I have encountered a strange behavior of memory allocation with string-functions.
Note: right now i am told to ignore failure of the allocation operation.
My code is:
void string_reallocation(char *result, int result_length) {
char *temp_result = malloc((strlen(result) + 1) * sizeof(char));
strcpy(temp_result, result);
realloc(result, (result_length + 1) * sizeof(char));
strcpy(result, temp_result);
free(temp_result);
}
this function is called with iterations within a while loop:
while (current_node != NULL) {
current_value_to_string = current_node->toStringFunc(current_node->value);
current_value_length = (int) strlen(current_value_to_string);
current_length += current_value_length + arrow_length;
string_reallocation(result, current_length);
strcat(result, current_value_to_string);
strcat(result, arrow);
current_node = current_node->next;
}
current_node is of type Node as follows:
typedef struct t_node {
Element value;
struct t_node *next;
elementDestroy destroyFunc;
elementCopy copyFunc;
elementToString toStringFunc;
} *Node;
The thing is, for some reason, specifically on the third iteration the free(temp_result); fails with a segmentation fault.
I'm don't think that the while loop has anything to do with the segmentation fault but i put it here in case it does.
This is a biphasic solution, since you got to understand how to use realloc(), by checking on its prototype. Let's do just that first.
Change this:
realloc(result, (result_length + 1) * sizeof(char));
to this:
result = realloc(result, (result_length + 1) * sizeof(char));
since from the reference, we got for the prototype of this method:
Return value: A pointer to the reallocated memory block, which may be
either the same as ptr or a new location.
Now, think about the scope of your variables (pointers). As #whozCraig commented, result = (in the corrected realloc()) assigns a value to an automatic variable. The original result passed in caller-side is unchanged, and now dangling. This has to be handled with an in/out arg or a function return result.
So what you could do, is to simply return that pointer, by changing this:
void string_reallocation(char *result, int result_length) {
to that:
char* string_reallocation(char *result, int result_length) {
// ...
return result;
}
and then change the call to this function, to this:
result = string_reallocation(result, current_length);
Related
I try to use a new struct for a dynamic "MapNode"s array, yet the program crashes:
Unhandled exception at 0x000C191C in Astar.exe: 0xC0000005: Access violation reading location 0xCCCCCCCC.
I call the getConnectedNodesArray function, which calls the other two functions.
I know it's some kind of pointers problem.
When I used copies of the data instead of trying to point to existing data in MapNode map[][12] it worked.
Thanks.
typedef struct MapNode * MapNodePointer;
typedef struct MapNode{
int x;
int y;
int value;
int traversable;
double f;
double g;
double h;
MapNodePointer parentNode;
}MapNode;
typedef struct MapNodesArray{
MapNode* nodes;
int size;
}MapNodesArray;
void addNodeToEnd(MapNodesArray* arr, MapNode* p) {
arr->size++;
arr->nodes = realloc(arr->nodes, arr->size * sizeof(MapNode*));
(&(arr->nodes))[arr->size - 1] = p;
}
MapNodesArray* NewNodesArr() {
MapNode *first = realloc(NULL, 0 * sizeof(MapNode));
MapNodesArray temp = { first, 0 };
return &temp;
}
MapNodesArray* getConnectedNodesArray(MapNodePointer node, MapNode map[][12]) {
MapNodesArray* arr = NewNodesArr();
addNodeToEnd(&arr, &map[node->x - 1][node->y - 1]);
return arr;
}
You seem to fear indirection. Face it head-on and make sure you get exactly the amount you want:
typedef struct MapNode * MapNodePointer;
The above is a bad idea, because it hides the pointer-ness.
typedef struct MapNodesArray{
MapNode* nodes;
int size;
}MapNodesArray;
The above structure is no good for storing a dynmaic list of pointers to nodes. The nodes-member needs one more star: MapNode** nodes;
void addNodeToEnd(MapNodesArray* arr, MapNode* p) {
arr->size++;
arr->nodes = realloc(arr->nodes, arr->size * sizeof(MapNode*));
There's a better way to indicate the amount of memory you need: arr->size * sizeof *arr->nodes Always check for allocation failure. Bare-bones would be aborting the program. Insert here:
if(!arr->nodes) abort();
The compiler will rightfully complain about the next line now, just remove the address-of-operator:
(&(arr->nodes))[arr->size - 1] = p;
}
MapNodesArray* NewNodesArr() {
MapNode *first = realloc(NULL, 0 * sizeof(MapNode));
The above line could be replaced with MapNode* first = 0;
MapNodesArray temp = { first, 0 };
The above line defines an automatic variable, never return a pointer to that.
