The problem should be simple, but I have spent hours on this and cannot see what is wrong in my logic. The output works as it should, but Valgrind prints memory issues that should be fixed. I have added the origdest = (char*)realloc(origdest, strlen(origdest) + i * sizeof(char)); code to the while loop, my question is why doesn't this dynamically adjust the memory? The exact error given by Valgrind is
==9== Invalid write of size 1
==9== at 0x1087E2: mystrcat (mystrcat.c:18)
==9== by 0x10883C: main (mystrcat.c:34)
==9== Address 0x522d046 is 6 bytes inside a block of size 7 free'd
==9== at 0x4C31D2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9== by 0x1087C2: mystrcat (mystrcat.c:17)
==9== by 0x10883C: main (mystrcat.c:34)
==9== Block was alloc'd at
==9== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9== by 0x108811: main (mystrcat.c:31)
char *mystrcat(char *dest, const char *src)
{
char *origdest = dest;
while(*dest) {
dest++;
}
int i = 1;
while (*src) {
origdest = (char*)realloc(origdest, strlen(origdest) + i * sizeof(char));
*dest++ = *src++; // Copies character and increases/moves pointer
i++;
}
*dest = 0;
return origdest;
}
int main(void)
{
char *str = malloc(7);
strcpy(str, "Mydogs");
str = mystrcat(str, "arecool");
printf("%s\n", str);
free(str);
}
This statement:
Address 0x522d046 is 6 bytes inside a block of size 7 free'd is saying that the realloc() called following these statements results in the old pointer pointing to freed memory.
after this segment:
char *origdest = dest;
while(*dest) {
dest++;
}
EDIT to address comment "what is specifically wrong with the code and what could be changed to make it work?"
The explanation of my first observation above is that once the pointer to allocated memory is moved, as you have done, the memory allocation tables no longer have an accurate location of that memory, making that memory un-freeable.
Your stated goal here is to create a version of strcat(), so using realloc() is a reasonable approach, but to use it safely allocate the new memory into a temporary buffer first, then if allocation fails, the original memory location still exists, and can be freed.
One other small change that makes a big difference is how i is initialized. If 1 is used, it places the beginning of the second string one extra position further in memory, leaving a \0 character just after the first string, effectively making it the end of the resultant string. i.e. you would never see the appended part of the string:
In memory it would look like this:
|M|y|d|o|g|s|\0|a|r|e|c|o|o|l|
Then over-flow your buffer when attempting to place another NULL terminator at the and of the concatenated buffer, resulting in undefined behavior.
The following adaptation of your code illustrates these, along with some other simplifications:
char *mystrcat(char *dest, const char *src)
{
char *temp = NULL;
int i = 0;//changed from i = 1 as first location to
//copy to is len1, not len1 + 1
//Note, starting at len1 + 1 would leave a NULL character
//after "Mydogs", effectively ending the string
//the following are simplifications for use in realloc()
int len1 = strlen(dest);
int len2 = strlen(src);
//call once rather than in a loop. It is more efficient.
temp = realloc(dest, len1+len2+1);//do not cast return of realloc
if(!temp)
{
//handle error
return NULL;
}
dest = temp;
while(*src)
{
dest[len1 + i] = *src;
i++;
src++;
}
dest[len1 + i] = 0;//add null terminator
return dest;
}
int main(void)
{
char *temp = NULL;
char *str = malloc(7);
if(str)//always a good idea to test pointer before using
{
strcpy(str, "Mydogs");
temp = mystrcat(str, "arecool");
if(!temp)
{
free(str);
printf("memory allocation error, leaving early");
return 0;
}
str = temp;
printf("%s\n", str);
free(str);
}
return 0;
}
Why it is not correct to cast the return of c-m-realloc() in C.
Here you move to the end of the original string:
while(*dest)
dest++;
Here you allocate some new memory, but dest still points to the end of the original string. So you are overwriting memory after the end of the original string. Since you are reallocating, the original string may not even exist anymore at the previous location you are writing to, because realloc can move the data to a completely new location.
while (*src)
{
origdest = (char*)realloc(origdest, strlen(origdest) + i * sizeof(char));
*dest++ = *src++; // Copies character and increases/moves pointer
i++;
}
Related
Question : https://leetcode.com/problems/find-and-replace-in-string/
"""
char * findReplaceString(char * s, int* indices, int indicesSize, char ** sources, int
sourcesSize, char ** targets, int targetsSize){
int len = strlen(s);
char *copyS;
char *copy = (char*) malloc(sizeof(char)*len);
memcpy(copy, s, sizeof(char)*len);
copyS = copy;
int x = indicesSize-1;
int indexArr[1001] = {0};
int y;
for(int j=0; j<indicesSize; j++)
{
indexArr[indices[j]] = j;
}
qsort(indices, indicesSize, sizeof(int), cmp);
while((x >= 0))
{
y = indexArr[indices[x]];
copy = copyS+(indices[x]);
if(!(strncmp(copy, sources[y], strlen(sources[y]))))
{
copy = (char *)realloc(copy, sizeof(char)*(sizeof(copy) + sizeof(targets[y])));
strcpy(copy, targets[y]);
}
x--;
}
return copyS;
}
I am getting a runtime error due to the use of realloc. I was trying to modify the input string 's'. Got a runtime error due to realloc: Trying to free memory that was not malloced.
So I malloced new string pointer , *copy. Still getting same error when I use realloc on copy
There are several problems with the code.
For starters it is unclear whether the dynamically allocated array pointed to by the pointer copy shall contain a string or not.
If it shall contain a string then instead of
char *copy = (char*) malloc(sizeof(char)*len);
memcpy(copy, s, sizeof(char)*len);
you need to write
char *copy = (char*) malloc(sizeof(char)*( len + 1 ));
memcpy(copy, s, sizeof(char)*( len + 1 ));
Also it is unclear why there is used the magic number 1001 in this declaration
int indexArr[1001] = {0};
The pointer copyS was assigned with the address of the initially allocated memory
char *copyS;
char *copy = (char*) malloc(sizeof(char)*len);
memcpy(copy, s, sizeof(char)*len);
copyS = copy;
but then you are trying to reallocate the memory
copy = (char *)realloc(copy, sizeof(char)*(sizeof(copy) + sizeof(targets[y])));
As a result the pointer copyS can have an invalid value. And this pointer with an invalid value is returned from the function
return copyS
In turn the pointer copy is changed within the while loop
while((x >= 0))
{
y = indexArr[indices[x]];
copy = copyS+(indices[x]);
//..
So after such an assignment it does not point to the previously allocated memory extent. Hence using the pointer in the call of realloc
copy = (char *)realloc(copy, sizeof(char)*(sizeof(copy) + sizeof(targets[y])));
invokes undefined behavior.
And again this statement
copy = copyS+(indices[x]);
also invokes undefined behavior because after the memory reallocation the pointer copyS can be invalid.
Once you do this
copy = copyS+(indices[x]);
you can no longer use 'copy' as an argument to realloc or free. The pointer you pass to these functions must be the value returned by a prior malloc or realloc (or calloc)
Save the original 'copy' in a variable like 'originalCopy'
Trying to improve my C skills. This program should take a string and strip it of whitespace.
I'm aware I've made two calls to malloc but have only called free once. Have I thus got some unfreed memory somewhere, or because I assign the original pointer to the new memory, does it all vanish in the one free call I do make?
Thanks!
static void foo() {
char *string_to_change = malloc(sizeof(char) * 256);
strcpy(string_to_change, "my test");
printf("Before: %s\n", string_to_change); // "my test"
strip_whitespace(&string_to_change);
printf("After: %s\n", string_to_change); // "mytest"
free(string_to_change);
}
static void strip_whitespace(char **ptr) {
char *res = malloc(strlen(*ptr));
if (res == NULL)
exit_with_error(NULL_POINTER);
int current_pos = 0;
for (int i = 0; i < strlen(*ptr); i++) {
if (((*ptr)[i] == ' ') || ((*ptr)[i] == '\n' && ((*ptr)[i-1] == '\n' || (*ptr)[i+1] == '\0'))) {
continue;
}
res[current_pos] = (*ptr)[i];
current_pos++;
}
res[current_pos] = '\0';
*ptr = res;
}
You have a leak here:
*ptr = res;
Prior to this line, *ptr points to an allocated block of memory. You then assign to it the starting address of another allocated block, meaning the original pointer is lost. You should free right before this line:
free(*ptr);
*ptr = res;
Also, this allocation is potentially too little:
char *res = malloc(strlen(*ptr));
If *ptr contains no spaces to strip, res won't have enough memory to hold the terminating null byte. You'll need to add 1 to this.
char *res = malloc(strlen(*ptr) + 1);
KISS principle means we should write code as simple as possible, not as complex as possible. That is:
Don't mix up allocation and algorithm in a single unholy mess. Use caller allocation if possible.
Don't use dynamic allocation unless there's an obvious need for it.
It's usually a good idea to regard strings as "immutable" and not make in-place modifications to them unless there's specific requirements for that.
Avoid pointer-to-pointer and weird arithmetic on pointer-to-pointers.
The presence of continue in C programs is almost a dead certain indication of a needlessly complex loop.
Don't re-invent the wheel. There's ctype.h.
If we are to implement this with caller allocation, the code boils down to something compact and easy to read like:
void strip_spaces (char* dst, const char* src)
{
while(*src != '\0')
{
if(!isspace(*src))
{
*dst = *src;
dst++;
}
src++;
}
*dst = '\0';
}
Complete program:
#include <ctype.h>
#include <stdio.h>
void strip_spaces (char* dst, const char* src)
{
while(*src != '\0')
{
if(!isspace(*src)) // if not string
{
*dst = *src; // then copy
dst++;
}
src++;
}
*dst = '\0';
}
int main (void)
{
char str[] = " weird \n\r string contain ing spac\tes\n";
char stripped[128];
strip_spaces(stripped, str);
puts(stripped);
}
Indeed, there is a memory leak inside your code.
Let's say your first call to malloc allocate memory at address 0x0010 and your second call allocate memory at address 0x0100. Your free call will effectively free the memory at address string_to_change which is 0x0100 but nothing tells the compiler to free the memory at 0x0010.
Usually, you really have to have as many free calls as malloc calls.
I am having trouble trying to implement a custom strcpy function which is supposed to handle cases where the src string is larger than the destination string. Here I have provided some code so that you guys can see the entire function. My issue is that every time I increment *dest, it goes into a null address despite the fact that I have allocated enough memory to fit all of src in it. This causes the a segmentation fault in (double pointer)dest = *src. dest is stored as a char** because in reality, the argument that has to be passed is another string that is possibly of a smaller size than src, and I wish to overwrite *dest as safely as I can.
int customStrCpy(char** dest, char* src){
int strlen1 = strlen(*dest), strlen2 = strlen(src);
if(strlen1 < strlen2){
//Creates a dynamically allocated array that is big enough to store the contents of line2.
*dest = calloc(strlen2, sizeof(char));
char* backup_str = *dest;
int copy_arrs;
for(copy_arrs = 0; copy_arrs < strlen2; copy_arrs++){
**dest = *src;
*dest++; src++;
}
*dest = backup_str;
}
else strcpy(*dest, src);
}
In the end, (char**)dest is supposed to be pointing to the correct string.
Usually strcpy returns char * for "direct" use in other operations.
char *mysStrCpy(char **dest, const char *src)
{
size_t len = strlen(src);
char *tmpptr;
*dest = malloc(len + 1);
// or *dest = realloc(*dest, len + 1);
if(*dest)
{
tmpptr = *dest;
while(*tmpptr++ = *src++);
}
return *dest;
}
You need to add 1 to the string length, to allow for the null terminator, and you should free the old contents of dest if you're allocating a new string. After you do this, you can do the same strcpy() as you do when you don't need to reallocate.
There's also no need for the int return type (unless you want to add error checking to malloc(), and return a status result). This function modifies an argument, it should be void.
void customStrCpy(char** dest, char* src){
int strlen1 = strlen(*dest), strlen2 = strlen(src);
if(strlen1 < strlen2){
free(*dest); // Free the old string
//Creates a dynamically allocated array that is big enough to store the contents of line2.
*dest = malloc(strlen2+1);
}
strcpy(*dest, src); // or memcpy(*dest, src, strlen2+1);
}
*dest++;
increments dest, not the pointer dest points to. You want:
(*dest)++;
ps: there are better ways to accomplish what you are after....
I have a malloced char *str.
char *str = strdup("first\nsecond\nthird\nfourth");
I have a matrix char **content.
char **content;
My objective is to cut str replacing '\n' by '\0' and put each first address after every '\0' in my matrix in order. The following code works:
int count_lines(char *str, char **content)
{
int len;
if (content)
content[0] = str;
len = 0;
while (str && *(str++))
{
if (*str && *(str - 1) == '\n')
{
len++;
if (content)
{
*(str - 1) = 0;
content[len] = str;
}
}
}
if (content)
content[len + 1] = 0;
return (len + 1);
}
void test()
{
char **content;
int lines;
lines = count_lines(str, NULL);
content = malloc(sizeof(char *) * (lines + 1));
count_lines(str, content);
}
Then, content[0] contains "first", contant[1] contains "second" and
[contant[2] contains "third" and contant[3] contains "fourth".
Now my problem is the following one: I got an error when I try to free from the first address. I dont know if what I do brokes the memory or idk.. Help please, how to free this if possible.
When you alloc() memory, the system keeps track of the size of the block you allocated - when freeing, the system frees the same amount was allocated.
So, if you use only one malloc(), you can free() only once - any pointer pointing into the area now freed, gets invalidated.
Hence, you need a free() for "str", and a free() for "content". After freeing str, all the pointers in "content" get invalid, but you must free "content" itself. Or, free "content" first and "str" later.
You have to malloc each of these words. 1 free == 1 malloc. Please paste the code where u try to free
Can I return an array that is created dynamically (using malloc) inside a function back to its caller?
I know that returning a statically allocated array is wrong because the stack unwinds as the function returns and variable is no longer valid but what about a dynamically allocated variable?
Returning anything allocated with malloc is fine, as long as whoever uses your function takes care of free()ing it when they're done. malloc allocates on the heap which is essentially global within your program.
As others have noted, you can in fact return a char pointer.
However, another common method is for the caller to pass in the pointer for the method to fill along with a length parameter. This makes it so the function responsible for allocating the memory will also be the same function responsible for freeing the memory, which can make memory leaks easier to see. This is what functions such as snprintf and strncpy do.
/* Performs a reverse strcpy. Returns number of bytes written if dst is
* large enough, or the negative number of bytes that would have been
* written if dst is too small too hold the copy. */
int rev_strcpy(char *dst, const char *src, unsigned int dst_len) {
unsigned int src_len = strlen(src); /* assumes src is in fact NULL-terminated */
int i,j;
if (src_len+1 > dst_len) {
return -(src_len+1); /* +1 for terminating NULL */
}
i = 0;
j = src_len-1;
while (i < src_len) {
dst[i] = src[j];
++i;
++j;
}
dst[src_len] = '\0';
return src_len;
}
void random_function() {
unsigned int buf_len;
char *buf;
int len;
const char *str = "abcdefg";
buf_len = 4;
buf = malloc(buf_len * sizeof(char));
if (!buf) {
/* fail hard, log, whatever you want */
return;
}
/* ...whatever randomness this function needs to do */
len = rev_strcpy(buf, str, buf_len);
if (len < 0) {
/* realloc buf to be large enough and try again */
free(buf);
buf_len = -len;
buf = malloc(buf_len * sizeof(buf));
if (!buf) {
/* fail hard, log, whatever you want */
return;
}
len = rev_strcpy(buf, str, sizeof(buf));
}
/* ... the rest of the randomness this function needs to do */
/* random_function has allocated the memory, random_function frees the memory */
free(buf);
}
This can lead to some overhead though if you don't know how big a buffer you'll need and need to call the function twice, but often the caller has a good idea to how large the buffer needs to be. Also it requires a little more logic to ensure the function doesn't overrun the given buffer. But it keeps the responsibility of freeing the memory with whatever is allocating the memory, while also allowing the option to pass local stack memory.
Example just returning the char*:
/* Performs a reverse strcpy. Returns char buffer holding reverse copy of
* src, or NULL if memory could not be allocated. Caller is responsible
* to free memory. */
char* rev_strcpy(const char *src) {
unsigned int src_len = strlen(src); /* assumes src is in fact NULL-terminated */
char *dst;
int i,j;
dst = malloc((src_len+1) * sizeof(char));
if (!dst) {
return NULL;
}
i = 0;
j = src_len-1;
while (i < src_len) {
dst[i] = src[j];
++i;
++j;
}
dst[src_len] = '\0';
return dst;
}
void random_function() {
char *buf;
const char *str = "abcdefg";
/* ...whatever randomness this function needs to do */
buf = rev_strcpy(str);
if (!buf) {
/* fail hard, log, whatever you want */
return;
}
/* ... the rest of the randomness this function needs to do */
/* random_function frees the memory that was allocated by rev_strcpy */
free(buf);
}
Yes you can. Just malloc() the array inside your function and return the pointer.
BUT, the caller needs to understand it needs to be freed at some point, or you'll have a memory leak.
You can certainly return an array allocated with malloc, but you have to make sure the caller of the function eventually releases the array with free; if you don't free a malloc'd array, the memory remains "in use" until program exit.