#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2017
    Posts
    4
    Rep Power
    0

    Error in `./malloc': double free or corruption


    My code:
    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    int main()
    {
    	int *p;
    	p = malloc(1024);
    	if(p == NULL) perror("malloc");
    
    	int i=0, s;
    	for(*p = i; *p != 100001; *p=s, i++)
    	{
    		s=i+1;
    		printf("%08i\n", *p);
    	}
    	free(p);
    	i=0;
    	for(*p = i; *p != 100001; *p=s, i++)
       {
          s=i+1;
          printf("%08i\n", *p);
       }
    	free(p);
    	i=0;
    	for(*p = i; *p != 100001; *p=s, i++)
       {
          s=i+1;
          printf("%08i\n", *p);
       }
    	free(p);
    }
    i run command
    gcc malloc.c -o malloc && ./malloc
    And on the third cycle I got this error:
    *** Error in `./malloc': double free or corruption (!prev): 0x000055a4d07c0010 ***
    ======= Backtrace: =========
    /lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7feded4f5bcb]
    /lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7feded4fbf96]
    /lib/x86_64-linux-gnu/libc.so.6(+0x777de)[0x7feded4fc7de]
    ./malloc(+0x86d)[0x55a4cef9d86d]
    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7feded4a52b1]
    ./malloc(+0x68a)[0x55a4cef9d68a]
    ======= Memory map: ========
    55a4cef9d000-55a4cef9e000 r-xp 00000000 08:01 6032090 /home/admin/programs/malloc
    55a4cf19d000-55a4cf19e000 r--p 00000000 08:01 6032090 /home/admin/programs/malloc
    55a4cf19e000-55a4cf19f000 rw-p 00001000 08:01 6032090 /home/admin/programs/malloc
    55a4d07c0000-55a4d07e1000 rw-p 00000000 00:00 0 [heap]
    7fede8000000-7fede8021000 rw-p 00000000 00:00 0
    7fede8021000-7fedec000000 ---p 00000000 00:00 0
    7feded26e000-7feded284000 r-xp 00000000 08:01 262253 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7feded284000-7feded483000 ---p 00016000 08:01 262253 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7feded483000-7feded484000 r--p 00015000 08:01 262253 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7feded484000-7feded485000 rw-p 00016000 08:01 262253 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7feded485000-7feded61a000 r-xp 00000000 08:01 262232 /lib/x86_64-linux-gnu/libc-2.24.so
    7feded61a000-7feded81a000 ---p 00195000 08:01 262232 /lib/x86_64-linux-gnu/libc-2.24.so
    7feded81a000-7feded81e000 r--p 00195000 08:01 262232 /lib/x86_64-linux-gnu/libc-2.24.so
    7feded81e000-7feded820000 rw-p 00199000 08:01 262232 /lib/x86_64-linux-gnu/libc-2.24.so
    7feded820000-7feded824000 rw-p 00000000 00:00 0
    7feded824000-7feded847000 r-xp 00000000 08:01 262228 /lib/x86_64-linux-gnu/ld-2.24.so
    7fededa29000-7fededa2b000 rw-p 00000000 00:00 0
    7fededa43000-7fededa47000 rw-p 00000000 00:00 0
    7fededa47000-7fededa48000 r--p 00023000 08:01 262228 /lib/x86_64-linux-gnu/ld-2.24.so
    7fededa48000-7fededa49000 rw-p 00024000 08:01 262228 /lib/x86_64-linux-gnu/ld-2.24.so
    7fededa49000-7fededa4a000 rw-p 00000000 00:00 0
    7ffc2c7f5000-7ffc2c816000 rw-p 00000000 00:00 0 [stack]
    7ffc2c8c4000-7ffc2c8c6000 r--p 00000000 00:00 0 [vvar]
    7ffc2c8c6000-7ffc2c8c8000 r-xp 00000000 00:00 0 [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
  2. #2
  3. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,473
    Rep Power
    1875
    1. Your indentation sucks.
    2. You have multiple calls to free(), what about the "double free" is confusing you? Just delete the spare free() calls until you're actually done.
    3. Your 's' variable is uninitialised.
    4. Your malloc only allocates 1024 bytes, not 1024 int's.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2017
    Posts
    4
    Rep Power
    0
    Originally Posted by salem
    1. Your indentation sucks.
    2. You have multiple calls to free(), what about the "double free" is confusing you? Just delete the spare free() calls until you're actually done.
    3. Your 's' variable is uninitialised.
    4. Your malloc only allocates 1024 bytes, not 1024 int's.
    1) Your answer is very blunt.
    2) If you are blind then I will tell you where the initialized variable is.
    Code:
    int i=0, s;
    3) Why do you find fault with the size of the indicated malloc when you can just clearly answer and not carry the garbage at random?

