How do I interpret Valgrind to fix this program's segmentation fault?
Question
I'm kind of new to programming and I was writing a program to recover JPEG files present in "card.raw" by comparing the 4 continuous bytes. If they demarcated a JPEG the program had to copy a block of 512 bytes into a new file saved a xxx.jpg (000.jpg, 001.jpg, etc). If after the block had been copied, the start of a new JPEG was found, the current file would be closed and the next file would be opened to copy the next JPG. Else the next block would be copied in the same file.
Code (UPDATED):
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
int counter = 0;
if(argc != 2)
{
printf("Usage: ./recover image\n");
return 1;
}
typedef uint8_t BYTE;
FILE *recover = fopen(argv[1], "r");
if(recover == NULL)
{
printf("ERRNO 1 IS %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("ERRNO 1 IS %s\n", strerror(errno));
fseek(recover, 0L, SEEK_END);
long long int size = ftell(recover);
BYTE *CHUNK = (BYTE*)malloc(size * sizeof(BYTE));
fread(CHUNK, sizeof(BYTE), size, recover); //Break recover into bytes
int j = 0;
char *file = NULL;
FILE *f = NULL;
int s = 0;
write1:
while(j + 3 < size)
{
if(CHUNK[j] == 0xff && CHUNK[j + 1] == 0xd8 && CHUNK[j + 2] == 0xff && j + 512 < size) //Check if byte is JPEG format 1st byte
{
switch(CHUNK[j + 3]) //Check if byte is JPEG format 1st byte
{
case 0xe0:
case 0xe1:
case 0xe2:
case 0xe3:
case 0xe4:
case 0xe5:
case 0xe6:
case 0xe7:
case 0xe8:
case 0xe9:
case 0xea:
case 0xeb:
case 0xec:
case 0xed:
case 0xee:
case 0xef:
{
if(s == 0)
{
if(f != NULL)
{
f = NULL;
}
sprintf(file ,"%03d.jpg",counter); //Create custom file of format xxx.jpg
f = fopen(file,"w");
printf("ERRNO 2 IS %s\n", strerror(errno));
if(f == NULL)
{
printf("ERRNO 2 is %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
//printf("ERRNO 2 IS %s\n", strerror(errno));
for(int k = 0; k < 512; k++)
{
fwrite(&CHUNK[j + k], 512, sizeof(BYTE), f); //Copy 512 bytes from start of JPEG file as 512 bytes form one 'block'
}
j += 512; //Increment to check initial bytes of next 'block'
s++;
}
else
{
fclose(f);
counter++;
goto write1;
}
}
default : goto write2;
}
}
else //Else continue searching
{
write2:
for(int k = 0; k < 512; k++)
{
fwrite(&CHUNK[j + k], 512, sizeof(BYTE), f); //Copy 512 bytes from start of JPEG file as 512 bytes form one 'block'
}
j += 512;
}
}
fclose(recover);
}
This program gives me a segmentation fault. I tried using Valgrind to find why the fault was occurring but I have no idea of what Valgrind's error message says.
UPDATED ERRROR MESSAGE:
==217== Memcheck, a memory error detector
==217== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==217== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==217== Command: ./recover card.raw
==217==
ERRNO 1 IS Success
==217== Warning: client switching stacks? SP change: 0x1fff000490 --> 0x1ffd36e490
==217== to suppress, use: --max-stackframe=29958144 or greater
==217== Invalid write of size 8
==217== at 0x400A0A: main (recover.c:29)
==217== Address 0x1ffd36e490 is on thread 1's stack
==217==
==217==
==217== Process terminating with default action of signal 11 (SIGSEGV)
==217== Access not within mapped region at address 0x1FFD36E490
==217== at 0x400A0A: main (recover.c:29)
==217== If you believe this happened as a result of a stack
==217== overflow in your program's main thread (unlikely but
==217== possible), you can try to increase the size of the
==217== main thread stack using the --main-stacksize= flag.
==217== The main thread stack size used in this run was 8388608.
