我的服務器中的分段錯誤(valgrind 日志)

[英]Segmentation fault in my server (valgrind logs)

有一個問題,我已經駕駛了 3 個多星期。 請幫助提供建議。 我非常懇求你! 我是 C++ 的新手。 即使是小技巧也能幫到我!

需要創建一個必須存儲各種信號的整數值的服務器。 客戶端可以連接到此服務器並接收此數據。

客戶端和服務器之間的數據傳輸根據工業協議 IEC-60870-5-104 TCP/IP 進行。

我使用了一個現成的庫,它在 C 中實現了這個 IEC-104 協議並創建了一個 C++ 程序。 ( GIT 鏈接)

我寫了一個測試程序(main.cpp)。 具有值的信號列表(例如,450 個元素)到達輸入,然后將此列表傳輸到 Map 字典。 該程序從命令行編譯並在 Linux Debian 上運行(gcc 版本 9.2.1 20191109 (Debian 9.2.1-19))。 這里沒有調試器。

然后,在無限循環中,服務器上更改質量標簽和信號值的功能被一一調用。 功能的實現幾乎相同。 不同之處在於 SetBadQuality 一次作用於多個值,而 ChangeValue 作用於一個特定信號。

修改后的信號(質量標簽或值是否發生變化無關緊要)被添加到隊列(CS104_Slave_enqueueASDU)中,之后客戶端從該隊列接收數據。 該庫表示,當隊列已滿時,他們開始覆蓋此隊列中較舊的值。 並且一旦客戶端從隊列中接收到數據,它們就會在隊列中被刪除。 為了向客戶端發送數據,使用了 TSP/IP 中的 ASDU(應用服務數據單元)數據包。

起初,程序運行正常。 客戶端成功接受更改后的信號值。 他們的品質在變,他們的價值觀在變。 一切正常。

但是在某個時間點過時了 segFault。 只有當客戶端連接到服務器時,錯誤才會崩潰。 如果客戶端沒有連接到服務器,那么程序可以正常運行,沒有錯誤(但是客戶端連接到服務器后立即出現seg錯誤)。

使用 valgrind 實用程序生成日志消息。

事實上,不需要深入研究這個庫。 有人能告訴我我在 C++ 中的錯誤是什么嗎? 為什么段錯誤會崩潰?

如果我更改 List 中的元素數量(例如,從 450 個元素更改為 500 個),錯誤會出現在另一個時間點。


#include <stdlib.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <map>
#include <iostream>
#include <list>
#include "cs104_slave.h"
#include <string>
#include "hal_thread.h"
#include "hal_time.h"
#include "iec60870_slave.h"
#include "apl_types_internal.h"
#include <unistd.h>
#include <sys/time.h>
#include <errno.h>

using namespace std;

class IEC60870
        IEC60870(int slave_size_1, int slave_size_2, const char* ip_client, CS104_ServerMode serverMode);   //Конструктор
        bool IO_create_int(std::list<int> modbus_list, int addr_start, int id_group, bool command_possibl);
        bool ChangeIOValue_int(int value, int ioa);     
        enum map_type_enum { bool_name, float_name, int_name };
        bool SetBadQuality(map_type_enum map_type, int addr_start, int count);

        bool running = true;
        CS104_Slave slave;              
        struct MBdata
            int id_group;
            int value;
            uint64_t timestamp;
            QualityDescriptor quality;
            bool command_possibl;

        static map <int,MBdata> Dictionary_map_IO_int;

        static void connectionEventHandler(void* parameter, IMasterConnection con, CS104_PeerConnectionEvent event);



#include "IEC104Server.h"

map <int,IEC60870::MBdata> IEC60870::Dictionary_map_IO_int;

IEC60870::IEC60870(int slave_size_1, int slave_size_2, const char* ip_client, CS104_ServerMode serverMode)
    slave = CS104_Slave_create(slave_size_1, slave_size_2);
    // Functions list such as set ip address, server mode, event handlers
    CS104_Slave_setLocalAddress(slave, ip_client);
    CS104_Slave_setServerMode(slave, serverMode);
    CS104_Slave_setConnectionEventHandler(slave, connectionEventHandler, NULL);

    if (CS104_Slave_isRunning(slave) == false)

bool IEC60870::IO_create_int(std::list<int> modbus_list, int addr_start, int id_group, bool command_possibl) //Create Dictionary-Map from input List (list created in main.cpp)
    uint64_t currentTimestamp = Hal_getTimeInMs();
    for (int n : modbus_list)
        MBdata data_i {id_group, n, currentTimestamp, IEC60870_QUALITY_GOOD, command_possibl}; // Create struct MBdata
        Dictionary_map_IO_int.insert ( pair<int,MBdata>(addr_start/*IOA*/,data_i) ); // Create Dictionary-Map from input List (list created in main.cpp)
    return true;
bool IEC60870::ChangeIOValue_int(int value, int ioa)
    CS101_AppLayerParameters alParams2 = CS104_Slave_getAppLayerParameters(slave);
    if (Dictionary_map_IO_int.empty() == true)
        printf ("Error. Map int not created\n");
        return false;
    uint64_t currentTimestamp = Hal_getTimeInMs();
    struct sCP56Time2a Time;
    CP56Time2a_createFromMsTimestamp(&Time, currentTimestamp);
    auto it = Dictionary_map_IO_int.find(ioa); // Find ioa and MBdata-struct in Map
    if( it == Dictionary_map_IO_int.end() )
        printf ("Error changed IOA int\n");
        return false;
    (it->second).value = value; // Update value in Map
    (it->second).timestamp = currentTimestamp; // Update timestamp in Map
    CS101_ASDU AsduChanged = CS101_ASDU_create(alParams2, false, CS101_COT_PERIODIC, 0, 1, false, false); // Create new ASDU
    InformationObject io = (InformationObject) MeasuredValueScaledWithCP56Time2a_create(NULL, ioa, value, IEC60870_QUALITY_GOOD, &Time); // Create new io-struct
    CS101_ASDU_addInformationObject(AsduChanged, io); // Add io in ASDU
    CS104_Slave_enqueueASDU(slave, AsduChanged);
    return true;
/*Анализ установки соединения клиент-сервер*/
void IEC60870::connectionEventHandler(void* parameter, IMasterConnection con, CS104_PeerConnectionEvent event)
    if (event == CS104_CON_EVENT_CONNECTION_OPENED) {
        printf("Connection opened (%p)\n", con);
    else if (event == CS104_CON_EVENT_CONNECTION_CLOSED) {
        printf("Connection closed (%p)\n", con);
    else if (event == CS104_CON_EVENT_ACTIVATED) {
        printf("Connection activated (%p)\n", con);
    else if (event == CS104_CON_EVENT_DEACTIVATED) {
        printf("Connection deactivated (%p)\n", con);
bool IEC60870::SetBadQuality(map_type_enum map_type, int ioa_start, int count)
    int for_count = ioa_start + count;
    CS101_AppLayerParameters alParams = CS104_Slave_getAppLayerParameters(slave);
    uint64_t currentTimestamp = Hal_getTimeInMs();
    struct sCP56Time2a Time;
    CP56Time2a_createFromMsTimestamp(&Time, currentTimestamp);  

    if (map_type == int_name/*int map*/)
        if (Dictionary_map_IO_int.empty() == true)
            printf ("Error. Map int not created\n");
            return false;
        CS101_ASDU asduInt = CS101_ASDU_create(alParams, false, CS101_COT_PERIODIC, 0, 1, false, false);
        InformationObject io = (InformationObject) MeasuredValueScaledWithCP56Time2a_create(NULL, 0, 0, IEC60870_QUALITY_INVALID, &Time);
        for (ioa_start; ioa_start < for_count; ioa_start++)
            auto it = Dictionary_map_IO_int.find(ioa_start);
            if( it == Dictionary_map_IO_int.end() )
                printf ("Error. This int IOA is not in Map\n");
                return false;
            (it->second).quality = IEC60870_QUALITY_INVALID;            
            bool added = CS101_ASDU_addInformationObject(asduInt, (InformationObject) MeasuredValueScaledWithCP56Time2a_create((MeasuredValueScaledWithCP56Time2a)io, ioa_start, (it->second).value, IEC60870_QUALITY_INVALID, &Time));
            if (!added)
                CS104_Slave_enqueueASDU(slave, asduInt);
                asduInt = CS101_ASDU_create(alParams, false, CS101_COT_PERIODIC, 0, 1, false, false);
                CS101_ASDU_addInformationObject(asduInt, (InformationObject) MeasuredValueScaledWithCP56Time2a_create((MeasuredValueScaledWithCP56Time2a)io, ioa_start, (it->second).value, IEC60870_QUALITY_INVALID, &Time));
        CS104_Slave_enqueueASDU(slave, asduInt);
        printf ("Такого типа Map не существует\n");
        return false;
    return true;


#include "IEC104Server.h"

main(int argc, char** argv)
    IEC60870 server(50, 50, "", CS104_MODE_SINGLE_REDUNDANCY_GROUP); // create server object

    std::list<int> ints_list; // create input list  
    for (int i=0; i<450; i++)
    usleep(10000); //pause 0.01 second
    printf("list created\n");

    server.IO_create_int(ints_list, 300, 4, true); // create Map. Start address "300". "4" and "true" not important parameters
    usleep(20000000); //pause 20 second
    printf("map created\n");    

    int value = 0;
        printf ("start bad quiality function\n");
        bool bad_qual = server.SetBadQuality(IEC60870::int_name,300,450); // Start address "300". Count signals "450"   
        usleep(10000000); //pause 10 second

        if (bad_qual == false)
            printf("bad quality is not successful\n");
        printf ("start change value function\n");

        // In this loop, the function of changing the value is called:
        for (int i=0; i<450; i++) // "450" is quantity signals
            int ioa = i + 300; // Start address "300"
            bool test = server.ChangeIOValue_int(value, ioa);
            if (test == false)
                printf ("change value is not successful\n");
            if (value == 10000)
                printf ("null value\n");
                value = 0;
            usleep(100000);  //pause 0.1 second
        usleep(100000); //pause 0.1 second

我不得不刪除相同的 valgrind 日志,因為我必須滿足文本中 30,000 個字符的限制。 從不同站點刪除日志。 因此,不要擔心邏輯鏈中的某個地方可能會出現中斷。 我試圖離開這一點,只刪除文本的相同部分。 如果需要,我可以發送日志的全文!

valgrind 日志

moxa@Moxa:~/source/Rus_test_can_del$ sudo valgrind --leak-check=full --track-origins=yes  --show-leak-kinds=all ./program
==3374== Memcheck, a memory error detector
==3374== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3374== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==3374== Command: ./program
list created
Connection opened (0x4b56064)
Connection activated (0x4b56064)
map created
start bad quiality function
start change value function
start bad quiality function
==3374== Thread 3:
==3374== Invalid read of size 1
==3374==    at 0x4845704: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x116063: MessageQueue_getNextWaitingASDU (cs104_slave.c:332)
==3374==    by 0x117C75: sendNextLowPriorityASDU (cs104_slave.c:2180)
==3374==    by 0x117DC9: sendWaitingASDUs (cs104_slave.c:2258)
==3374==    by 0x11816B: connectionHandlingThread (cs104_slave.c:2431)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5b0b8 is 0 bytes after a block of size 13,600 alloc'd
==3374==    at 0x4842290: calloc (vg_replace_malloc.c:762)
==3374==    by 0x11AD0B: Memory_calloc (lib_memory.c:56)
==3374==    by 0x115D25: MessageQueue_initialize (cs104_slave.c:128)
==3374==    by 0x115D75: MessageQueue_create (cs104_slave.c:149)
==3374==    by 0x1168B7: initializeMessageQueues (cs104_slave.c:1066)
==3374==    by 0x118EAB: CS104_Slave_start (cs104_slave.c:3217)
==3374==    by 0x10A33B: IEC60870::IEC60870(int, int, char const*, CS104_ServerMode) (in /home/moxa/source/Rus_test_can_del/program)
==3374== Invalid read of size 1
==3374==    at 0x4845714: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x116063: MessageQueue_getNextWaitingASDU (cs104_slave.c:332)
==3374==    by 0x117C75: sendNextLowPriorityASDU (cs104_slave.c:2180)
==3374==    by 0x117DC9: sendWaitingASDUs (cs104_slave.c:2258)
==3374==    by 0x11816B: connectionHandlingThread (cs104_slave.c:2431)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5b0b9 is 1 bytes after a block of size 13,600 alloc'd
==3374==    at 0x4842290: calloc (vg_replace_malloc.c:762)
==3374==    by 0x11AD0B: Memory_calloc (lib_memory.c:56)
==3374==    by 0x115D25: MessageQueue_initialize (cs104_slave.c:128)
==3374==    by 0x115D75: MessageQueue_create (cs104_slave.c:149)
==3374==    by 0x1168B7: initializeMessageQueues (cs104_slave.c:1066)
==3374==    by 0x118EAB: CS104_Slave_start (cs104_slave.c:3217)
==3374==    by 0x10A33B: IEC60870::IEC60870(int, int, char const*, CS104_ServerMode) (in /home/moxa/source/Rus_test_can_del/program)
==3374== Invalid write of size 4
==3374==    at 0x484561C: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x1160A7: MessageQueue_getNextWaitingASDU (cs104_slave.c:341)
==3374==    by 0x117C75: sendNextLowPriorityASDU (cs104_slave.c:2180)
==3374==    by 0x117DC9: sendWaitingASDUs (cs104_slave.c:2258)
==3374==    by 0x11816B: connectionHandlingThread (cs104_slave.c:2431)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5e5bc is 4 bytes inside a block of size 48 free'd
==3374==    at 0x4840C70: free (vg_replace_malloc.c:540)
==3374==    by 0x4A7A609: freeaddrinfo (getaddrinfo.c:2524)
==3374==    by 0x11A3CB: prepareServerAddress (socket_linux.c:136)
==3374==    by 0x11A485: TcpServerSocket_create (socket_linux.c:173)
==3374==    by 0x118B77: serverThread (cs104_slave.c:2999)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Block was alloc'd at
==3374==    at 0x483F5F8: malloc (vg_replace_malloc.c:309)
==3374==    by 0x4A79877: gaih_inet.constprop.0 (getaddrinfo.c:1057)
==3374==    by 0x4A7A709: getaddrinfo (getaddrinfo.c:2254)
==3374==    by 0x11A3A5: prepareServerAddress (socket_linux.c:128)
==3374==    by 0x11A485: TcpServerSocket_create (socket_linux.c:173)
==3374==    by 0x118B77: serverThread (cs104_slave.c:2999)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374== Invalid write of size 4
==3374==    at 0x4845624: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x1160A7: MessageQueue_getNextWaitingASDU (cs104_slave.c:341)
==3374==    by 0x117C75: sendNextLowPriorityASDU (cs104_slave.c:2180)
==3374==    by 0x117DC9: sendWaitingASDUs (cs104_slave.c:2258)
==3374==    by 0x11816B: connectionHandlingThread (cs104_slave.c:2431)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5e5c0 is 8 bytes inside a block of size 48 free'd
==3374==    at 0x4840C70: free (vg_replace_malloc.c:540)
==3374==    by 0x4A7A609: freeaddrinfo (getaddrinfo.c:2524)
==3374==    by 0x11A3CB: prepareServerAddress (socket_linux.c:136)
==3374==    by 0x11A485: TcpServerSocket_create (socket_linux.c:173)
==3374==    by 0x118B77: serverThread (cs104_slave.c:2999)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Block was alloc'd at
==3374==    at 0x483F5F8: malloc (vg_replace_malloc.c:309)
==3374==    by 0x4A79877: gaih_inet.constprop.0 (getaddrinfo.c:1057)
==3374==    by 0x4A7A709: getaddrinfo (getaddrinfo.c:2254)
==3374==    by 0x11A3A5: prepareServerAddress (socket_linux.c:128)
==3374==    by 0x11A485: TcpServerSocket_create (socket_linux.c:173)
==3374==    by 0x118B77: serverThread (cs104_slave.c:2999)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374== Invalid read of size 2
==3374==    at 0x48456D0: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x117C8F: sendNextLowPriorityASDU (cs104_slave.c:2183)
==3374==    by 0x117DC9: sendWaitingASDUs (cs104_slave.c:2258)
==3374==    by 0x11816B: connectionHandlingThread (cs104_slave.c:2431)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5e5cc is 20 bytes inside a block of size 48 free'd
==3374==    at 0x4840C70: free (vg_replace_malloc.c:540)
==3374==    by 0x4A7A609: freeaddrinfo (getaddrinfo.c:2524)
==3374==    by 0x11A3CB: prepareServerAddress (socket_linux.c:136)
==3374==    by 0x11A485: TcpServerSocket_create (socket_linux.c:173)
==3374==    by 0x118B77: serverThread (cs104_slave.c:2999)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Block was alloc'd at
==3374==    at 0x483F5F8: malloc (vg_replace_malloc.c:309)
==3374==    by 0x4A79877: gaih_inet.constprop.0 (getaddrinfo.c:1057)
==3374==    by 0x4A7A709: getaddrinfo (getaddrinfo.c:2254)
==3374==    by 0x11A3A5: prepareServerAddress (socket_linux.c:128)
==3374==    by 0x11A485: TcpServerSocket_create (socket_linux.c:173)
==3374==    by 0x118B77: serverThread (cs104_slave.c:2999)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
Connection closed (0x4b56064)
==3374== Invalid read of size 1
==3374==    at 0x4845704: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5b0b8 is 0 bytes after a block of size 13,600 alloc'd
==3374==    at 0x4842290: calloc (vg_replace_malloc.c:762)
==3374==    by 0x11AD0B: Memory_calloc (lib_memory.c:56)
==3374==    by 0x115D25: MessageQueue_initialize (cs104_slave.c:128)
==3374==    by 0x115D75: MessageQueue_create (cs104_slave.c:149)
==3374==    by 0x1168B7: initializeMessageQueues (cs104_slave.c:1066)
==3374==    by 0x118EAB: CS104_Slave_start (cs104_slave.c:3217)
==3374==    by 0x10A33B: IEC60870::IEC60870(int, int, char const*, CS104_ServerMode) (in /home/moxa/source/Rus_test_can_del/program)
==3374== Invalid read of size 2
==3374==    at 0x48456E0: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5e6ae is 2 bytes before a block of size 12 alloc'd
==3374==    at 0x483FDE8: operator new(unsigned int) (vg_replace_malloc.c:338)
==3374==    by 0x10A2A7: __gnu_cxx::new_allocator<std::_List_node<int> >::allocate(unsigned int, void const*) (in /home/moxa/source/Rus_test_can_del/program)
==3374== Conditional jump or move depends on uninitialised value(s)
==3374==    at 0x1160F6: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:364)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a heap allocation
==3374==    at 0x483F5F8: malloc (vg_replace_malloc.c:309)
==3374==    by 0x4A362BD: _IO_file_doallocate (filedoalloc.c:101)
==3374==    by 0x4A4079B: _IO_doallocbuf (genops.c:347)
==3374==    by 0x4A3FF0F: _IO_file_overflow@@GLIBC_2.4 (fileops.c:749)
==3374==    by 0x4A3F4A5: _IO_new_file_xsputn (fileops.c:1248)
==3374==    by 0x4A3F4A5: _IO_file_xsputn@@GLIBC_2.4 (fileops.c:1201)
==3374==    by 0x4A37EF3: puts (ioputs.c:40)
==3374==    by 0x109915: main (in /home/moxa/source/Rus_test_can_del/program)
==3374== Use of uninitialised value of size 4
==3374==    at 0x4845704: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a stack allocation
==3374==    at 0x115DE6: MessageQueue_enqueueASDU (cs104_slave.c:190)

