Folks,
I am hitting a segfault while free()ing allocated memory - to make it
short, I have a linked list, which I try to free node-by-node. While
free()ing the 28th node (of total 40), I hit a segfault. This is legacy
code. I tried debugging this problem, and am not able to come up with a
valid reason for this. Following function is being used to free:
void DBFreePUF (DBPUFRec *userp)
{
DBPUFRec *next_userp;
/* Debug start. Added by me to walk over the list to count the nodes.
*/
DBPUFRec *tp = NULL;
DBPUFRec *ap = NULL;
int cntr = 0;
int cntr1 = 0;
tp = userp;
while (tp != NULL) {
ap = tp->next;
tp = ap;
++cntr;
}
sprintf(string, "DBFreePUF: %d nodes.", cntr);
Log(string, INFO|LOG);
/* Debug end */
while (userp != NULL)
{
sprintf(string, "DBFreePUF: in while loop, cnt %d.",
cntr1);
Log(string, INFO|LOG);
next_userp = userp->next;
free(userp);
userp = next_userp;
++cntr1;
}
sprintf(string, "DBFreePUF: %d nodes free()d.", cntr1);
Log(string, INFO|LOG);
return;
}
typedef struct _DBPURec
{
int id;
char description[DB_DESC_LEN]; /* DB_DESC_LEN is 61 */
int person_id;
int slot_number;
int facility;
Date modified;
struct _DBPURec *next;
} DBPUFRec;
Data is properly being assigned to the members - even a strncpy() is
being used while copying stuff into description.
Surprisingly, this code works (or appears to work) fine the first time
I go through it. The free() happens correctly that time. Now the second
time when this function is invoked, it goes off at the 28th node -
which cannot be free()'d.
I printed out individual addresses' of the nodes. First time when
things are success - it prints out these addresses: (snapshot)
DBFreePUF: 40 nodes.
....
DBGetPUF: Allocated node [20] at [81e8c90]
DBGetPUF: Allocated node [21] at [81e8cf0]
DBGetPUF: Allocated node [22] at [81e8d50]
DBGetPUF: Allocated node [23] at [81e8db0]
DBGetPUF: Allocated node [24] at [81e8e10]
DBGetPUF: Allocated node [25] at [81e8e70]
DBGetPUF: Allocated node [26] at [81e8ed0]
DBGetPUF: Allocated node [27] at [81e8f30] ***
DBGetPUF: Allocated node [28] at [81e77f0] ***
DBGetPUF: Allocated node [29] at [81e7850] ***
DBGetPUF: Allocated node [30] at [81e78b0] ***
DBGetPUF: Allocated node [31] at [81e7910]
DBGetPUF: Allocated node [32] at [81e7970]
DBGetPUF: Allocated node [33] at [81e79d0]
DBGetPUF: Allocated node [34] at [81e7a30]
DBGetPUF: Allocated node [35] at [81e7a90]
DBGetPUF: Allocated node [36] at [81e7af0]
....
But when it fails the second time, it my log has:
DBFreePUF: 40 nodes.
....
DBGetPUF: Allocated node [20] at [81e8c90]
DBGetPUF: Allocated node [21] at [81e8cf0]
DBGetPUF: Allocated node [22] at [81e8d50]
DBGetPUF: Allocated node [23] at [81e8db0]
DBGetPUF: Allocated node [24] at [81e8e10]
DBGetPUF: Allocated node [25] at [81e8e70]
DBGetPUF: Allocated node [26] at [81e8ed0]
DBGetPUF: Allocated node [27] at [81e8f30] ***
DBGetPUF: Allocated node [28] at [81e74e8] *** Address changed from
here ***
DBGetPUF: Allocated node [29] at [81e7548] ***
DBGetPUF: Allocated node [30] at [81e75a8] ***
DBGetPUF: Allocated node [31] at [81e7608]
DBGetPUF: Allocated node [32] at [81e7668]
DBGetPUF: Allocated node [33] at [81e76c8]
DBGetPUF: Allocated node [34] at [81e7728]
DBGetPUF: Allocated node [35] at [81e7788]
DBGetPUF: Allocated node [36] at [81e77e8]
....
Here is what gdb tells me:
(gdb) bt
#0 0xb73a8f98 in mallopt () from /lib/tls/libc.so.6
#1 0xb73a7f78 in free () from /lib/tls/libc.so.6
#2 0x080e851a in DBFreePUF (userp=0x81e6d50)
....
malloc() in DBGetPUF() is fine, as its return value is being checked.
The prototype is correctly included for malloc() and strncpy(). The
list is being formed correctly - I have verified that.
