简体   繁体   中英

C Linked List valgrind Invalid Read of Size

I have a problem with my Linked List and the valgrind output. Without further adieu here is my linked list:

typedef struct Map map;

struct Map
    void *address;
    double free_time;
    map* next;

The list is created using a dummy head node. As you can see, the struct holds an address and a free time, which I try to associate them.

In the find_and_free function I search this list using a time and if this time is smaller than the one stored in the list, I deallocate the saved address. And then I deallocate the list node as well.

This is the function used to find any free time that is smaller than the one I am passing. If it is smaller, I free the address stored to the list, and then call the delete_map_node function to also deallocate the node of the list.

void find_and_free_address(map *root, double mtime)
    map *current = root->next;
        if(current->free_time < mtime)

            printf("there is something to FREE now\n");
            printf("the time to check for free is %lf and the maps free time is %lf\n", mtime,current->free_time);
            printf("The map contains an address that is time to free\n");
            delete_map_node(map_list, current->free_time);
            //return next;

            printf("there is nothing to free now\n");

        current = current->next; //FIRST ERROR
    printf("THE MAP SIZE AFTER REMOVALS IS %d\n", map_size(map_list));

And this is the delete_map_node function

map* delete_map_node(map *root,double ftime)
    if (root==NULL)
        return NULL;

    //map *temporary;

    if (root->free_time == ftime)
        map *temporary = root->next;
        free(root); //SECOND ERROR
        root = temporary;
        return temporary;

    root->next = delete_map_node(root->next, ftime);
    return root;

I am aware that those two can be combined to only one function.

valgrind, reports no memory leaks or uninitialized values. However when I execute the following command:

valgrind --tool=memcheck --leak-check=full --track-origins=yes -v ./a.out

I get the following output :

==6807== Invalid read of size 4
==6807==    at 0x8049228: find_and_free_address (Map.c:123)
==6807==    by 0x8048DA6: second_iteration (List.c:150)
==6807==    by 0x8048C6B: first_iteration (List.c:113)
==6807==    by 0x8048908: main (Fscanf.c:63)
==6807==  Address 0x42005bc is 12 bytes inside a block of size 16 free'd
==6807==    at 0x402AF3D: free (vg_replace_malloc.c:468)
==6807==    by 0x804929F: delete_map_node (Map.c:142)
==6807==    by 0x80492C1: delete_map_node (Map.c:147)
==6807==    by 0x8049216: find_and_free_address (Map.c:113)
==6807==    by 0x8048DA6: second_iteration (List.c:150)
==6807==    by 0x8048C6B: first_iteration (List.c:113)
==6807==    by 0x8048908: main (Fscanf.c:63)

I can see that the error is that I access root->next and current->next after I have freed them, but I have not managed to do without it.

Can you suggest me a way, to get rid of this error?

One problem that I see is that in delete_map_node you free root (which might be map_list passed from find_and_free_address ), but you don't actually change map_list which means that when delete_map_node returns the map_list variable points to unallocated memory. Accessing map_list afterwards leads to undefined behavior .

The simple solution to this is to assign the return value of delete_map_node to map_list :

map_list = delete_map_node(map_list, current->free_time);

Also, what happens when delete_map_node frees the node in the list that is current in the find_and_free_address function? Then current = current->next will also lead to undefined behavior.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM