为什么这 3 行代码会返回 address-sanitizer 错误？

Question

int* mostVisited(int n, int* rounds, int roundsSize, int* returnSize){
  
    
    returnSize=malloc(sizeof(int)*100);
    
     printf("%d", roundsSize);
  
    return returnSize;
}

Here you can try the code: https://leetcode.com/contest/weekly-contest-203/problems/most-visited-sector-in-a-circular-track/

Edit: Error disappears if i comment the print line.

This is from a Leetcode challenge, I understand that I am somehow accessing a memory block that is not allocated, that I access something out of the allocated memory Stack.

The only explanation that I can come up with is that Leetcode's site somehow doesn't allow me to print inside a int function.

Error:

=================================================================
==32==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000001d0 at pc 0x000000404edd bp 0x7ffd3d94c7e0 sp 0x7ffd3d94c7d0
READ of size 4 at 0x6140000001d0 thread T0
    #2 0x7f337c09f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
0x6140000001d0 is located 0 bytes to the right of 400-byte region [0x614000000040,0x6140000001d0)
allocated by thread T0 here:
    #0 0x7f337d0baf88 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10bf88)
    #3 0x7f337c09f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Shadow bytes around the buggy address:
  0x0c287fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c287fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff8030: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
  0x0c287fff8040: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c287fff8050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff8060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff8070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==32==ABORTING

Answer 1

Your code has issues, but not the ones you think. There can't be an error in the printf : you're passed a value for roundsSize , you print it, period.

You're passed returnSize , which is a pointer. You then assign to the local version of returnSize , which doesn't go back to the caller (to do that, you need **returnSize ). But you then return the new value anyway... what are you actually trying to do?

Answer 2

returnSize is probably already pointing to a good memory location readable by the calling function. Its purpose is to act as another return value so you can inform the calling function the size of the array that you are returning. Instead, you are re-assigning (the local version of) it to point to the array that you are also returning.

The calling function never sees this change to returnSize because the only changes you made to it were localized to the function and didn't modify the data that was stored at the original memory address. The data at this address is likely garbage as it is expecting your function to give it its value. If this garbage value happens to be larger than the size of your array, the calling function will likely try to read past the end of the array you allocated.

So the way you should be doing this is probably something along these lines:

int* mostVisited(int n, int* rounds, int roundsSize, int* returnSize){
{
    *returnSize = 100; // or however it is that the size of the array should be determined
    int *ret = malloc(sizeof(*ret) * *returnSize);

    return ret;
}

Of course the rest of the logic for what the function is supposed to do is still up to you to complete.