I am not sure why this happens, and if that sudden change in the
malloc()'d address is the culprit, mis-aligned memory - but AFAIK,
malloc() returns address of memory that is aligned. What surprises me
is that, it goes through fine for the first time, but does not in the
second.
Thanks in advance. Hope I have not missed out anything while posting
this, which goes against getting me help on this list.
Cheers,
Amar
--
Destiny is not a matter of chance, it is a matter of choice.
Hyderabad, INDIA.
6  2457 
Code Raptor <co********@gmail.com> wrote: I am hitting a segfault while free()ing allocated memory - to make it
short, I have a linked list, which I try to free node-by-node. While
free()ing the 28th node (of total 40), I hit a segfault. This is legacy
code. I tried debugging this problem, and am not able to come up with a
valid reason for this. Following function is being used to free:
void DBFreePUF (DBPUFRec *userp)
{
DBPUFRec *next_userp;
int cntr1 = 0;
<debugging stuff snipped and code re-indented>
while (userp != NULL)
{
sprintf(string, "DBFreePUF: in while loop, cnt %d.",
cntr1);
Log(string, INFO|LOG);
next_userp = userp->next;
free(userp);
userp = next_userp;
++cntr1;
}
sprintf(string, "DBFreePUF: %d nodes free()d.", cntr1);
Log(string, INFO|LOG);
}
That doesn't look unreasonable. But since your already printing out
the addresses of the nodes on malloc()ing them it probably will be
interesting to see the addresses before you call free() on them. I
would guess that there will be a surprise for you, i.e. that the
addresses won't be identical to the ones you got from malloc(),
meaning that somewhere in your program you have inadvertently over-
written one of the next pointers. Where that happens is impossible
to say without seeing the complete code. If the addresses aren't
garbled than the mistake is probably even harder to find because
you then must have written over some of the internal data structures
used by the functions for memory allocation. Don't waste your time
looking for more involved explanations;-)
Regards, Jens
--
\ Jens Thoms Toerring ___ Je***********@physik.fu-berlin.de
\__________________________ http://www.toerring.de
"Code Raptor" <co********@gmail.com> wrote in message news:<ci********@odak26.prod.google.com>... Folks,
I am hitting a segfault while free()ing allocated memory -
[snip]
I cannot add anything strictly related to the C language and it will
be off-topic for c.l.c for sure, but :
-> if you are in a Linux environment, gives a try at valgrind.
-> if you can compile with GCC (Gnu C Compiler) in a Unix-like
environment, try to set the MALLOC_CHECK_ environment variable to 2
(Bash: export MALLOC_CHECK_=2). It will tell your environment to kill
your program (with an appropriate message) as soon as it messes things
up in malloc's internals (that is what I understood of it) (e.g.
free'ing twice a memory spot). This usually occurs at a place prior to
your deadly free() call. Correcting the first problem can avoid the
subsequent segfault on free().
Know it is off-topic, but hope that helps.
Thomas
On 15 Sep 2004 00:48:36 -0700, "Code Raptor" wrote: Folks,
I am hitting a segfault while free()ing allocated memory - to make it
short, I have a linked list, which I try to free node-by-node. While
free()ing the 28th node (of total 40), I hit a segfault. This is legacy
code. I tried debugging this problem, and am not able to come up with a
valid reason for this. Following function is being used to free:
I have a similar problem that can have its origin in many functions
wrote in C, C++ assembly. This is the right excuse for write a
malloc-free routine based on the one in K&R book (and some other
routine that check for memory leak and find where memory is re-written
out of bounds).
"Code Raptor" <co********@gmail.com> wrote in message news:<ci********@odak26.prod.google.com>... Folks,
I am hitting a segfault while free()ing allocated memory - to make it
short, I have a linked list, which I try to free node-by-node. While
free()ing the 28th node (of total 40), I hit a segfault. This is legacy
code. I tried debugging this problem, and am not able to come up with a
valid reason for this. Following function is being used to free:
.... Cheers,
Amar
Amar,
As others have stated you really need a malloc debugger to figure out
this sort of error. There are several good free ones available. You
can try Valgrind if you are on Linux. mpatrol is a good one that is
widely ported. My company markets Dynamic Leak Check for this purpose.
It runs on Solaris and Linux. Windows has BoundsChecker. Purify is
widely ported.
Your subsequent explanation did not fully explain the core dump,IMO.
Some common problems are double freeing a pointer, freeing a point to
non-heap memory, freeing a pointer and then reallocing it and
overrunning an allocated block. Any good memory debugger will find
these sorts of problems.