    If you do not want to help, then do not write the answers, you are very bad at it.
  6. #4
  7. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,473
    Rep Power
    1875
    > 1) Your answer is very blunt.
    If you want sugar coating for a snowflake generation, then you're in the wrong career. You can't negotiate with a compiler.

    > If you are blind then I will tell you where the initialized variable is.
    Explain how i = 0 initialises s.

    > Why do you find fault with the size of the indicated malloc when you can just clearly answer and not carry the garbage at random?
    Because it's plainly wrong for the purpose to which you're using it.


    Fine, I'll just ignore you as a waste of space luvvie still wanting cuddles from mommy.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  8. #5
  9. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,325
    Rep Power
    2226
    HackerEee, it is indeed true that you indentation sucks.  However, the fault lies in your mixing of tab characters with spaces.  The bodies of the last two for loops are indented with spaces whereas the rest of the program is indented with tabs.  

    While your editor's tab settings may be set to something like 4 columns, whenever you copy that code to another program, such as our browsers, then tab characters get displayed with the default value of 8.  Therefore, the result of your having mixed two different indenting practices, tabs vs. spaces, is a screwed up code listing.  Stick with one or the other, but don't mix them together.  I recommend using spaces, so that you will always know how the indentation will be displayed.

    As it should be:
    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    
    
    
    int main()
    {
        int *p;
        p = malloc(1024);
        if(p == NULL) perror("malloc");
    
    
    
    
        int i=0, s;
        for(*p = i; *p != 100001; *p=s, i++)
        {
            s=i+1;
            printf("%08i\n", *p);
        }
        free(p);
        i=0;
        for(*p = i; *p != 100001; *p=s, i++)
        {
            s=i+1;
            printf("%08i\n", *p);
        }
        free(p);
        i=0;
        for(*p = i; *p != 100001; *p=s, i++)
        {
            s=i+1;
            printf("%08i\n", *p);
        }
        free(p);
    }
    Now because of the messed up display of your code, salem couldn't see the s = i+1; inside each for loop.  However, your response to him is still invalid:
    Code:
    int i=0, s;
    That initializes i, but it does not initialize s.

    And he is still correct to point out that you only malloc'd 1024 bytes, not ints.  To malloc that many ints, you would need:
    Code:
    p = malloc(1024*sizeof(int));
    And he is also still correct that you have called malloc only once whereas you call free three times!  That is clearly two times too many.  What part of that are you too arrogant to understand?
  10. #6
  11. Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Aug 2011
    Posts
    5,824
    Rep Power
    509
    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    int main()
    {
      int *p;
      p = malloc(1024);
      if(p == NULL) perror("malloc");
    
      int i=0, s;
      for(*p = i; *p != 100001; *p=s, i++)
        {
          s=i+1;
          printf("%08i\n", *p);
        }
      free(p);  // you no longer own the memory
      i=0;
      for(*p = i; *p != 100001; *p=s, i++)   // c does not enforce bound checking
        {
          s=i+1;
          printf("%08i\n", *p);
        }
      free(p);  // program quit here.  You tried to free memory that isn't yours.
    this thread is unreal.
    [code]Code tags[/code] are essential for python code and Makefiles!
  12. #7
  13. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,325
    Rep Power
    2226
    Originally Posted by b49P23TIvg
    this thread is unreal.
    I agree.  The program makes no sense at all.  

    All he is doing is repeatedly storing into a single int location the values of (i+1) as it iterates from 0 to 100,000 -- hopefully in this implementation an int is at least 32 bits.  

    Then he does the exact same thing two more times, but only after he has free'd the int he had malloc'd.  And with no indication whether he's been able to understand that he can only free any malloc'd memory once and only once.

    But why malloc 1024 bytes instead of a sizeof(int)?  That makes absolutely no sense whatsoever!

    And of course he attacks those who try to help him.   Hope he enjoys his short career in programming.

IMN logo majestic logo threadwatch logo seochat tools logo