Invalid write,read when allocating memory in c - c

I have this function split_text that takes in a char array text and attempts to split it into sub-arrays using the token as the split value, res is an array of pointers to each of the sub-strings
int split_text(char * text, char * token, char ** res)
{
int x =0;
char * tmp = strtok(text , token);
while (tmp != NULL)
{
res[x] = malloc(1024);
strcpy(res[x], tmp);
x++;
*res = realloc(*res, sizeof(char*)*(x+1));
tmp = strtok(NULL , token);
}
return x;
}
int main()
{
char text[] = "Hello world this is elliot";
char ** ptr = (char**)malloc(sizeof(char*));
int x = split_text(text, " ", ptr);
for (int i =0; i< x; i++)
printf("%s\n", ptr[i]);
return 0;
}
when compiling this code it works fine as in it displays the sub-strings each on a new line but when ran with valgrind, I get many Invalid write of size 8 and Invalid read of size 8
Here is the full valgrind output
==74210== Memcheck, a memory error detector
==74210== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==74210== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==74210== Command: ./a.out
==74210==
==74210== Invalid write of size 8
==74210== at 0x1091D0: split_text (split.c:23)
==74210== by 0x1092B2: main (split.c:38)
==74210== Address 0x4a3f048 is 0 bytes after a block of size 8 alloc'd
==74210== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==74210== by 0x109294: main (split.c:36)
==74210==
==74210== Invalid read of size 8
==74210== at 0x1091E7: split_text (split.c:24)
==74210== by 0x1092B2: main (split.c:38)
==74210== Address 0x4a3f048 is 0 bytes after a block of size 8 alloc'd
==74210== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==74210== by 0x109294: main (split.c:36)
==74210==
Hello
==74210== Invalid read of size 8
==74210== at 0x1092D3: main (split.c:42)
==74210== Address 0x4a3f048 is 0 bytes after a block of size 8 alloc'd
==74210== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==74210== by 0x109294: main (split.c:36)
==74210==
world
this
is
elliot
==74210==
==74210== HEAP SUMMARY:
==74210== in use at exit: 4,152 bytes in 6 blocks
==74210== total heap usage: 12 allocs, 6 frees, 6,312 bytes allocated
==74210==
==74210== LEAK SUMMARY:
==74210== definitely lost: 4,104 bytes in 5 blocks
==74210== indirectly lost: 48 bytes in 1 blocks
==74210== possibly lost: 0 bytes in 0 blocks
==74210== still reachable: 0 bytes in 0 blocks
==74210== suppressed: 0 bytes in 0 blocks
==74210== Rerun with --leak-check=full to see details of leaked memory
==74210==
==74210== ERROR SUMMARY: 12 errors from 3 contexts (suppressed: 0 from 0)
==74210==
==74210== 4 errors in context 1 of 3:
==74210== Invalid read of size 8
==74210== at 0x1092D3: main (split.c:42)
==74210== Address 0x4a3f048 is 0 bytes after a block of size 8 alloc'd
==74210== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==74210== by 0x109294: main (split.c:36)
==74210==
==74210==
==74210== 4 errors in context 2 of 3:
==74210== Invalid read of size 8
==74210== at 0x1091E7: split_text (split.c:24)
==74210== by 0x1092B2: main (split.c:38)
==74210== Address 0x4a3f048 is 0 bytes after a block of size 8 alloc'd
==74210== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==74210== by 0x109294: main (split.c:36)
==74210==
==74210==
==74210== 4 errors in context 3 of 3:
==74210== Invalid write of size 8
==74210== at 0x1091D0: split_text (split.c:23)
==74210== by 0x1092B2: main (split.c:38)
==74210== Address 0x4a3f048 is 0 bytes after a block of size 8 alloc'd
==74210== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==74210== by 0x109294: main (split.c:36)
==74210==
==74210== ERROR SUMMARY: 12 errors from 3 contexts (suppressed: 0 from 0)
I know that it is reading and writing from invalid memory places but it still outputs the split-ed text as sub-strings
Why do I get these errors and how do I fix them?


At least this statement
*res = realloc(*res, sizeof(char*)*(x+1))
that is equivalent to
res[0] = realloc(res[0], sizeof(char*)*(x+1))
does not make a sense.
It always reallocates the first element of the array of pointers pointed to by the pointer res.
As a result the array pointed to by the pointer res has only one element allocated in main.
So this call strcpy
strcpy(res[x], tmp);
invokes undefined behavior at least when x is not equal to 0.
Pay attention to that if you want to change the pointer ptr declared in main within the function split_text then you need to pass it to the function by reference. That is the third parameter of the function should be declared like
int split_text(char * text, char * token, char *** res);
As for the function definition then you need to allocate memory for a pointer for each new element and also to allocate a character array pointed to by the pointer where a substring will be copied.

Related

Valgrind: mark memory as read only

Is there a straight forward way to mark a memory region temporarily as "Read Only" in valgrind, similar to VALGRIND_MAKE_MEM_NOACCESS?
As an Example:
==942339== Memcheck, a memory error detector
==942339== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==942339== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==942339== Command: ./a.out
==942339==
==942339== Invalid read of size 4
==942339== at 0x40085C: main (example.c:10)
==942339== Address 0x1ffeffe724 is 0 bytes inside a READING IS ALLOWED IN THIS BLOCK of size 4 client-defined
==942339== at 0x4007E0: main (example.c:7)
==942339==
==942339== Invalid read of size 4
==942339== at 0x400862: main (example.c:11)
==942339== Address 0x1ffeffe724 is 0 bytes inside a READING IS ALLOWED IN THIS BLOCK of size 4 client-defined
==942339== at 0x4007E0: main (example.c:7)
==942339==
==942339== Invalid write of size 4
==942339== at 0x400868: main (example.c:11)
==942339== Address 0x1ffeffe724 is 0 bytes inside a READING IS ALLOWED IN THIS BLOCK of size 4 client-defined
==942339== at 0x4007E0: main (example.c:7)
==942339==
==942339== Invalid read of size 4
==942339== at 0x400A31: main (example.c:18)
==942339== Address 0x1ffeffe724 is 0 bytes inside a READING AND WRITING IS FORBIDDEN IN THIS BLOCK of size 4 client-defined
==942339== at 0x4009B5: main (example.c:15)
==942339==
==942339== Invalid read of size 4
==942339== at 0x400A37: main (example.c:19)
==942339== Address 0x1ffeffe724 is 0 bytes inside a READING AND WRITING IS FORBIDDEN IN THIS BLOCK of size 4 client-defined
==942339== at 0x4009B5: main (example.c:15)
==942339==
==942339== Invalid write of size 4
==942339== at 0x400A3D: main (example.c:19)
==942339== Address 0x1ffeffe724 is 0 bytes inside a READING AND WRITING IS FORBIDDEN IN THIS BLOCK of size 4 client-defined
==942339== at 0x4009B5: main (example.c:15)
==942339==
==942339==
==942339== HEAP SUMMARY:
==942339== in use at exit: 0 bytes in 0 blocks
==942339== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==942339==
==942339== All heap blocks were freed -- no leaks are possible
==942339==
==942339== For lists of detected and suppressed errors, rerun with: -s
==942339== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)
But don't want the first 2 errors of this report to be considered errors.
The example code:
#include "memcheck.h"
int main(int argc, char **argv) {
int a = 10;
int b =0;
int valgrind_handle = VALGRIND_CREATE_BLOCK(&a, sizeof(a),
"READING IS ALLOWED IN THIS BLOCK");
VALGRIND_MAKE_MEM_NOACCESS(&a, sizeof(a));
b=a;// allowed to read a
a++;// forbidden to write a
VALGRIND_MAKE_MEM_DEFINED(&a, sizeof(a));
a++;// allowed
VALGRIND_DISCARD(valgrind_handle);
valgrind_handle = VALGRIND_CREATE_BLOCK(&a, sizeof(a),
"READING AND WRITING IS FORBIDDEN IN THIS BLOCK");
VALGRIND_MAKE_MEM_NOACCESS(&a, sizeof(a));
b=a;// forbidden
a++;// forbidden
VALGRIND_MAKE_MEM_DEFINED(&a, sizeof(a));
VALGRIND_DISCARD(valgrind_handle);
return 0;
}
Is there a better way than manually post-process the output to filter the unwanted errors based on the given block-names?

