malloc() failed */
break; /* exit while */
}

i18n_cache[i18n_num-1]->msg = malloc(strlen(row[0])+1);
if (i18n_cache[i18n_num-1]->msg == NULL) {
/* oops, malloc() failed */
break; /* exit while */
}

strcpy(i18n_cache[i18n_num - 1]->msg, row[0]);

if (row[1] == NULL) continue;

i18n_cache[i18n_num-1]->gsm = malloc(strlen(row[1])+1);
if (i18n_cache[i18n_num-1]->gsm == NULL) {
/* oops, malloc() failed */
break; /* exit while */
}

strcpy(i18n_cache[i18n_num - 1]->gsm, row[1]);
}

return;
}

 

[Mark Gordon]

On 22 Oct 2003 02:42:53 -0700

I have this code
<code>
#include <stdio.h>
#include <stdlib.h>
#include <mysql/mysql.h>

char locale_loaded[2];

Are you sure you mean 2? that's space for 1 char followed by a null
terminator. If I am right this could cause a segmentation violation or
anything else. I think you want

char locale_loaded[3];

int i18n_num;

struct i18n_t{
char *msg;
char *gsm;
} **i18n_cache;

void i18n_init(char locale[2])

Again, I think it is more than 2 characters! Anyway, I would just do:

void i18n_init(char *locale)

{
char qbuf[1024];
MYSQL_ROW row;
MYSQL_RES *res;

strcpy(locale_loaded, locale);

Not very safe. What is a string longer than 1 characters (or 2
characters after my suggested change) is passed in?

sprintf(qbuf, "select msg,%s from i18n", locale);
if(mysql_query(mysql_sock, qbuf)) {

You did not include a definition of mysql_sock in the posted code. I
assume this is a global and has been properly initialised?

Anything to do with mysql is off topic for this group.

fprintf(stderr, "FATAL ERROR: Cannot connect MySQL
DB.\n");
exit(0);
}
res = mysql_store_result(mysql_sock);
i18n_num = 0;
while((row = mysql_fetch_row(res)) != NULL) {
i18n_cache = (struct i18n_t **) realloc(i18n_cache,
++i18n_num * (sizeof(struct i18n_t)));

BAD for numerous reasons. Try

struct i18n_t **tmp_i18n_cache =
realloc(i18n_cache, ++i18n_num * sizeof *tmp_i18n_cache);
if (tmp_i18n_cache == NULL) {
fprintf(stderr, "FATAL ERROR: realloc i18n_cache failed\n");
exit(0);
/* You can used some error recovery if you want instead.
i18n_cache still points to the data you had */
}
i18n_cache = tmp_i18n_cache;

i18n_cache[i18n_num-1] = (struct i18n_t
*)malloc(sizeof(struct i18n_t));

Bad. Use
i18n_cache[i18n_num-1] = malloc(sizeof **i18n_cache);
if (i18n_cache[i18n_num-1] == NULL) {
fprintf(stderr,
"FATAL ERROR: malloc i18n_cache[] failed\n");
exit(0);
}

or something similar.

if(row[0] == NULL) { i18n_num--; continue; }
i18n_cache[i18n_num-1]->msg = (char
*)malloc(sizeof(row[0]));
strcpy(i18n_cache[i18n_num-1]->msg, row[0]);

Almost certainly wrong, but MySQL is off topic here.

if(row[1] == NULL) continue;
i18n_cache[i18n_num-1]->gsm = (char
*)malloc(sizeof(row[1]));
strcpy(i18n_cache[i18n_num-1]->msg, row[1]);

Almost certainly wrong, but MySQL is off topic here.

}

return;
}
</code>
It parses sereval times results and gives the unexpected:
<gdb-output>
Breakpoint 1, main () at rebmin.c:31
31 mysql_init(&mysql_t);
(gdb) s 30
31 while((row = mysql_fetch_row(res)) != NULL) {
(gdb) s
32 i18n_cache = (struct i18n_t **)
realloc(i18n_cache, ++i18n_num * (sizeof(struct i18n_t)));
(gdb) s

Program received signal SIGSEGV, Segmentation fault.
0x4207b7fd in chunk_realloc () from /lib/i686/libc.so.6
(gdb)
</gdb-output>
any ideas ?

One of the errors above (or something else where in your code) has
probably run off the end of a buffer and overwritten something critical.