Matthew
Dynamic Memory Solutions www.dynamic-memory.com
On Thu, 16 Sep 2004 16:36:44 GMT, RoSsIaCrIiLoIA <n@esiste.ee> wrote: On 15 Sep 2004 00:48:36 -0700, "Code Raptor" wrote:Folks,
I am hitting a segfault while free()ing allocated memory - to make it
[...]I have a similar problem that can have its origin in many functions
wrote in C, C++ assembly. This is the right excuse for write a
malloc-free routine based on the one in K&R book (and some other
routine that check for memory leak and find where memory is re-written
out of bounds).
find, and it is free() that detect errors
typedef double Align;
union header {
struct { union header* ptr;
unsigned size;
}s;
Align x;
};
typedef union header Header;
static Header base;
static Header *freep=NULL;
Header *u, *v;
<code>
Why is it possible?
(u + u->s.size) != v AND (unsigned)(v-u) - u->s.size == 0
On Sat, 18 Sep 2004 06:26:38 GMT, RoSsIaCrIiLoIA <n@esiste.ee> wrote: On 15 Sep 2004 00:48:36 -0700, "Code Raptor" wrote:Folks,
I am hitting a segfault while free()ing allocated memory - to make it [...]I have a similar problem that can have its origin in many functions
wrote in C, C++ assembly. This is the right excuse for write a
malloc-free routine based on the one in K&R book (and some other
routine that check for memory leak and find where memory is re-written
out of bounds).
find, and it is free() that detect errors
typedef double Align;
^^^^^^
Here I should write long in a x86 CPU?
union header {
struct { union header* ptr;
unsigned size;
}s;
Align x;
};
typedef union header Header;
static Header base;
static Header *freep=NULL;
Header *u, *v;
<code>
Why is it possible?
(u + u->s.size) != v AND (unsigned)(v-u) - u->s.size == 0
(for references see K&R2 chapter 8.7 )
the case is this function that print like |v=67868 u=8080|0|v=x u=etc
(*if* free_mem() free all memory and more than
1024*sizeof(Header)=Nalloc*sizeof(Header) bytes allocated )
void leggi_mem(void)
{Header *u, *v;
unsigned j;
/*----------------*/
for(u=freep; u!=0 ; )
{
printf("|v=%u s=%u|",
(unsigned)(u+1)/(unsigned)sizeof(Header), u->s.size);
if(u->s.ptr==freep) break; /* fatto il giro completo */
v = u->s.ptr;
if((u + u->s.size) != v)
{
j = (unsigned)(v-u) - u->s.size;
if(j<123456) printf("%u", j);
/* ^^^^^ this seems write 0 too */
else printf("#");
}
u = v;
}
}
I think that that "0" means one unsigned int. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Ravi Tallury |
last post by:
Hi
We are running a java process in the background on a aix 5.2, jdk1.31.
The jvm core dumps on occasion and i would like to debug the issue.
Reading through documentation, issuing the kill -30...
|
by: Dave Harrison |
last post by:
Hi all, got a problem combinging mx and MySQLdb, when I build and install both for my Python2.1 install on a Solaris 9 box I can import mx fine, but importing MySQLdb causing python to core dump.
...
|
by: Lil |
last post by:
Hi Everyone! I've been trying to figure out this weird bug in my
program. I have a python program that calls a C function that reads in
a binary file into a buffer. In the C program, buffer is...
|
by: kj |
last post by:
How can one test if a pointer has been "freed" (i.e. with free())?
My naive assumption was that such a pointer would equal NULL, but
not so.
Thanks,
kj
--
NOTE: In my address everything...
|
by: John Liu |
last post by:
AIX pg version 7.4
Select * from document2 core dump. Did a few more experiments with select *
from document2 limit...
I limit to 500000 it works, 600000 it exits but says "calloc:...
|
by: v4vijayakumar |
last post by:
why the following code dumps core? TIA.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char *agrv)
{
int i = 0;
typedef char ca_t;
|
by: Army1987 |
last post by:
The program below works correctly, but dumps core if I add
free(str); before return 0;. The error message is somewhat more
colorful than just "Segmentation fault" (several lines long) and
seems to...
|
by: Victor Kryukov |
last post by:
Hello list,
I've found the following strange behavior of cPickle. Do you think
it's a bug, or is it by design?
Best regards,
Victor.
from pickle import dumps
from cPickle import dumps as...
|
by: Bruno Gonzalez (STenyaK) |
last post by:
(first of all, sorry if this is not the correct place to ask, but i
couldn't find a better one...)
I'm new to debugging using core dumps. I've managed to get core dumps
+ symbols using g++ and...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