C: pass to function an array of structure pointers to be reallocated dynamically each time

I should dynamically allocate an array of pointers to structure, passing from time to time parameters for a single structure.
sorry if I can not explain, here is the code
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
typedef struct _DROP_DOWN_MENU_LABELS
{
char *title;
char **items;
} MenuLabels;
MenuLabels ** ml_init(void)
{
MenuLabels **ml;
ml=(MenuLabels **)calloc(2,sizeof(MenuLabels*));
ml[1]=NULL;
return ml;
}
void addit(MenuLabels **mlabels, char *title, char *elems,...)
{
int j;
for (j=0; mlabels[j]!=NULL ; j++ );
printf("\n\nCHECK:MenuLabels has %d menu",j);
mlabels=(MenuLabels **)realloc(mlabels,(j+2)*sizeof(MenuLabels*));
mlabels[j]=(MenuLabels *)malloc(1*sizeof(MenuLabels));
mlabels[j+1]=NULL;
mlabels[j]->title=title;
/*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
int i=0;
char **mitems=NULL;
mitems=(char **)malloc(sizeof(char*));
mitems[i]=elems;
va_list argP;
va_start(argP, elems);
char *p;
for (i=1; ((p=va_arg(argP,char*)) !=NULL) ; i++ )
{
mitems=(char **)realloc(mitems,(i+1)*sizeof(char*));
mitems[i]=p;
}
if (!p)
{
mitems=(char **)realloc(mitems,(i+1)*sizeof(char*));
mitems[i]=NULL;
}
va_end(argP);
/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
mlabels[j]->items=mitems;
}
int main()
{
MenuLabels **ml;
ml=ml_init();
addit(ml,"FILE","new","open","save","backup","print","setup","exit",NULL);
addit(ml,"AFILE","Anew","Asave","Abackup","Aexit",NULL);
addit(ml,"BFILE","Bnew","Bopen","Bsave","Bprint","Bexit",NULL);
free(ml);
fprintf(stdout,"\n\033[1;91m***END***\033[0m\n");
return 0;
}
starting the program seems to be executed without errors:
CHECK:MenuLabels has 0 menu
CHECK:MenuLabels has 1 menu
CHECK:MenuLabels has 2 menu
***END***
Process returned 0 (0x0) execution time : 0.001 s
Press ENTER to continue.
but checking with valgrind:
==5572== Memcheck, a memory error detector
==5572== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5572== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==5572== Command: ./prove
==5572==
==5572== Invalid read of size 8
==5572== at 0x400812: addit (main.c:26)
==5572== by 0x400B27: main (main.c:75)
==5572== Address 0x5204040 is 0 bytes inside a block of size 16 free'd
==5572== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x400855: addit (main.c:29)
==5572== by 0x400AF1: main (main.c:74)
==5572== Block was alloc'd at
==5572== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x40075C: ml_init (main.c:15)
==5572== by 0x400AB0: main (main.c:73)
==5572==
CHECK:MenuLabels has 0 menu
==5572== Invalid free() / delete / delete[] / realloc()
==5572== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x400855: addit (main.c:29)
==5572== by 0x400B27: main (main.c:75)
==5572== Address 0x5204040 is 0 bytes inside a block of size 16 free'd
==5572== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x400855: addit (main.c:29)
==5572== by 0x400AF1: main (main.c:74)
==5572== Block was alloc'd at
==5572== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x40075C: ml_init (main.c:15)
==5572== by 0x400AB0: main (main.c:73)
==5572==
==5572== Invalid write of size 8
==5572== at 0x400882: addit (main.c:31)
==5572== by 0x400B27: main (main.c:75)
==5572== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==5572==
==5572==
==5572== Process terminating with default action of signal 11 (SIGSEGV)
==5572== Access not within mapped region at address 0x0
==5572== at 0x400882: addit (main.c:31)
==5572== by 0x400B27: main (main.c:75)
==5572== If you believe this happened as a result of a stack
==5572== overflow in your program's main thread (unlikely but
==5572== possible), you can try to increase the size of the
==5572== main thread stack using the --main-stacksize= flag.
==5572== The main thread stack size used in this run was 8388608.
CHECK:MenuLabels has 0 menu==5572==
==5572== HEAP SUMMARY:
==5572== in use at exit: 112 bytes in 4 blocks
==5572== total heap usage: 14 allocs, 10 frees, 1,392 bytes allocated
==5572==
==5572== 16 bytes in 1 blocks are definitely lost in loss record 2 of 4
==5572== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x400881: addit (main.c:31)
==5572== by 0x400B27: main (main.c:75)
==5572==
==5572== 96 (16 direct, 80 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
==5572== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5572== by 0x400855: addit (main.c:29)
==5572== by 0x400AF1: main (main.c:74)
==5572==
==5572== LEAK SUMMARY:
==5572== definitely lost: 32 bytes in 2 blocks
==5572== indirectly lost: 80 bytes in 2 blocks
==5572== possibly lost: 0 bytes in 0 blocks
==5572== still reachable: 0 bytes in 0 blocks
==5572== suppressed: 0 bytes in 0 blocks
==5572==
==5572== For counts of detected and suppressed errors, rerun with: -v
==5572== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
./run_valgrind: riga 4: 5572 Errore di segmentazione (core dump creato) valgrind --leak-check=full --track-origins=yes --tool=memcheck ./prove
and in fact if I try to extract any value from ml at the end (eg ml[n]-> title) it goes into segmentation fault
what am I doing wrong? thank you all in advance

