stackoom
  简体   繁体   中英

Can't free() value allocated by malloc() in another function

 原文  2012-04-26 18:48:44       c/ memory-management/ buffer-overflow

Question

I have a C function, something like this: 

void foo(char ** out) {
     *out = malloc(computedsize);
     if(*out != NULL){
         sprintf(*out, "%s,%s", foovar, baa);
      }
}

and then I call: 

int main(void) {
   char * out = NULL;
   foo(&out);
   printf("%s\n", out); /* so far, it works fine */
   free(out); /* the problem. */ 
}

When I call:

free(out);

it given: 

*** glibc detected *** ./a.out: free(): invalid next size (fast): 0x09a03050 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b161)[0x4ff161]
/lib/tls/i686/cmov/libc.so.6(+0x6c9b8)[0x5009b8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x503a9d]
./a.out[0x804875b]
./a.out[0x804871a]
./a.out[0x80486f9]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x4aabd6]
./a.out[0x8048601]
======= Memory map: ========

//do need copy memory map part?

Can someone point out my mistake? I believe that's sprintf() call.. or no, actually, I have no idea. I tried too make a new variable inside function alloc value for it, and then *out = myvariable; and *out = strdup(myvariable) but the free() call give same error.

Update

I see that the problem is inside the function. Any free() call inside it,causes the invalid next size.

for example: 

char *f=malloc(2);
strcpy(f,"a");
free(f);

Inside foo() function, gets the above error, on main() function, works normally. I'm completely lost how to fix this.

3 answers

solution1
 5  2012-04-26 18:52:36

You have probably written beyond the bounds of the allocated array, thus corrupting the heap (which contains metadata which malloc / free use to manage things).

Tools like Valgrind are designed to help you find this sort of error.

solution2
 0  2012-04-26 18:58:34

Works for me, but I didn't have computedsize foo, or baa. I agree that you've probably written beyond the end of the memory you allocated. 

#include <stdio.h>
#include <stdlib.h>

#define COMPUTEDSIZE 1024
void foo(char ** out) {
     *out = malloc(COMPUTEDSIZE);
     if(*out != NULL){
         sprintf(*out, "%s,%s", "foo", "baa");
      }
}
int main(int argc, char * argv[]) {
   char * out = NULL;
   foo(&out);
   printf("%s\n", out); /* so far, it works fine */
   free(out); /* the problem. */ 
   exit(0);
}

solution3
 0 ACCPTED  2012-04-26 20:51:17

The solution:

The problem actually,was on previous malloc() .An if() declaration call another function that do too a malloc() ,but an if() inside called function,was not working as expected and cosequently storing some invalid values. This caused the heap corruption.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to free my double pointer allocated with malloc in another function Can't free allocated memory Can't modify values at addresses allocated by malloc() free the space allocated in c with malloc malloc , how free return value in a function Free malloc when its value is returned by a function Can't free a Malloc'd string What is the malloc behaviour if we can't free it How can I free memory that has been dynamically allocated by one function from another function? Another malloc/free dilemma
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM