如何解决“n 字节的无效写入大小”和“地址 ___ 在大小为 n 的块后为 n 字节分配”?

【问题标题】:How to solve "invalid write size of n bytes" and "Address ___ is n bytes after a block of size n alloc'd"?如何解决“n 字节的无效写入大小”和“地址 ___ 在大小为 n 的块后为 n 字节分配”?
【发布时间】:2014-03-22 15:00:03
【问题描述】:

valgrind --tool=memcheck --leak-check=yes ./9algorithm (这是我从 valgrind 得到的错误信息)

==3110==  Invalid write of size 1
==3110==    at 0x400FD8: main (9algorithm.c:223)
==3110==  Address 0x51fc372 is 0 bytes after a block of size 2 alloc'd
==3110==    at 0x4C2C6AE: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x400FF5: main (9algorithm.c:226)
==3110== 
==3110== Invalid write of size 1
==3110==    at 0x40102F: main (9algorithm.c:233)
==3110==  Address 0x52ff657 is 1 bytes after a block of size 1,990 alloc'd
==3110==    at 0x4C2C6AE: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x400FF5: main (9algorithm.c:226)
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4C3052E: strstr (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x400B20: mag_parse (9algorithm.c:63)
==3110==    by 0x40105B: main (9algorithm.c:235)
==3110== 
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4C3052E: strstr (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x400C56: place_parse (9algorithm.c:103)
==3110==    by 0x401088: main (9algorithm.c:236)
==3110== 
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4C3052E: strstr (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x400DB2: time_parse (9algorithm.c:145)
==3110==    by 0x4010B6: main (9algorithm.c:237)
==3110== 
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4E80D0F: vfprintf (vfprintf.c:1655)
==3110==    by 0x4E87FF8: printf (printf.c:34)
==3110==    by 0x401131: main (9algorithm.c:239)
==3110== 
(null), Magnitude : (null), (null)
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4C2B5C2: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x4011DF: main (9algorithm.c:326)
==3110== 
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4C2B5C2: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x4011EF: main (9algorithm.c:327)
==3110== 
==3110== Conditional jump or move depends on uninitialised value(s)
==3110==    at 0x4C2B5C2: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x4011FF: main (9algorithm.c:328)
==3110== 
==3110== 
==3110== HEAP SUMMARY:
==3110==     in use at exit: 3,579 bytes in 2 blocks
==3110==   total heap usage: 1,794 allocs, 1,792 frees, 1,623,686 bytes allocated
==3110== 
==3110== 3,579 bytes in 2 blocks are definitely lost in loss record 1 of 1
==3110==    at 0x4C2C6AE: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3110==    by 0x400FF5: main (9algorithm.c:226)
==3110== 
==3110== LEAK SUMMARY:
==3110==    definitely lost: 3,579 bytes in 2 blocks
==3110==    indirectly lost: 0 bytes in 0 blocks
==3110==      possibly lost: 0 bytes in 0 blocks
==3110==    still reachable: 0 bytes in 0 blocks
==3110==         suppressed: 0 bytes in 0 blocks
==3110== 
==3110== For counts of detected and suppressed errors, rerun with: -v
==3110== Use --track-origins=yes to see where uninitialised values come from
==3110== ERROR SUMMARY: 1799 errors from 10 contexts (suppressed: 2 from 2)

当我运行 ./9algorithm 时,它给了我这个错误:

, Magnitude : , (null)
*** Error in `./9algorithm': free(): invalid pointer: 0x00007fff8a4d7a10 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x80996)[0x7f48a7eb3996]
./9algorithm[0x4011e0]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f48a7e54de5]
./9algorithm[0x400839]
======= Memory map: ========
00400000-00402000 r-xp 00000000 08:07 1965405                            /home/Desktop/9algorithm
00601000-00602000 r--p 00001000 08:07 1965405                            /home/Desktop/9algorithm
00602000-00603000 rw-p 00002000 08:07 1965405                            /home/Desktop/9algorithm
01377000-01398000 rw-p 00000000 00:00 0                                  [heap]
7f48a7c1d000-7f48a7c32000 r-xp 00000000 08:07 654085                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f48a7c32000-7f48a7e31000 ---p 00015000 08:07 654085                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f48a7e31000-7f48a7e32000 r--p 00014000 08:07 654085                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f48a7e32000-7f48a7e33000 rw-p 00015000 08:07 654085                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7f48a7e33000-7f48a7ff0000 r-xp 00000000 08:07 658204                     /lib/x86_64-linux-gnu/libc-2.17.so
7f48a7ff0000-7f48a81f0000 ---p 001bd000 08:07 658204                     /lib/x86_64-linux-gnu/libc-2.17.so
7f48a81f0000-7f48a81f4000 r--p 001bd000 08:07 658204                     /lib/x86_64-linux-gnu/libc-2.17.so
7f48a81f4000-7f48a81f6000 rw-p 001c1000 08:07 658204                     /lib/x86_64-linux-gnu/libc-2.17.so
7f48a81f6000-7f48a81fb000 rw-p 00000000 00:00 0 
7f48a81fb000-7f48a821e000 r-xp 00000000 08:07 658180                     /lib/x86_64-linux-gnu/ld-2.17.so
7f48a8403000-7f48a8406000 rw-p 00000000 00:00 0 
7f48a8418000-7f48a841d000 rw-p 00000000 00:00 0 
7f48a841d000-7f48a841e000 r--p 00022000 08:07 658180                     /lib/x86_64-linux-gnu/ld-2.17.so
7f48a841e000-7f48a8420000 rw-p 00023000 08:07 658180                     /lib/x86_64-linux-gnu/ld-2.17.so
7fff8a4b9000-7fff8a4da000 rw-p 00000000 00:00 0                          [stack]
7fff8a5ca000-7fff8a5cc000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)

main.c (第 223 行 - 无效的写入大小) (第 233 行 - 无效的写入大小) (第 226 行 - 地址 ... 在一个块之后 ....)

