malloc memory for char array causes access violation

Question

This is probably a noob question. I am using Marmalade SDK. If I allocate some memory for a char array dynamically I get an access violation. I cannot figure out what I am doing wrong. Is this a valid way to use malloc and free?

const char* CClass::caption(int something)
{
    ...

    //char stringPrediction[2000]; // <--- This works

    size_t string01_Size = strlen(string01);
    size_t string02_Size = strlen(string02);

    ...

    stringX = (char *)malloc(string01_Size + string02_Size + 1); // <- Access violation

    strcpy(stringX , string01);
    strcat(stringX , " ");
    strcat(stringX , string02);

    return stringX ;
 }

Destructor:

CClass::~CClass(void)
{
    free(stringX);
}

Then I use it to set the caption of a label on a Button click event

... OnClick...(...)
{
    CClass someObject;
    label.setCaption(someObject.caption());
}

After a few clicks I get access violation.

Unhandled exception at 0x1007ECB8 (s3e_simulator_debug.dll) in 
s3e_simulator_debug.exe:    0xC0000005: Access violation writing
location 0x0000000C.

EDIT: It seems the problems is:

  stringX = (char *)malloc(string01_Size + string02_Size + 1);

I have failed to allocate space for this:

  strcat(stringX , " ");

This should be better:

  stringX = (char *)malloc(string01_Size + 1 + string02_Size + 1);

Answer 1

1. You're not testing for the case that malloc fails. The error suggests you're trying to dereference a null pointer - the pointer returned when malloc fails.

2. It doesn't look like you're accounting for the null-byte terminator when calculating the size of your buffer. Assuming string01_Size and string02_Size are the number of characters not including the null byte, you're overflowing your buffer.

Both actions result in undefined behaviour.

Answer 2

Access violation encountered during call of malloc or free in most cases indicates that the heap is corrupt. Due to, most commonly overrun or double free or free issued on dangling pointer, happened sometime earlier. May be way earlier.

From the posted code it's not possible to deduce, as it effectively starts with the crash.

To deal with it you may try valgrind, app verifier, other runtime tools helping with corruption. For that one particular issue -- for the general you should not be there in the first place, using malloc, the str* function an all the inherited crap from C.

Consistent use of collection classes, String class, etc would prevent too many cases leading to drastic problems.

Answer 3

You've basically spotted the issue: by not allocating for the space you're second strcat will overrun and probably crunch the heap pointers of the next block. Additional things to watch (you're probably be doing this anyway) are to free stringX in CClass::caption() before reallocating so you don't leak. Whatever you really should check that the malloc has not failed before use.

As others have suggested, it may be better to use std::string. You can always convert these to char* if required. Of course, if you do so you should consider that exceptions might be thrown and program accordingly.