Here's one problem:
char **mitems;
// ... assuming there's a mitems = malloc(...) or similar here...
mlabels[j]->items=mitems;
free(mitems);
Here you have a a pointer, you make it point to some memory you allocate, you copy the pointer (so you have two pointers pointing to the same memory) and then you free the memory that both pointers are pointing to.
The free call makes not only mitems invalid, but also mlabels[j]->items.

I solved ... here is the code:
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
typedef struct s_drop_down_menu_labels
{
char *title;
char **items;
} MenuLabels;
MenuLabels ** ml_init(void)
{
MenuLabels **ml;
ml=(MenuLabels **)calloc(2,sizeof(MenuLabels*));
ml[1]=NULL;
return ml;
}
void addit(MenuLabels ***mlabels, char *title, char *elems,...)
{
int j;
for (j=0; (*mlabels)[j]!=NULL ; j++ );
printf("\n\nCHECK:MenuLabels has %d menu",j);
*mlabels=(MenuLabels **)realloc(*mlabels,(j+2)*sizeof(MenuLabels*));
(*mlabels)[j]=(MenuLabels *)malloc(1*sizeof(MenuLabels));
(*mlabels)[j+1]=NULL;
(*mlabels)[j]->title=title;
/*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
int i=0;
char **mitems=NULL;
mitems=(char **)malloc(sizeof(char*));
mitems[i]=elems;
va_list argP;
va_start(argP, elems);
char *p;
for (i=1; ((p=va_arg(argP,char*)) !=NULL) ; i++ )
{
mitems=(char **)realloc(mitems,(i+1)*sizeof(char*));
mitems[i]=p;
}
if (!p)
{
mitems=(char **)realloc(mitems,(i+1)*sizeof(char*));
mitems[i]=NULL;
}
va_end(argP);
/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
(*mlabels)[j]->items=mitems;
free(mitems);
}
int main()
{
MenuLabels **ml;
ml=ml_init();
addit(&ml,"FILE","new","open","save","backup","print","setup","exit",NULL);
addit(&ml,"AFILE","Anew","Asave","Abackup","Aexit",NULL);
addit(&ml,"BFILE","Bnew","Bopen","Bsave","Bprint","Bexit",NULL);
addit(&ml,"CFILE","Cnew","Copen","Csave","Cbackup","Cprint","Csetup","Cexit",NULL);
addit(&ml,"DFILE","Dnew","Dsave","Dbackup","Dexit",NULL);
addit(&ml,"EFILE","Enew","Eopen","Esave","Eprint","Eexit",NULL);
printf("\n**********CHECK: %s",ml[3]->title);
for (int i=0;ml[i]!=NULL ;i++ )
free(ml[i]);
fprintf(stdout,"\n\033[1;91m***END***\033[0m\n");
return 0;
}
#Some_programmer_dude, if not free mitems then there will be no more accessible memory allocated ...thank you all

C program adding node to end of linkedlist facing invalid write of size error when testing with valgrind

I'm a newbie in c, when I'm writing a toy program of adding node to a linked list, which is as follows:
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
typedef struct myToken {
char name[64];
struct myToken *next;
} tokenList;
typedef struct myAnagram {
char name[64];
tokenList *firstToken;
struct myAnagram *next;
} anagramList;
void addtoken (anagramList** cur_token, char *new_token){
anagramList* new_node = (anagramList*)malloc(sizeof(anagramList*));
if (new_node == NULL){
fprintf(stderr, "Unable to allocate memory for new node\n");
exit(1);
}
anagramList *end = *cur_token;
strcpy(new_node -> name,new_token);
new_node -> next = NULL;
if (*cur_token == NULL){
*cur_token = new_node;
}else{
while(1){
if (end -> next == NULL){
end -> next = new_node;
break;
}
end = end -> next;
}
}
}
void print_anagram (anagramList *cur_token){
while (cur_token != NULL){
printf("%s\n",cur_token -> name);
cur_token = cur_token -> next;
}
}
int main () {
int counts[26];
char str[65];
anagramList* head = NULL;
while (scanf("%64s",str) != EOF) {
addtoken(&head,str);
}
print_anagram(head);
return 0;
}
When I read from stdin, it works just fine and gives right output, when I'm testing with valgrind, message appears:
$ valgrind ./anagrams
==11722== Memcheck, a memory error detector
==11722== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==11722== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==11722== Command: ./anagrams)
==11722==
hello
==11722== Invalid write of size 8
==11722== at 0x4007DC: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722== Address 0x5200088 is 8 bytes before an unallocated block of size 4,194,128 in arena "client"
==11722==
hi
==11722== Invalid read of size 8
==11722== at 0x400801: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722== Address 0x5200088 is 8 bytes before a block of size 8 alloc'd
==11722== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11722== by 0x400786: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722==
==11722== Invalid write of size 8
==11722== at 0x400812: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722== Address 0x5200088 is 8 bytes before a block of size 8 alloc'd
==11722== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11722== by 0x400786: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722==
ok
==11722== Invalid read of size 8
==11722== at 0x40081C: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722== Address 0x5200088 is 8 bytes before a block of size 8 alloc'd
==11722== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11722== by 0x400786: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722==
bye
you
hello
==11722== Invalid read of size 8
==11722== at 0x400846: print_anagram (in anagrams)
==11722== by 0x4008BD: main (in anagrams)
==11722== Address 0x5200088 is 8 bytes before a block of size 8 alloc'd
==11722== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11722== by 0x400786: addtoken (in anagrams)
==11722== by 0x400893: main (in anagrams)
==11722==
hi
ok
bye
you
==11722==
==11722== HEAP SUMMARY:
==11722== in use at exit: 40 bytes in 5 blocks
==11722== total heap usage: 5 allocs, 0 frees, 40 bytes allocated
==11722==
==11722== LEAK SUMMARY:
==11722== definitely lost: 40 bytes in 5 blocks
==11722== indirectly lost: 0 bytes in 0 blocks
==11722== possibly lost: 0 bytes in 0 blocks
==11722== still reachable: 0 bytes in 0 blocks
==11722== suppressed: 0 bytes in 0 blocks
==11722== Rerun with --leak-check=full to see details of leaked memory
==11722==
==11722== For counts of detected and suppressed errors, rerun with: -v
==11722== ERROR SUMMARY: 30 errors from 5 contexts (suppressed: 0 from 0)
I really have no idea why the valgrind test fail and I haven't figure out a better way to test which part of my addtoken function has went wrong.
Any ideas? Any help would be greatly appreciated!

Well, I definitely have an idea of what is wrong:
anagramList* new_node = (anagramList*)malloc(sizeof(anagramList*));
here you allocate only a pointer but not the node itself. Do:
anagramList* new_node = malloc(sizeof(anagramList));
Note: casting the result of malloc is not advised.
Note on style: in e.g. end -> next the spaces are not customary. Just write end->next

Read in Words from Text File and Store into Dynamic Array Valgrind Errors in C

I'm trying to read in words from a text file in C using fscanf and putthem into a dynamically allocated array. However, I keep getting errors in Valgrind and (null) characters seem to be popping up in my output. I create a double pointer **str_array to hold each character array and initially allocate enough space for 4 character arrays. fscanf runs and stores the read in string into str[] and I use strcpy to copy str[]'s string into str_array. I realloc memory if str_array needs to hold more strings.
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
char str[80];
int word_alloc = 0;
int word_count = 0;
char **str_array;
FILE *file;
file = fopen(argv[1], "r");
// Allocate memory to the array of strings (char arrays)
word_alloc = 4;
str_array = (char **) malloc(sizeof(char*) * word_alloc);
while (fscanf(file, "%s", str) != EOF) {
// If there are more than 4 strings, double size
if (word_count > word_alloc) {
word_alloc *= 2;
str_array = (char **) realloc(str_array, sizeof(char*) * word_alloc);
}
str_array[word_count] = (char *) malloc(sizeof(char) * (strlen(str) + 1));
strcpy(str_array[word_count], str);
++word_count;
}
int i = 0;
for (; i<word_count; i++) {
printf("Word: %s\n", str_array[i]);
}
i = 0;
for (; i<word_count; i++) {
free(str_array[word_count]);
}
free(str_array);
fclose(file);
return 0;
}
Here's the Valgrind error code.
==6254== Memcheck, a memory error detector
==6254== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==6254== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==6254== Command: ./a.out readin-test.txt
==6254==
==6254== Invalid write of size 8
==6254== at 0x4008A6: main (readin-test.c:25)
==6254== Address 0x51fc2e0 is 0 bytes after a block of size 32 alloc'd
==6254== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6254== by 0x400835: main (readin-test.c:16)
==6254==
==6254== Invalid read of size 8
==6254== at 0x4008C0: main (readin-test.c:26)
==6254== Address 0x51fc2e0 is 0 bytes after a block of size 32 alloc'd
==6254== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6254== by 0x400835: main (readin-test.c:16)
==6254==
==6254== Conditional jump or move depends on uninitialised value(s)
==6254== at 0x4C2BDA2: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6254== by 0x40094A: main (readin-test.c:37)
==6254== Uninitialised value was created by a heap allocation
==6254== at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6254== by 0x400871: main (readin-test.c:22)
==6254==
==6254==
==6254== HEAP SUMMARY:
==6254== in use at exit: 999 bytes in 173 blocks
==6254== total heap usage: 181 allocs, 8 frees, 5,631 bytes allocated
==6254==
==6254== 999 bytes in 173 blocks are definitely lost in loss record 1 of 1
==6254== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6254== by 0x4008A5: main (readin-test.c:25)
==6254==
==6254== LEAK SUMMARY:
==6254== definitely lost: 999 bytes in 173 blocks
==6254== indirectly lost: 0 bytes in 0 blocks
==6254== possibly lost: 0 bytes in 0 blocks
==6254== still reachable: 0 bytes in 0 blocks
==6254== suppressed: 0 bytes in 0 blocks
==6254==
==6254== For counts of detected and suppressed errors, rerun with: -v
==6254== ERROR SUMMARY: 186 errors from 4 contexts (suppressed: 0 from 0)

You have an error in the free loop:
i = 0;
for (; i<word_count; i++) {
free(str_array[word_count]);
}
The array index should be i, not word_count.

Create string.out from string.in in C

I want to read in from the arguments a file with a name of format filename.in and output a file with the exact same filename but with .out extension instead of .in (filename.out). The key is that filename can be anything.
This code compiles correctly and does the job I want, but when I run it with valgrind I get a bunch of errors. Can anyone tell me what's causing the errors?
int main(int argc, char * argv[])
{
int i, dotIndex;
char extOut[] = ".out";
char *filenameIn, *filenameOut, *aux;
FILE *fpIn, *fpOut;
filenameIn = argv[1];
aux = strchr(filenameIn, '.');
dotIndex = aux - filenameIn;
aux = (char *)malloc((strlen(filenameIn) - 1)*sizeof(char));
for(i = 0; i < dotIndex; i++)
aux[i] = filenameIn[i];
filenameOut = (char *)malloc((strlen(aux) + 5)*sizeof(char));
strcat(aux, extOut);
strcpy(filenameOut, aux);
/* open input file */
fpIn = fopen(filenameIn,"r");
if(fpIn == NULL) {
printf("Open error of input file\n");
exit(2);
}
/* open output file */
fpOut = fopen(filenameOut,"w");
if(fpOut == NULL) {
printf("Open error of output file\n");
exit(3);
}
fclose(fpOut);
fclose(fpIn);
free(aux);
free(filenameOut);
exit(0);
}
The valgrind report:
Command: ./doorsmaze text.in
==3493==
==3493== Invalid write of size 1
==3493== at 0x402C36B: strcat (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x80487AB: main (main.c:64)
==3493== Address 0x41ef02e is 0 bytes after a block of size 6 alloc'd
==3493== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x8048716: main (main.c:55)
==3493==
==3493== Invalid write of size 1
==3493== at 0x402C390: strcat (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x80487AB: main (main.c:64)
==3493== Address 0x41ef030 is 2 bytes after a block of size 6 alloc'd
==3493== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x8048716: main (main.c:55)
==3493==
==3493== Invalid read of size 1
==3493== at 0x402C6C5: strcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x80487BF: main (main.c:65)
==3493== Address 0x41ef02e is 0 bytes after a block of size 6 alloc'd
==3493== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x8048716: main (main.c:55)
==3493==
==3493==
==3493== HEAP SUMMARY:
==3493== in use at exit: 0 bytes in 0 blocks
==3493== total heap usage: 4 allocs, 4 frees, 719 bytes allocated
==3493==
==3493== All heap blocks were freed -- no leaks are possible
==3493== Command: ./doorsmaze text.in
==3493==
==3493== Invalid write of size 1
==3493== at 0x402C36B: strcat (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x80487AB: main (main.c:64)
==3493== Address 0x41ef02e is 0 bytes after a block of size 6 alloc'd
==3493== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x8048716: main (main.c:55)
==3493==
==3493== Invalid write of size 1
==3493== at 0x402C390: strcat (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x80487AB: main (main.c:64)
==3493== Address 0x41ef030 is 2 bytes after a block of size 6 alloc'd
==3493== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x8048716: main (main.c:55)
==3493==
==3493== Invalid read of size 1
==3493== at 0x402C6C5: strcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x80487BF: main (main.c:65)
==3493== Address 0x41ef02e is 0 bytes after a block of size 6 alloc'd
==3493== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3493== by 0x8048716: main (main.c:55)
==3493==
==3493==
==3493== HEAP SUMMARY:
==3493== in use at exit: 0 bytes in 0 blocks
==3493== total heap usage: 4 allocs, 4 frees, 719 bytes allocated
==3493==
==3493== All heap blocks were freed -- no leaks are possible
==3493==
==3493== For counts of detected and suppressed errors, rerun with: -v
==3493== ERROR SUMMARY: 6 errors from 3 contexts (suppressed: 0 from 0)
==3493== For counts of detected and suppressed errors, rerun with: -v
==3493== ERROR SUMMARY: 6 errors from 3 contexts (suppressed: 0 from 0)

You have some issues in your code
You might not get the last . in the filename
aux = strchr(filenameIn, '.');
better use strrchr. You should also check for NULL, just in case the filename doesn't include an extension.
You allocate memory large enough to hold filename.in (excluding the nul byte)
aux = (char *)malloc((strlen(filenameIn) - 1)*sizeof(char));
You do your own version of strncpy(aux, filenameIn, dotIndex)
for(i = 0; i < dotIndex; i++)
aux[i] = filenameIn[i];`
You write beyond the allocated buffer, because you miss the space for the last character plus the nul byte
strcat(aux, extOut);
To fix this, you must allocate enough memory, which is the length of filename.in plus 1 char ("out" is one longer than "in") plus nul byte
aux = (char *)malloc((strlen(filenameIn) + 2)*sizeof(char));

Resources