By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,117 Members | 2,142 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,117 IT Pros & Developers. It's quick & easy.

realloc causing segfault (under Electric Fence)

P: n/a
kj


I am trying to diagnose a bug in my code, but I can't understand
what's going on. I've narrowed things down to this:

I have a function, say foo, whose signature looks something like:

int foo( int w, int x, int y, int z, my_struct **results )

During its execution, foo initializes *results using calloc:

( *results ) = calloc( w+1, sizeof( my_struct ) );

and proceeds to fill the resulting array of my_struct's, keeping
track of how many elements of *results it has filled in some int
variable v. At the very end, right before returning, foo uses
realloc like this

realloc( *results, v * sizeof( my_struct ) );

and then foo returns v.

In normal operation, the value of w remains constant, and v never
exceeds w+1 (an assert statement ensures this). In the particular
test runs discussed below, w+1 always equals 2, and in the realloc
statement v also equals 2, always; therefore, if I understand
realloc correctly, in these test runs the realloc should not change
the amount of memory allocated to *result. (But somehow the realloc
is doing something that Electric Fence (EF) doesn't like...)

If before and after the realloc line above I insert *identical*
printf statements, like this:

printf( "%d\n", ( *results )->some_field ); /* always OK */
realloc( *results, v * sizeof( my_struct ) );
printf( "%d\n", ( *results )->some_field ); /* segfault under EF */

both printfs execute and the expected values get printed, but if
I compile with Electric Fence (-lefence) and re-run the program,
it fails with a segfault at the second printf, right after the
realloc.

(My compiler is gcc 3.3.5; I don't know how to determine the version
of EF that we have on our system, though the man page says 1993,
so I gather it's pretty ancient.)

I am very puzzled by the results described above. What am I doing
wrong? As mentioned above, the value of v is 2, so, if realloc
worked correctly, why would the second printf produce a segfault?

Is there anything better (and preferably free or cheap) than Electric
Fence to pinpoint the problem?

Thanks!

kj

--
NOTE: In my address everything before the first period is backwards;
and the last period, and everything after it, should be discarded.
Aug 10 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
kj <so***@987jk.com.invalidwrote:
I have a function, say foo, whose signature looks something like:

int foo( int w, int x, int y, int z, my_struct **results )

During its execution, foo initializes *results using calloc:

( *results ) = calloc( w+1, sizeof( my_struct ) );

and proceeds to fill the resulting array of my_struct's, keeping
track of how many elements of *results it has filled in some int
variable v. At the very end, right before returning, foo uses
realloc like this

realloc( *results, v * sizeof( my_struct ) );

and then foo returns v.
If before and after the realloc line above I insert *identical*
printf statements, like this:

printf( "%d\n", ( *results )->some_field ); /* always OK */
realloc( *results, v * sizeof( my_struct ) );
printf( "%d\n", ( *results )->some_field ); /* segfault under EF */

both printfs execute and the expected values get printed, but if
I compile with Electric Fence (-lefence) and re-run the program,
it fails with a segfault at the second printf, right after the
realloc.
Post real code. There could be several reasons for this behaviour, one
being that you call foo() wrong, another being that your realloc() call
as above is not sufficient to ensure correct behaviour but might be
right as part of a larger statement; we cannot know what is really going
on unless we also know the context in which you call these functions.

Whittle your program down to the smallest program that exhibits the
problem, but still compiles. Then copy and paste that and post it here -
do not retype, you'll introduce typos.

Richard
Aug 10 '06 #2

P: n/a
kj wrote:
I am trying to diagnose a bug in my code, but I can't understand
what's going on. I've narrowed things down to this:

I have a function, say foo, whose signature looks something like:

int foo( int w, int x, int y, int z, my_struct **results )

During its execution, foo initializes *results using calloc:

( *results ) = calloc( w+1, sizeof( my_struct ) );

and proceeds to fill the resulting array of my_struct's, keeping
track of how many elements of *results it has filled in some int
variable v. At the very end, right before returning, foo uses
realloc like this

realloc( *results, v * sizeof( my_struct ) );
Which is wrong. You need to care for the return value of
realloc as the documentations says.

In particular, the old piece you pass to realloc might not
be valid if realloc succeeds.
Aug 10 '06 #3

P: n/a

kj wrote:
I am trying to diagnose a bug in my code, but I can't understand
what's going on. I've narrowed things down to this:
>
If before and after the realloc line above I insert *identical*
printf statements, like this:

printf( "%d\n", ( *results )->some_field ); /* always OK */
realloc( *results, v * sizeof( my_struct ) );
printf( "%d\n", ( *results )->some_field ); /* segfault under EF */

both printfs execute and the expected values get printed, but if
I compile with Electric Fence (-lefence) and re-run the program,
it fails with a segfault at the second printf, right after the
realloc.
Looks like realloc is returning a new pointer. In which case the value
of *results has been invalidated. You should do something more like

results **tmp = realloc(*results, v * sizeof( my_struct ) );
if (tmp == NULL) { die_badly(); }
*results = tmp;

You say that you didn't expect realloc to change your pointer -- did
you check?
>
Is there anything better (and preferably free or cheap) than Electric
Fence to pinpoint the problem?
<OTI like Valgrind, if you have questions ask in a newsgroup where it
is on topic, maybe one of the linux groups </OT>

-David

Aug 10 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.