==217== Invalid write of size 8
==217== at 0x4A2A650: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==217== Address 0x1ffd36e488 is on thread 1's stack
==217==
==217==
==217== Process terminating with default action of signal 11 (SIGSEGV)
==217== Access not within mapped region at address 0x1FFD36E488
==217== at 0x4A2A650: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==217== If you believe this happened as a result of a stack
==217== overflow in your program's main thread (unlikely but
==217== possible), you can try to increase the size of the
==217== main thread stack using the --main-stacksize= flag.
==217== The main thread stack size used in this run was 8388608.
==217==
==217== HEAP SUMMARY:
==217== in use at exit: 4,648 bytes in 2 blocks
==217== total heap usage: 2 allocs, 0 frees, 4,648 bytes allocated
==217==
==217== 552 bytes in 1 blocks are still reachable in loss record 1 of 2
==217== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==217== by 0x5694EB9: __fopen_internal (iofopen.c:65)
==217== by 0x5694EB9: fopen@@GLIBC_2.2.5 (iofopen.c:89)
==217== by 0x400940: main (recover.c:17)
==217==
==217== 4,096 bytes in 1 blocks are still reachable in loss record 2 of 2
==217== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==217== by 0x56941FB: _IO_file_doallocate (filedoalloc.c:101)
==217== by 0x56A43E8: _IO_doallocbuf (genops.c:365)
==217== by 0x56A0D92: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:960)
==217== by 0x569DD48: fseek (fseek.c:36)
==217== by 0x4009B4: main (recover.c:24)
==217==
==217== LEAK SUMMARY:
==217== definitely lost: 0 bytes in 0 blocks
==217== indirectly lost: 0 bytes in 0 blocks
==217== possibly lost: 0 bytes in 0 blocks
==217== still reachable: 4,648 bytes in 2 blocks
==217== suppressed: 0 bytes in 0 blocks
==217==
==217== For counts of detected and suppressed errors, rerun with: -v
==217== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Segmentation fault
I'd like to know why the segmentation fault occurs or atleast what Valgrind's error message means.
UPDATE: Program output:
ERRNO 1 IS Success
Segmentation fault
UPDATE: Changed CHUNK from BYTE* to BYTE .
UPDATE: Used malloc to declare CHUNK array to prevent stack overflow.
UPDATE: Changed fread(&CHUNK, sizeof(BYTE), size, recover); to fread(CHUNK, sizeof(BYTE), size, recover); to prevent stack problems.
UPDATE: Eliminated while(!(feof)) to prevent a seemingly infinite loop that was occurring.
1 answers
solution1
0 2020-11-29 05:24:08
Some problems noted below, in no particular order.
BYTE CHUNK[size];[ EDIT ] This was fixed in OP's subsequent edit.
This allocatessizebytes on the stack, wheresizeis the filesize of theargv[1]file.If that filesize is too large, theCHUNKarray can easily overflow the default stack allocation.See why not to Declare large array on Stack .while(j < size) { if(CHUNK[j] == 0xff && CHUNK[j + 1] == 0xd8 && CHUNK[j + 2] == 0xff) { switch(CHUNK[j + 3])The loop counter
jgoes all the way to the end of theCHUNKbuffer, but theifstatement also readsCHUNK[j + 1],CHUNK[j + 2]thenCHUNK[j + 3]. Whenj = size - 1for example, all three reads go past the end of the array and cause undefined behavior .write: while(j < size) {... else { counter++; goto write; }There is a code path which jumps back to the
write:label without modifyingj, which causes an infinite loop (not the only such path, the implicitdefaultcase of theswitchis another).else //Else continue searching { for(int k = 0; k < 512; k++) { fwrite(&CHUNK[j + k], 512, sizeof(BYTE), f);There is a code path where this
fwriteis reached withf == NULL. Even whenfis notNULL, reading 512 bytes starting from&CHUNK[j + k]can potentially go past the end of the array, which is UB again.
[ EDIT ] A few additional notes.
char *file = NULL; ... sprintf(file,"%03d.jpg",counter);The
filepointer is never allocated, sosprintfwill write to aNULLpointer, resulting in UB.long long int size = ftell(recover);ftellreturns alongso there is no need to use along longto store it.fseek(recover, 0L, SEEK_END); long long int size = ftell(recover);The return values of
fseekandftellare neither checked, so any errors will pass unnoticed.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.