Thread: Segfault in ??

Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    8
    Rep Power
    0

    Segfault in ??


    I'm having a problem with segfault i can't quite figure out. I've run my program on 4 (2 Macs and 2 running Ubuntu) computers on 2 of them (both university computers but 1 Mac and 1 Linux) I get a segfault. running it with gdb tells me that its in "?? ()". I've tried searching for the problem but can't find anything on that specific error.

    Had it said something like segfault in fscanf() I know that means the problem is with fscanf() and that im probably using bad arguments but what is "?? ()" ?

    For what its worth this is for a school assignment.
  2. #2
  3. Contributing User
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Aug 2011
    Posts
    4,963
    Rep Power
    481
    These cause segfault:

    fscanf(NULL,"");

    fscanf(valid_open_pointer_to_FILE,"%d",NULL);

    This likely causes segfault (and if it doesn't WWIII starts)

    void f(void){
    int i; /* uninitialized */
    scanf("%d",i);
    }


    It also causes compiler warnings.
    Compile with all warnings turned on.
    gcc warnings are enabled with
    -Wall

    This is how to avoid segfaults. Test before continuing.

    FILE*pf=fopen("somefile","r");
    if(NULL==pf)exit(1);/*stopIfTheFileDidn'tOpen*/

    int*array=malloc(40*sizeof(int));
    if(NULL==array)exit(1);/*memoryFailure*/

    int i;
    scanf("%d",&i);/*Yes, the address of the int*/


    char s[8];
    scanf("%4s",s);/*I think!*/


    I hope this answers your question....uh, you didn't ask one.
    [code]Code tags[/code] are essential for python code and Makefiles!
  4. #3
  5. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,253
    Rep Power
    2222
    That "?? ()" makes me wonder whether you are trying to use function pointers. If you are trying to use function pointers, then verify that you have initialized a function pointer before trying to use it.

    If that is not the case, then b49P23TIvg's reply still applies.

    For that matter, b49P23TIvg's reply always applies.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    8
    Rep Power
    0
    Originally Posted by dwise1_aol
    That "?? ()" makes me wonder whether you are trying to use function pointers. If you are trying to use function pointers, then verify that you have initialized a function pointer before trying to use it.

    If that is not the case, then b49P23TIvg's reply still applies.

    For that matter, b49P23TIvg's reply always applies.
    Thanks to both you and b49P23TIvg. No im not using function pointers. The strangest thing to me is that I only get segfaults when running on the schools computers. The computers running Lucid give me this error but then at home running Precise no problems.
  8. #5
  9. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,253
    Rep Power
    2222
    Don't be so sure about "no problems".

    I would suspect an unintialized pointer or an int being used as a pointer (as in the example of scanf("%i",i)). If you don't initialize a pointer, then it contains whatever garbage value had last been put in that memory location. Such garbage being misinterpreted as a memory address could point you outside of your memory space and hence trigger a SEGFAULT. But such garbage could just as easily and completely by accident point to a location inside your memory space and hence not trigger a SEGFAULT. So it's not that you don't have any problem on those other systems; the problem of the wild pointer is still there, but just by accident the problem is being hidden from you. In these cases, you are lucky if it crashes and very unlucky if it does not crash, because you think falsely that there's no problem.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    8
    Rep Power
    0
    Well I tied what you suggested and I stepped through the entire program. The program ran to the end and segfaulted only after running return 0; in main

    this is what it looked like on gdb:

    Code:
    109	  return 0;
    (gdb) step
    110	}
    (gdb) step
    0x00007ffff7a75c4d in __libc_start_main () from /lib/libc.so.6
    (gdb) 
    Single stepping until exit from function __libc_start_main, 
    which has no line number information.
    
    Program received signal SIGSEGV, Segmentation fault.
    0x000000000a2996f8 in ?? ()
    (gdb)
    If you can help in any way I'd appreciate it, Thanks again.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    8
    Rep Power
    0
    Originally Posted by dwise1_aol
    Don't be so sure about "no problems".

    I would suspect an unintialized pointer or an int being used as a pointer (as in the example of scanf("%i",i)). If you don't initialize a pointer, then it contains whatever garbage value had last been put in that memory location. Such garbage being misinterpreted as a memory address could point you outside of your memory space and hence trigger a SEGFAULT. But such garbage could just as easily and completely by accident point to a location inside your memory space and hence not trigger a SEGFAULT. So it's not that you don't have any problem on those other systems; the problem of the wild pointer is still there, but just by accident the problem is being hidden from you. In these cases, you are lucky if it crashes and very unlucky if it does not crash, because you think falsely that there's no problem.
    Yea Ok, I see what you mean...
  14. #8
  15. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,253
    Rep Power
    2222
    Originally Posted by taleman
    Well I tied what you suggested and I stepped through the entire program. The program ran to the end and segfaulted only after running return 0; in main
    It could be that you are clobbering your stack, destroying something like the return address. Though I would think that running it on different systems shouldn't make a difference ... unless the different systems have different versions of gcc that organize the stack differently. It's also possible that the different OSes handle this situation differently. When this happens in another function, the program crashes when you try to return. In main's case, you're returning to exit code.

    Clobbering (ie, overwriting memory that you shouldn't) can happen when you write outside the bounds of an array. I've also seen it happen when scanf'ing a short integer but specifying an int format.

    More food for thought. And, of course, with seeing the code we can only offer guesses.
  16. #9
  17. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,413
    Rep Power
    1871
    > Program received signal SIGSEGV, Segmentation fault.
    > 0x000000000a2996f8 in ?? ()
    ?? just means that the debugger couldn't find a matching symbol name.
    There are several reasons for this
    - that particular code/library was compiled without -g, so static functions are typically unknown to the debugger.
    - the symbol table was removed using the 'strip' utility
    - or it really is a bad address off in the weeds somewhere (quite likely in this case).

    > The program ran to the end and segfaulted only after running return 0; in main
    On your own Linux box, do
    sudo apt-get install valgrind

    Then do (replace with your actual program name)
    valgrind ./a.out
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  18. #10
  19. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,643
    Rep Power
    4248
    Originally Posted by taleman
    running it with gdb tells me that its in "?? ()". I've tried searching for the problem but can't find anything on that specific error.

    Had it said something like segfault in fscanf() I know that means the problem is with fscanf() and that im probably using bad arguments but what is "?? ()" ?

    For what its worth this is for a school assignment.
    Have you tried compiling your project with the -g argument. That tells the C compiler that you want to include debug symbols into the executable and may tell you the actual name of ??() when running it through gdb.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    8
    Rep Power
    0
    Originally Posted by Scorpions4ever
    Have you tried compiling your project with the -g argument. That tells the C compiler that you want to include debug symbols into the executable and may tell you the actual name of ??() when running it through gdb.
    I have tried, I still get ?? (). however it seems like the problem is in fact with the version gcc. It only seems to fail with gcc-4.4 gcc-4.7 works everytime and 4.4 fails everytime.

    Does that mean that gcc-4.7 isn't failing where it should be?

    > The program ran to the end and segfaulted only after running return 0; in main
    On your own Linux box, do
    sudo apt-get install valgrind

    Then do (replace with your actual program name)
    valgrind ./a.out
    Tried this, infact it produces errors, but I doon't really know what any of it means.

    Code:
    Invalid read of size 1
    ==3207==    at 0x4F22427: hsearch_r (hsearch_r.c:158)
    ==3207==    by 0x4F222CD: hsearch (hsearch.c:34)
    ==3207==    by 0x401526: mvp (in /home/tale/proj2/nba)
    ==3207==    by 0x400942: main (in /home/tale/proj2/nba)
    ==3207==  Address 0x51f13a9 is 4 bytes after a block of size 5 alloc'd
    ==3207==    at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==3207==    by 0x4014D6: mvp (in /home/tale/proj2/nba)
    ==3207==    by 0x400942: main (in /home/tale/proj2/nba)
  22. #12
  23. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,253
    Rep Power
    2222
    Why are you still forcing us to guess what your program is doing?
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    8
    Rep Power
    0
    Originally Posted by dwise1_aol
    Why are you still forcing us to guess what your program is doing?
    What should I do? Post the code? Here are the parts that are being run.

    The segfault occurs in 'D' mvp();

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    #include <search.h>
    #include "stats.h"
    
    
    int main(int argc, char *argv[])
    {
    
      if(argc < 3 && ( (*argv[1] == 'A') || (*argv[1] == 'B') ))
       {
         printf("Invlid number of arguments\nUSAGE: %s [filename] [argument]\n", argv[0]);
         exit(0);
       }
     else
       {
    
         if(*argv[1] == 'A')
           {
    	 pSearch(argv[2]);
           }
         else if(*argv[1] == 'B')
           {      
    	 pSort(argv[2]);
           }
         else if(*argv[1] == 'C')
           {
    	 bestOffDef();
           }
         else if(*argv[1] == 'D')
           {
    	 mvp();
           }
         else
           {
    	 printf("%s is not a valid arguemnt\n", argv[1]);
           }
       }
    
      return 0;
    }
    This is where the segfault is occuring.

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    #include <search.h>
    #include "player.h"
    
    player *countVotes(player *mvp, int voteCast, int votePoints)
    {
      ENTRY *lookup;
      ENTRY  *curPlayer;
      player *curVote;
    
      lookup->key = (char *) malloc(5*sizeof(char));
    
      sprintf(lookup->key, "%d", voteCast); 
    
      curPlayer = hsearch(*lookup, FIND);	  
      curVote = (player *) curPlayer->data;	  
      curVote->mvpVotes += votePoints;
    	 
      if(curVote->mvpVotes > mvp->mvpVotes)
          mvp = curVote;
    
      free(lookup->key);
      return mvp;
    }
    
    void mvp()
    {
      player *mvp;
      player * head = NULL;
      int i = 0;
      int j = 0;
    
      player *p1 = head;
      player *previous;
    
