C 将 int 转换为字符串时，“进程已完成，退出代码为 133（被信号 5 中断：SIGTRAP）”

Question

Im currently loosing hope, because I cant find my error. I changed so much in my code, that its terrible now... To start in the beginning, Im having a linked list:

struct list {
int value;
struct list *next;
};

For that Im implementing a function, that converts every existing value (so the value of every "next" list) to a concadening string in the form "[value1, value2, ...]". Here is the function:

char* cdl_to_string(list_t *list){
int tester = 1;
char* toString =  malloc(2 * sizeof(char));
    strcat(toString, "[");
    if(list != NULL){
        while ( tester !=0){
            char *result = malloc(strlen(toString) * sizeof(char ) +1);
            sprintf(result, "%d", list->value);
            strcat(toString,result);
            if(list->next != NULL){
                strcat(toString, ", ");
            }
            else{
                tester = 0;
            }
            list = list->next;
            free(result);
        }
    }
    strcat(toString, "]");
    printf("%s",toString);
    return toString;
    free(toString);
}

Im calling the function with this assertion:

void givenListWithMultipleElements_toStringIsOk() {
    list_t* head = create_node(INT_MIN);
    list_t* second = create_node(INT_MAX);
    list_t* third = create_node(0);
    head->next = second;
    second->next = third;

    char* result = cdl_to_string(head);

    assert(strcmp("[-2147483648, 2147483647, 0]", result) == 0);
    TEST_SUCCESS("givenListWithMultipleElements_toStringIsOk");

    free(third);
    free(second);
    free(head);
}

The weird thing is, that when Im compiling it with Clang in the console or in the IDE it fails with the error from the headline, but in the Intellij debugger it works every other time??

Im thankfully for every advice!

Edit: Here hte complete error in the console-compiler:

[ OK ]  whenInitList_thenListIsCreated
[ OK ]  givenEmptyList_thenReturnSizeOfZero
[ OK ]  givenListWithOneElement_thenReturnSizeOfOne
[][ OK ]    givenEmptyList_toStringIsOk
zsh: trace trap  ./a.out

and here in intellij:

[ OK ]  whenInitList_thenListIsCreated
[ OK ]  givenEmptyList_thenReturnSizeOfZero
[ OK ]  givenListWithOneElement_thenReturnSizeOfOne
[][ OK ]    givenEmptyList_toStringIsOk

Process finished with exit code 133 (interrupted by signal 5: SIGTRAP)

Answer 1

"Do not lose hope, nor be sad."

The statement:

char* toString =  malloc(2 * sizeof(char));

allocates memory for 2 bytes, including the null-terminator.

Then, the call to strcat() :

strcat(toString, "[");

tries to concatenate a string to uninitialized memory. If we were to look at the man page:

The strcat() function appends the src string to the dest string, overwriting the terminating null byte ('\0') at the end of dest, and then adds a terminating null byte. The strings may not overlap, and the dest string must have enough space for the result. If dest is not large enough, program behavior is unpredictable; buffer overruns are a favorite avenue for attacking secure programs

We see that strcat() must first find the null byte that terminates the string using a search that starts at the beginning of the string, but you never initialised the contents of toString , so this invokes undefined behaviour.

The call to strlen() then, is unlikely to succeed:

char *result = malloc(strlen(toString) * sizeof(char ) +1);

If toString was properly null-terminated, this too would allocate merely 2 bytes for result , which might not (and it surely doesn't seem to) be able to represent the value of list->value .

The subsequent calls to strcat() have the same problem.

Aside: Do not discard the result of mallloc() .