简单的4行C程序，只有大量的malloc与Valgrind的段错误

Question

When the following is run without valgrind, I don't get a segfault. When it's run with valgrind, I do. It seems to be a result of the size of the malloc, because if I make it about 1/4 that size, it doesn't happen.

#include <stdio.h>
#include <stdlib.h>

int main()
{
    float *a = malloc(400000000 * sizeof(float));
    a[5] = 3.0;
    printf("%f\n", a[5]);
    free(a);
}

Here's the output from valgrind

==31972== Memcheck, a memory error detector
==31972== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==31972== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==31972== Command: ./seg
==31972== 
==31972== Invalid write of size 4
==31972==    at 0x80484A5: main (seg.c:8)
==31972==  Address 0x5f5e0ffc is not stack'd, malloc'd or (recently) free'd
==31972== 
==31972== 
==31972== Process terminating with default action of signal 11 (SIGSEGV)
==31972==  Access not within mapped region at address 0x5F5E0FFC
==31972==    at 0x80484A5: main (seg.c:8)
==31972==  If you believe this happened as a result of a stack
==31972==  overflow in your program's main thread (unlikely but
==31972==  possible), you can try to increase the size of the
==31972==  main thread stack using the --main-stacksize= flag.
==31972==  The main thread stack size used in this run was 8388608.
==31972== 
==31972== HEAP SUMMARY:
==31972==     in use at exit: 0 bytes in 0 blocks
==31972==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==31972== 
==31972== All heap blocks were freed -- no leaks are possible
==31972== 
==31972== For counts of detected and suppressed errors, rerun with: -v
==31972== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault

If I did the math right, that's about 1.5 GB of memory.

If I do the bash command free -m while not running it, it looks like I have about 2 GB of free ram. Perhaps that's cutting it close?

Any thoughts? Might it mean that I'm 'close' to segfaulting without valgrind, if I malloced even more memory?

Answer 1

malloc() attempts to allocate a contiguous block of memory. You might have 2GB free in your system in total , but chances are it does not exist in a single chunk. And that is the problem. I bet that if you actually checked, you would see that the memory allocation failed.

In that case you are attempting to access a NULL pointer on line 2.

According to the documentation for malloc

By default, Linux follows an optimistic memory allocation strategy. This means that when malloc() returns non-NULL there is no guarantee that the memory really is available. In case it turns out that the system is out of memory, one or more processes will be killed by the OOM killer. For more information, see the description of /proc/sys/vm/overcommit_memory and /proc/sys/vm/oom_adj in proc(5), and the Linux kernel source file Documentation/vm/overcommit-accounting.

so I guess there is an additional element of unpredictability there.