return &temp;
}
oops. Complete rewrite:
MapNodesArray* NewNodesArr() {
MapNodesArray temp* = malloc(sizeof *temp);
*temp = (MapNodesArray){ 0, 0 };
return temp;
}
Or even better:
MapNodesArray NewNodesArr() {
return (MapNodesArray){ 0, 0 };
}
Exactly how much memory do you think
MapNodesArray* NewNodesArr() {
MapNode *first = realloc(NULL, 0 * sizeof(MapNode));
MapNodesArray temp = { first, 0 };
return &temp;
}
will allocate? (hint: none at all.)
Also, you're returning a pointer to a local variable (via &temp). That thing dies with the function return.
Agree with what EOF has said, also the line
(&(arr->nodes))[arr->size - 1] = p;
in function addNodeToEnd, will be writing the address p in a memory location outside the the nodes array. This will lead to memory corruption.
to illustrate
say variable 'nodes' has a memory address 0x00000002 and you have assigned a memory location say 0x00000050 through the call to realloc. The statement above takes the offset (arr->size-1) from 0x00000002 instead of taking it from 0x00000050. This is because you are taking the address of nodes by using &. Something of the form
(arr->nodes)[arr->size - 1] = p;
will take the offset from 0x00000050 which is what you seem to be needing.
This question already has an answer here:
free char*: invalid next size (fast) [duplicate]
(1 answer)
Closed 8 years ago.
I know there are tons of other realloc questions and answers and I have read almost all of them, but I still couldn't manage to fix my problem.
I decided to stop trying when I accidentaly discovered a very strange behaviour of my code.
I introduced a line to try something, but although I don't use the value of newElems in main, the line changes the behaviour.
When the line is commented, the code fails at first realloc. Including the line, the first realloc works. (it still crashes on the second one).
Any ideas on what might be happening?
int main(int argc, char** argv) {
Pqueue q = pqueue_new(3);
Node a = {.name = "a"}, b = {.name = "b"},
c = {.name = "c"}, d = {.name = "d"};
push(& q, & a, 3);
// the next one is the strange line: as you can see, it doesn't modify q
// but commenting it out produces different behaviour
Pqueue_elem* newElems = realloc(q.elems, 4 * q.capacity * sizeof *newElems);
push(& q, & b, 5);
push(& q, & c, 4);
char s[5];
Node* n;
for (int i = 1; i <= 65; ++i) {
sprintf(s, "%d", i);
n = malloc(sizeof *n);
n->name = strdup(s);
push(& q, n, i);
}
Node* current = NULL;
while ((current = pop(& q))) {
printf("%s ", current->name);
}
return 0;
}
and the push function:
void push(Pqueue* q, Node* item, int priority) {
if (q->size >= q->capacity) {
if (DEBUG)
fprintf(stderr, "Reallocating bigger queue from capacity %d\n",
q->capacity);
q->capacity *= 2;
Pqueue_elem* newElems = realloc(q->elems,
q->capacity * sizeof *newElems);
check(newElems, "a bigger elems array");
q->elems = newElems;
}
// append at the end, then find its correct place and move it there
int idx = ++q->size, p;
while ((p = PARENT(idx)) && priority > q->elems[p].priority) {
q->elems[idx] = q->elems[p];
idx = p;
}
// after exiting the while, idx is at the right place for the element
q->elems[idx].data = item;
q->elems[idx].priority = priority;
}
The pqueue_new function:
Pqueue pqueue_new(unsigned int size) {
if (size < 4)
size = 4;
Pqueue* q = malloc(sizeof *q);
check(q, "a new queue.");
q->capacity = size;
q->elems = malloc(q->capacity * sizeof *(q->elems));
check(q->elems, "queue's elements");
return *q;
}
realloc will change the amount of memory that is allocated, if needed. It is also free to move the data to another place in memory if that's more efficient (avoiding memory fragmentation).
The function, then, returns a new pointer to the new location in memory where your data is hiding. You're calling realloc, and allocating (probably) four times as much memory as before, so it's very likely that that allocated memory is situated elsewhere in memory.
In your comment, you said realloc works like free + malloc. Well, in some cases it can behave similarly, however: realloc and free are different functions, that do different tasks. Both are functions that manage the dynamic memory, so yes, obviously there are similarities, and in the case of realloc, sometimes they can seem to be doing the same thing, however: As I explained here, realloc and free are fundamentally different functions
However, by not assigning the return value of realloc to q.elems, you're left with a pointer to a memory address that is no longer valid. The rest of your program can, and probably does, exhibit signs of undefined behaviour, then.
Unless you show some more code, I suspect this will take care of the problem:
//change:
Pqueue_elem* newElems = realloc(q.elems, 4 * q.capacity * sizeof *newElems);
//to
q.elems = realloc(q.elems, 4 * q.capacity * sizeof *newElems);
Or better yet, check for NULL pointers:
Pqueue_elem* newElems = realloc(q.elems, 4 * q.capacity * sizeof *newElems);
if (newElems == NULL)
exit( EXIT_FAILURE );// + fprintf(stderr, "Fatal error...");
q.elems = newElems;//<-- assign new pointer!
Looking at your pqueue_new function, I would suggest a different approach. Have it return the pointer to Pqueue. You're working with a piece of dynamic memory, treat it accordingly, and have your code reflect that all the way through:
Pqueue * pqueue_new(size_t size)
{//size_t makes more sense
if (size < 4)
size = 4;
Pqueue* q = malloc(sizeof *q);
check(q, "a new queue.");
q->capacity = size;
q->elems = malloc(q->capacity * sizeof *(q->elems));
check(q->elems, "queue's elements");
return q;
}
Alternatively, pass the function a pointer to a stack variable:
void pqueue_new(Pqueue *q, size_t size)
{
if (q == NULL)
{
fprintf(stderr, "pqueue_new does not do NULL pointers, I'm not Chuck Norris");
return;//or exit
}
if (size < 4)
size = 4;
check(q, "a new queue.");
q->capacity = size;
q->elems = malloc(q->capacity * sizeof *(q->elems));
check(q->elems, "queue's elements");
}
//call like so:
int main ( void )
{
Pqueue q;
pqueue_new(&q, 3);
}
Those would be the more common approaches.
Thank you all for the suggestions! I wouldn't have solved it without them,
The strange behaviour was caused by an off by one error. I was reallocating the queue only when q->size >= q->capacity, but since q was indexed from 0, it meant that before realloc I was writing in a forbidden location (q->elems[q->size]), which messed everything up.
I have the following two functions. Function get_string_data(line) mallocs a string and returns it. Later I use it like this:
char *get_string_data(char *) {
char *sec_tok, *result;
Split *split;
split = split_string(line, ' ');
sec_tok = split -> tail;
if (starts_with_char(sec_tok, '\"') && ends_with_char(sec_tok, '\"')) {
result = (char *) malloc(strlen(sec_tok) + 1);
strcpy(result, sec_tok);
free(split);
result++;
*(result + (strlen(result) - 1)) = '\0';
return result;
}
free(split);
return NULL;
}
void handle_string_instr(char *line) {
char* data = get_string_data(line);
...a few lines later, after I used the data...
free(data);
... end of the world happens here...
}
Now on attempt to free the string everything crashes (Program received signal SIGABRT, Aborted.). Why does this happen, and what is the correct way to free the memory?
Here is the problem code
result = (char *) malloc(strlen(sec_tok) + 1);
...
result++;
...
return result;
At this point the get_string_data method is no longer returning a pointer to the memory that was allocated. It is instead returning a pointer into the memory that was allocated. You can only pass pointers to memory that was allocated to free. In this case you don't and this is why it is crashing
Also a simpler way of null terminating the string would be the following
size_t length = strlen(sec_tok);
result = (char*)malloc(length + 1);
...
result[length] = '\0';
free(line) get_string_data possibly moves the pointer to some location in "line" which is not the correct pointer to return to free().
this error is always fired, when i'm try to free my allocated struct the second time, which it shouldn't, because the struct is set to NULL after i'm freeing it.
here's my struct with no real pointer inside it:
typedef struct{
int frame;
double timestamp;
int identifier;
int state;
int unknown1;
int unknown2;
mtVector normalized;
float size;
int unknown3;
float angle;
float majorAxis;
float minorAxis;
mtVector unknown4;
int unknown5[2];
float unknown6;
}Touch;
the barebone main function:
int main(){
Touch *myTouch = NULL;
int inputCounter = 0;
//whenever a touch is recognized:
...
myTouch = (Touch*)realloc(myTouch,sizeof(Touch)*(inputCounter++));
...
// everything works fine until:
freeTouch(myTouch);
}
void freeTouch(Touch *f){
if(f != NULL){
free(f);
f = NULL;
}
}
anybody got an idea?
f is a local variable. free(f) will affect the allocated memory, but f = NULL has no impact on myTouch in freeTouch(myTouch);.