==3374== Conditional jump or move depends on uninitialised value(s)
==3374==    at 0x4845714: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a stack allocation
==3374==    at 0x115DE6: MessageQueue_enqueueASDU (cs104_slave.c:190)
==3374== Use of uninitialised value of size 4
==3374==    at 0x4845610: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a stack allocation
==3374==    at 0x115DE6: MessageQueue_enqueueASDU (cs104_slave.c:190)
==3374== Conditional jump or move depends on uninitialised value(s)
==3374==    at 0x4845640: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a stack allocation
==3374==    at 0x115DE6: MessageQueue_enqueueASDU (cs104_slave.c:190)
==3374== Use of uninitialised value of size 4
==3374==    at 0x48456D0: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a stack allocation
==3374==    at 0x115DE6: MessageQueue_enqueueASDU (cs104_slave.c:190)
==3374== Conditional jump or move depends on uninitialised value(s)
==3374==    at 0x48456E0: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Uninitialised value was created by a stack allocation
==3374==    at 0x115DE6: MessageQueue_enqueueASDU (cs104_slave.c:190)
start change value function
==3374== Process terminating with default action of signal 11 (SIGSEGV)
==3374==  Bad permissions for mapped region at address 0x4F5102A
==3374==    at 0x48456D0: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x11613B: MessageQueue_setWaitingForTransmissionWhenNotConfirmed (cs104_slave.c:376)
==3374==    by 0x117FEB: CS104_Slave_removeConnection (cs104_slave.c:2353)
==3374==    by 0x1181C1: connectionHandlingThread (cs104_slave.c:2442)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374== HEAP SUMMARY:
==3374==     in use at exit: 59,972 bytes in 936 blocks
==3374==   total heap usage: 2,364 allocs, 1,428 frees, 239,400 bytes allocated
==3374== LEAK SUMMARY:
==3374==    definitely lost: 0 bytes in 0 blocks
==3374==    indirectly lost: 0 bytes in 0 blocks
==3374==      possibly lost: 288 bytes in 2 blocks
==3374==    still reachable: 59,684 bytes in 934 blocks
==3374==         suppressed: 0 bytes in 0 blocks
==3374== For lists of detected and suppressed errors, rerun with: -s
==3374== ERROR SUMMARY: 4187297 errors from 41 contexts (suppressed: 0 from 0)
Segmentation fault

您需要一一檢查錯誤並修復它們。 接受第一個錯誤

==3374== Invalid read of size 1
==3374==    at 0x4845704: memcpy (vg_replace_strmem.c:1036)
==3374==    by 0x116063: MessageQueue_getNextWaitingASDU (cs104_slave.c:332)
==3374==    by 0x117C75: sendNextLowPriorityASDU (cs104_slave.c:2180)
==3374==    by 0x117DC9: sendWaitingASDUs (cs104_slave.c:2258)
==3374==    by 0x11816B: connectionHandlingThread (cs104_slave.c:2431)
==3374==    by 0x11AB1F: destroyAutomaticThread (thread_linux.c:87)
==3374==    by 0x4861D2F: start_thread (pthread_create.c:479)
==3374==    by 0x4A8B07B: ??? (clone.S:73)
==3374==  Address 0x4b5b0b8 is 0 bytes after a block of size 13,600 alloc'd
==3374==    at 0x4842290: calloc (vg_replace_malloc.c:762)
==3374==    by 0x11AD0B: Memory_calloc (lib_memory.c:56)
==3374==    by 0x115D25: MessageQueue_initialize (cs104_slave.c:128)
==3374==    by 0x115D75: MessageQueue_create (cs104_slave.c:149)
==3374==    by 0x1168B7: initializeMessageQueues (cs104_slave.c:1066)
==3374==    by 0x118EAB: CS104_Slave_start (cs104_slave.c:3217)
==3374==    by 0x10A33B: IEC60870::IEC60870(int, int, char const*, CS104_ServerMode) (in /home/moxa/source/Rus_test_can_del/program)

第一部分說明錯誤發生的位置。 第二部分說明了作為錯誤來源的內存被分配到哪里。 我將從第二部分開始。

==3374==  Address 0x4b5b0b8 is 0 bytes after a block of size 13,600 alloc'd

這給出了內存塊的地址,這沒什么用。 它還說該塊長 13600 字節,並且您的無效訪問是該塊之后的第一個字節。

==3374==    at 0x4842290: calloc (vg_replace_malloc.c:762)

這是 Valgrind 用來替換calloc的函數,以便 Valgrind 可以跟蹤內存分配。 您可以忽略此行。

==3374==    by 0x11AD0B: Memory_calloc (lib_memory.c:56)

這看起來像你對calloc的包裝。 同樣,您可能可以忽略這一點。

==3374==    by 0x115D25: MessageQueue_initialize (cs104_slave.c:128)

這是您真正要求記憶的地方。 您需要查看此處以檢查您是否沒有犯錯以及您是否應該在此處分配更多內存。 我個人懷疑情況並非如此。


==3374== Invalid read of size 1

這是說無效操作是在一個字節上。 所以這意味着導致無效操作的基本類型是charboolchar考慮到錯誤的以下部分)。

==3374==    at 0x4845704: memcpy (vg_replace_strmem.c:1036)

同樣,這是 Valgrind 提供的替換功能。 你可以忽略這一點。

==3374==    by 0x116063: MessageQueue_getNextWaitingASDU (cs104_slave.c:332)



  1. 在一個循環中被一個錯誤淘汰
// allocate 10 items, with indexes 0 to 9
mem = new int[10];
for (int i = 0 i <= 10; ++i)
   // but access **11** items from 0 to 10 inclusive
   do something with mem[i]
  1. 省略尾隨nul字符的字符串操作
// inputString contains "hello" which is 6 bytes long (5 letters plus nul)
// but strlen doesn't count the nul so returns 5
len = strlen(inputString);
// allocate an array of 5 characters
copyString = (char*)malloc(len);
// copies 6 characters into a 5 character array!
memcpy(copyString, inputString, len+1);


聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