      ENTRY *item;
    
      FILE * fp = fopen("players.txt", "r");
      hcreate(1000000);
      
      head = p1 = (player *) malloc (sizeof(player));
      
      while (fscanf(fp,"%d %s %f %f %f %f %f %d %d %d", &p1->id, p1->name, &p1->ppg, &p1->apg, &p1->rpg, &p1->spg, &p1->mpg, &p1->vote1, &p1->vote2, &p1->vote3) > 0)
        {
          p1->mvpVotes = 0;
          item = (ENTRY *) malloc(sizeof(ENTRY));
          item->key = (char *) malloc(5*sizeof(char));
          sprintf(item->key, "%d", p1->id);
          item->data =  p1;
          hsearch(*item, ENTER);
          p1->next = (player *) malloc(sizeof(player));
          previous = p1;
          p1 = p1->next;
          i++;
        }
      free(p1);
    
      p1 = head;
      mvp = p1;
     
      for(j; j < i; j++)
        {
          if(p1->id != p1->vote1)
    	  mvp = countVotes(mvp, p1->vote1, 3);	  
    
          if((p1->id != p1->vote2) && (p1->vote1 != p1->vote2))
    	  mvp = countVotes(mvp, p1->vote2, 2);
    
          if((p1->id != p1->vote3) && (p1->vote1 != p1->vote3) && (p1->vote2 != p1->vote3))
    	  mvp = countVotes(mvp, p1->vote3, 1);
    
          p1 = p1->next; 
        }
    
      printf("The MVP is %s (%d), with %d point(s)\n", mvp->name, mvp->id, mvp->mvpVotes);
      
    }
    Struct players:

    Code:
    typedef struct __player
    {
      int id;
      char name[25];
    
      float ppg;
      float apg;
      float rpg;
      float spg;
      float mpg;
    
      int vote1;
      int vote2;
      int vote3;
    
      int mvpVotes;
    
      struct __player *next;
    
    }player;
    I hope this is what you wanted me to do. Thanks again.
  26. #14
  27. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,253
    Rep Power
    2222
    I know that this may be a very strange concept, but just because you can see your code does not mean that we can too. Think about that for a while.

    Now for a stupid question. In mvp(), you have
    Code:
      head = p1 = (player *) malloc (sizeof(player));
      
      while (fscanf(fp,"%d %s %f %f %f %f %f %d %d %d", &p1->id, p1->name, &p1->ppg, &p1->apg, &p1->rpg, &p1->spg, &p1->mpg, &p1->vote1, &p1->vote2, &p1->vote3) > 0)
        {
          p1->mvpVotes = 0;
          item = (ENTRY *) malloc(sizeof(ENTRY));
          item->key = (char *) malloc(5*sizeof(char));
          sprintf(item->key, "%d", p1->id);
          item->data =  p1;
          hsearch(*item, ENTER);
          p1->next = (player *) malloc(sizeof(player));
          previous = p1;
          p1 = p1->next;
          i++;
        }
      free(p1);
    Why are you free'ing what p1 is pointing to here? For that matter, just what exactly is p1 pointing to at that instant?

    PS
    OK, I see that you are undoing that p1->next = (player *) malloc(sizeof(player));.

    With the fscanf, why are you only testing for at least one successful conversion? Shouldn't you instead be testing for fscanf returning a full 10? What happens if it only returns a 5?

    For that matter, what happens if the file fails to open? Or a malloc fails to work?

    Also, you have a memory leak here. Because this linked list only exists inside this function and the memory you allocate to it can only be accessed within this function (since head is lost when you return), you need to free it up before you exit the function.

    And when you compile your program with the -Wall option, what warnings do you get? This is a very important question. What warnings do you get? You need to run this test yourself, since we would need the entire program to test it ourselves.
    Last edited by dwise1_aol; April 16th, 2013 at 12:34 PM.
  28. #15
  29. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,253
    Rep Power
    2222
    mvp() calls countVotes():
    Code:
    player *countVotes(player *mvp, int voteCast, int votePoints)
    {
      ENTRY *lookup;
      ENTRY  *curPlayer;
      player *curVote;
    
      lookup->key = (char *) malloc(5*sizeof(char));
    
      sprintf(lookup->key, "%d", voteCast); 
    
      curPlayer = hsearch(*lookup, FIND);
    You're malloc'ing lookup->key, but where did you ever malloc lookup?

    lookup is an uninitialized pointer. Since it's a local variable, it's filled with garbage and so it could be pointing anywhere, including at your own foot ("C gives you enough rope to shoot yourself in the foot"). This is prime SEGFAULT fodder.

    Your compiler should have warned you about using an unintialized pointer when you compiled with the -Wall option.

    Yet again, what warnings did you get when you compiled with the -Wall option?

    That is the second time that I've had to ask you and I'm the second person in this thread to have asked you about warnings. They really are that important. Warnings are much more important than error messages are. Never ignore a warning.
    Last edited by dwise1_aol; April 16th, 2013 at 01:37 PM.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo