Max*_*ler 0 c memory-corruption
运行时附加的C代码会给出错误
summary: malloc.c:3074: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
每次对malloc的每次调用(21); (见下文).有人可以解释为什么?我已经尝试了所有我能想到的事情,但它仍然失败了.
文件:summary.c
/*
* File: summary.c
* Author: Maxim Veksler
*
* Created on December 4, 2009, 3:09 AM
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "manipulation.h"
/*
* Main for Maman 12, task 1 : Array summary utility
*/
int main(int argc, char** argv) {
/*STUB*/
char str[100];
strcpy(str, "3 5 234 11 77 44 5");
/*STUB*/
int resultsSize;
int* results;
int* aggregated;
results = parseInput(str, &resultsSize);
aggregatedArray((int*)NULL, (int)NULL);
return 0;
}
文件操作
/*
* File: manipulation.c
* Author: Maxim Veksler
*
* Created on December 4, 2009, 3:09 AM
*/
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
/*
* Parse the input from user, dynamically allocate memory to the maximum
* possible requirment. Then convert the array of string tokens into an
* simple array of integers.
*/
int* parseInput(char* input, int* nOfResults) {
/* Allocate memory by the maximum possibly required size for int... */
int *results = (int*) malloc(strlen(input));
int* insertIterator = results;
char* pch;
/* We trash the user input, but it's cool - Worthless as usual. */
pch = strtok(input,"\t ,.-");
*nOfResults = 0;
while(pch != NULL) {
(*nOfResults)++;
*insertIterator = atoi(pch);
insertIterator++;
pch = strtok(NULL, "\t ,.-");
}
return results;
}
/*
* Summary the values given in the int array and return adress to new array
* containing an increasin sum of the values.
*/
int* aggregatedArray(int* inputArray, int size) {
int* results;
malloc(20);
malloc(21);
}
编辑请考虑到这个代码是一个精简版本,这里带来显示问题.我删除了所有不相关的部分.
编辑:哇,我刚才意识到你的代码中有一个非常糟糕的逻辑错误.这不只是泄漏,你也有缓冲区溢出!
int *results = (int*) malloc(strlen(input));
这将分配18个字节(输入的长度)并将其视为一个数组int,这意味着你可以18 / sizeof(int) int在其中放入s.假设通常的x86大小,这意味着你只能适合(18/4)== 4.5整数!稍后您的代码将在数组中写入多个代码.大错误.
要解决此问题,您应该使用realloc.像这样的东西:
int *results = malloc(sizeof(int));
int result_size = 1;
int result_count = 0;
while(/*whatever*/) {
/* ok, i want to add an element to results */
if(result_count == result_size - 1) {
int *p = realloc(results, (result_size + 1) * sizeof(int));
if(!p) {
free(results);
return NULL; /* no more memory! */
}
results = p;
result_size++;
}
results[result_count++] = /*value*/
}
return results;
它泄漏是因为你有2 malloc秒,你没有存储任何地方的结果.这使得free那些调用返回的指针成为不可能.
事实上,我不知道什么aggregatedArray是应该做的实际上,此刻,它什么都不做,但泄漏.
此外,你必须results = parseInput(str, &resultsSize);在那里parseInput返回malloc编辑指针.free(results);如果您不再需要这个(可能就在aggregatedArray通话结束后),您应该稍后再进行.
最后,作为旁注.我猜aggregatedArray((int*)NULL, (int)NULL);其实应该是aggregatedArray(results, resultsSize);:-P.