int main()
{
   FILE *fp = 0;
   char *filename = "e_quake.txt";
   struct information *e_quakePtr = 0;
   char *line = 0;
   char c = 0;
   int k = 0;
   int h = 0;

   fp = fopen(filename,"r");

   if(!fp){
       printf("Unable to open file: %s\n",filename);
       return -1;
   }

   e_quakePtr = (struct information *)malloc(1 * sizeof(struct information));

   if(!e_quakePtr){
       printf("Error on malloc on e_quakePtr");
       return 1;
   }

   line = (char *)malloc(1 * sizeof(char));

   if(!line){
       printf("Error on malloc on line");
       return 1;
   }

   while( (c = fgetc(fp)) != EOF ){
    if(c != '\n'){
        line[h] = c;
        h++;

        line = (char *)realloc(line,(h+1) * sizeof(char));
        if(!line){
            printf("Error on realloc on line");
            return 1;
        }
    }else{
        h++;
        line[h] = 0;

        e_quakePtr[k].mag = mag_parse(line);
        e_quakePtr[k].place = place_parse(line);
        e_quakePtr[k].time = time_parse(line);

        printf("%s, Magnitude : %s, %s\n",e_quakePtr[k].place, e_quakePtr[k].mag, e_quakePtr[k].time);

        k++;
        e_quakePtr = (struct information *)realloc(e_quakePtr,(k+1) * sizeof(struct information));

        if(!e_quakePtr){
            printf("Error on realloc on e_quakePtr");
            return 1;
        }

        h = 0;
        free(line);

        line = (char *)malloc(1 * sizeof(char));

        if(!line){
            printf("Error on malloc on line");
            return 1;
        }

    }


   free(e_quakePtr->mag);
   free(e_quakePtr->place);
   free(e_quakePtr->time);
   free(e_quakePtr);

   fclose(fp);
   return 0;
}

我找不到问题的根源。当我尝试使用另一种算法时,我使用的外部函数似乎可以工作。但是对于这个,我的 main.c 有问题

【问题讨论】:

  • 与您的问题无关:您应该使用 NULL 而不是 0 进行指针初始化。
  • 在 C 中你 should not cast the return of malloc (and family).
  • 注意! :) 谢谢你 :)
  • 投不投有什么区别? @Joachim Pileborg
  • 阅读链接的答案。它实际上可以有所作为。

标签: c pointers memory valgrind


【解决方案1】:

你的逻辑有错误

 h++;
 line[h] = 0;

我认为这个字符没有分配。

还有:

  • malloc和朋友的返回很容易隐藏细微的错误, 不要那样做。
  • sizeof(char) 定义为 1

【讨论】:

  • 我应该把 realloc 放在哪里?在“h++;”之前表达式?
【解决方案2】:

你不应该那样重新分配。改为这样做

char *temp;

temp = realloc(line, (h+1) * sizeof(char));
if(!temp){
    printf("Error on realloc on line");
    free(line);
    return 1;
}
else{line = temp;}

变态

【讨论】:

  • 所以我需要初始化另一个变量 temp?
  • @Mahrrkiee 是的,因为如果 realloc 失败,那么 line 变为 NULL 并且你不能再释放它
【解决方案3】:

每次你的写作

 line = (char *)malloc(1 * sizeof(char));

它只是为行分配一个字符。可能您的意思不止一个字符,例如使用 realloc 时。您还可以在循环中每次使用大小 1 对其进行 malloc,只要您不遇到换行符,它只会覆盖前一个指针,泄漏 1 个字符的内存。 

    free(line);

    line = (char *)malloc(1 * sizeof(char));

顺便说一句,sizeof(char) 在 C 标准中定义为 1,所以

 1 * sizeof(char) == 1 * 1 == 1

sizeof 只返回一个类型的“多少个字符宽”。这就像问“char中的字符数”

如果您想确保它是类型感知分配,常见的最佳做法是:

  line = malloc(n * sizeof(*line));

这样,即使*line的类型改变了,malloc还是可以的。

【讨论】:

  • realloc(line,0) 是否与 sa free(line) 相同? @buellagabor
  • 只要在main中使用这些东西,就不需要free它们,一旦main返回它们就会被操作系统收回。如果这是一个可以在任何地方调用的通用函数,您只需在函数末尾释放它,就像使用 e_quakePtr 一样。
  • realloc(p, 0) -> 我的手册页说“如果大小为零且 ptr 不为 NULL,则分配一个新的、最小大小的对象并释放原始对象。”标准没有说明这种情况,只是“未指定的行为”是“当请求的大小为零时,calloc、malloc 和 realloc 函数是否返回空指针或指向已分配对象的指针”所以你的 realloc 可能返回NULL,还是只分配1个字节,我不知道
【解决方案4】:

这里有一些有用的 Valgrind 提示 -

Excerpt from Valgrind documentation

【讨论】:

    猜你喜欢
    • 2015-03-17
    • 2023-03-03
    • 1970-01-01
    • 2019-10-29
    • 1970-01-01
    • 2013-02-21
    • 1970-01-01
    • 2023-03-23
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode