【问题标题】:C: Please help me debug this memory-related seg faultC: 请帮我调试这个内存相关的段错误
【发布时间】:2011-07-28 09:02:11
【问题描述】:

我有以下 C 代码:

static void* heap;
static unsigned int ptr;

int main(void) {
    ...
    heap=(void*)malloc(10000*sizeof(char));
    ptr=&heap;

    /*Actual sniffing*/
    pcap_loop(handle,-1,callback,NULL);

    return 0;
}

这里是每隔一段时间被调用的回调函数:

void callback(u_char *useless,const struct pcap_pkthdr* header,const u_char* packet){
   const u_char *payload;
   ...
   payload = (u_char *)(packet + size_ethernet + size_ip + size_tcp);

   unsigned int hash=DJBHash(payload,strlen(payload));
   printf("%u\n",hash);   //ok

   int len=strlen(payload)*sizeof(u_char);

   printf("len:%d, ptr:%d\n",len,ptr);   //ok

   memcpy(ptr,(char)payload,len*sizeof(u_char));   //I'm getting a seg fault here!
   ptr+=len;
}

这是我的 valgrind 转储:

==8687== Memcheck, a memory error detector
==8687== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==8687== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==8687== Command: ./ByteCache
==8687== 
==8687== Syscall param socketcall.setsockopt(optval) points to uninitialised byte(s)
==8687==    at 0x514D12A: setsockopt (syscall-template.S:82)
==8687==    by 0x4E34991: ??? (in /usr/lib/libpcap.so.1.1.1)
==8687==    by 0x4E34AB2: ??? (in /usr/lib/libpcap.so.1.1.1)
==8687==    by 0x401A3F: main (ByteCache.c:123)
==8687==  Address 0x7fefffb42 is on thread 1's stack
==8687== 
2912431451
len:12, ptr:6304012
==8687== Invalid read of size 8
==8687==    at 0x4C2A337: memcpy (mc_replace_strmem.c:635)
==8687==    by 0x4018CB: callback (ByteCache.c:77)
==8687==    by 0x4E34E24: ??? (in /usr/lib/libpcap.so.1.1.1)
==8687==    by 0x4E3A818: pcap_loop (in /usr/lib/libpcap.so.1.1.1)
==8687==    by 0x401AB4: main (ByteCache.c:133)
==8687==  Address 0x80 is not stack'd, malloc'd or (recently) free'd
==8687== 
==8687== 
==8687== Process terminating with default action of signal 11 (SIGSEGV)
==8687==  Access not within mapped region at address 0x80
==8687==    at 0x4C2A337: memcpy (mc_replace_strmem.c:635)
==8687==    by 0x4018CB: callback (ByteCache.c:77)
==8687==    by 0x4E34E24: ??? (in /usr/lib/libpcap.so.1.1.1)
==8687==    by 0x4E3A818: pcap_loop (in /usr/lib/libpcap.so.1.1.1)
==8687==    by 0x401AB4: main (ByteCache.c:133)
==8687==  If you believe this happened as a result of a stack
==8687==  overflow in your program's main thread (unlikely but
==8687==  possible), you can try to increase the size of the
==8687==  main thread stack using the --main-stacksize= flag.
==8687==  The main thread stack size used in this run was 8388608.
==8687== 
==8687== HEAP SUMMARY:
==8687==     in use at exit: 22,711 bytes in 11 blocks
==8687==   total heap usage: 41 allocs, 30 frees, 38,352 bytes allocated
==8687== 
==8687== LEAK SUMMARY:
==8687==    definitely lost: 0 bytes in 0 blocks
==8687==    indirectly lost: 0 bytes in 0 blocks
==8687==      possibly lost: 0 bytes in 0 blocks
==8687==    still reachable: 22,711 bytes in 11 blocks
==8687==         suppressed: 0 bytes in 0 blocks
==8687== Reachable blocks (those to which a pointer was found) are not shown.
==8687== To see them, rerun with: --leak-check=full --show-reachable=yes
==8687== 
==8687== For counts of detected and suppressed errors, rerun with: -v
==8687== Use --track-origins=yes to see where uninitialised values come from
==8687== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
Segmentation fault

不幸的是,我似乎无法理解它。

非常感谢任何见解。

非常感谢,


感谢 Kerrick SB,让我更进一步。

现在是输出:

eamorr@Compaq6000:/mnt/eamorr/workspace/ByteCache/Debug# ./ByteCache
361457034
len:872, ptr:6304000
46267872
len:12, ptr:-92779411
Segmentation fault

我可以看到一个负指针?我不知道这怎么可能。我什至把 ptr 改成了 unsigned int 类型。

【问题讨论】:

  • 函数是否会被多次调用并增加ptr 以至于超出缓冲区?
  • 是的,函数被多次调用,缓冲区可能溢出。但是,我在第一次调用回调时遇到了段错误...
  • 为什么要打印带有%d 的无符号值?应该是%u。无论如何,看起来其他东西在两次调用之间弄乱了ptr 的值。
  • 是的,确实应该是%u。我真的不知道调用之间的 ptr 会出现什么问题。

标签: c pointers segmentation-fault valgrind


【解决方案1】:

我不认为你想要 ptr = &heap,你想要 ptr = heap。 malloc 返回一个指向它分配的内存的指针,这似乎是您试图在回调中引用的内容。

您只想使用 & 来获取某物的地址。例如: 我的结构我的变量; void* pAPointer = &MyVariable;

如果你正在 malloc-ing 你会得到一个返回的指针: MyStructure *pPointerToStructure = malloc(sizeof(MyStructure));

在 pPointerToStructure 上使用 & 为您提供指向指针的指针,而不是指向 malloc 调用分配的内存

【讨论】:

    【解决方案2】:

    memcpy 将 void 指针作为其参数,但您将第二个参数转换为 char。要解决这个问题:

    memcpy(ptr, (const void *) payload, len * sizeof(u_char));
    

    就此而言,您为什么不将ptr 声明为void**(即说static void ** ptr;)?

    另外,为什么所有的过度铸造?您不需要转换 malloc()payload = 赋值的结果,因为它们已经是正确的类型。最后,len 应该是 size_t 类型,因为它是一个大小类型(即无符号)。

    【讨论】:

    • 您好,非常感谢您的回复!当我用你的线路替换 memcpy(...) 时,我更进一步 - 我现在第二次进入回调函数时遇到段错误......另外,我必须弄清楚如何将 ptr 声明为void** - 我在指针方面有点菜鸟......我已经更新了 OP 以包含输出。
    • 另外,如果您想将 ptr 保留为整数而不是指针,那么至少使用 long,因为 int 在 64 位机器上只有 32 位长,并且它将无法存储指针正确。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-05-12
    • 1970-01-01
    • 2016-03-02
    • 2022-10-17
    • 1970-01-01
    相关资源
    最近更新 更多