Try
void freeTouch(Touch **f){
if(*f != NULL){
free(*f);
*f = NULL;
}
}
instead and use freeTouch(&myTouch).
You have two problems there. The first is that it's not a good idea to explicitly cast the return value from malloc or realloc. Doing so can cause problems if you forget to include the prototype/header for it.
Secondly, freeing f within the function frees the local copy. Until C gains references, there are two possibilities. First pass a pointer to the pointer and use that:
void freeTouch (Touch **pF){
if (*pF != NULL){
free (*pF);
*pF = NULL;
}
}
:
freeTouch (&myTouch);
or pass back NULL so you can assign:
void *freeTouch (Touch *f){
free (f);
return NULL;
}
:
myTouch = freeTouch (myTouch);
You'll notice that the second one doesn't care whether you pass in NULL - it's perfectly acceptable to try an free the NULL pointer since it's effectively a no-op (other than the function call itself).
First of all, never use
x = realloc(x, size);
because if x is allocated before and realloc fails, you make it NULL while the memory is still there and therefore you create garbage.
Second,
void freeTouch(Touch *f);
gets a pointer by value and therefore cannot change the pointer itself. So your f = NULL; is not effective. You need to change your code to:
int main(){
Touch *myTouch = NULL, temp;
int inputCounter = 0;
//whenever a touch is recognized:
...
temp = realloc(myTouch,sizeof(*temp) * (inputCounter++));
if (temp == NULL)
/* handle error */
myTouch = temp;
...
// everything works fine until:
freeTouch(&myTouch);
}
void freeTouch(Touch **f){
if(f != NULL && *f != NULL){
free(*f);
*f = NULL;
}
}
Sidenote: It's a good idea to use realloc (and likewise malloc) like this:
x = realloc(count * sizeof(*x));
There is no need to cast the output or realloc. Also, sizeof(*x) allows you to not repeat the type of x every time.
For those experienced with C, this will be a simple memory allocation/referencing problem:
Here are my data structures:
struct configsection {
char *name;
unsigned int numopts;
configoption *options;
};
typedef struct configsection configsection;
struct configfile {
unsigned int numsections;
configsection *sections;
};
typedef struct configfile configfile;
Here are my routines for initializing a configsection or configfile, and for adding a configsection to a configfile:
// Initialize a configfile structure (0 sections)
void init_file(configfile *cf) {
cf = malloc(sizeof(configfile));
cf->numsections = 0;
}
// Initialize a configsection structure with a name (and 0 options)
void init_sec(configsection *sec, char *name) {
sec = malloc(sizeof(configsection));
sec->numopts = 0;
sec->name = name;
printf("%s\n", sec->name);
}
// Add a section to a configfile
void add_sec(configfile *cf, configsection *sec) {
// Increase the size indicator by 1
cf->numsections = cf->numsections + 1;
// Reallocate the array to accommodate one more item
cf->sections = realloc(cf->sections, sizeof(configsection)*cf->numsections);
// Insert the new item
cf->sections[cf->numsections] = *sec;
}
I believe my problem originates in my init_sec() function. Here is an example:
int main(void) {
// Initialize test configfile
configfile *cf;
init_file(cf);
// Initialize test configsections
configsection *testcs1;
init_sec(testcs1, "Test Section 1");
// Try printing the value that should have just been stored
printf("test name = %s\n", testcs1->name);
Although the printf() in init_sec() successfully prints the name I just stored in the configsection, attempting the same thing in the printf() of main() produces a segmentation fault. Further, addsec() produces a segmentation fault.
This routine should be
void init_file(configfile **cf) {
*cf = malloc(sizeof(configfile));
(*cf)->numsections = 0;
(*cf)->sections = NULL; // You forgot to initialise this.
}
i.e. called by init_file(&myconfigfilepointer); so the malloc return value gets passed back.
Need to do the same trick for init_sec
This function is incorrect - here is a corrected version
void add_sec(configfile *cf, configsection *sec) {
// Increase the size indicator by 1
// Reallocate the array to accommodate one more item
cf->sections = realloc(cf->sections, sizeof(configsection)*(1 + cf->numsections));
// Insert the new item
cf->sections[cf->numsections] = *sec; // Since arrays start at 0
cf->numsections = cf->numsections + 1;
}
You then need to adjust the calls in main
At no point do you initialise cf->sections, which means when you try to realloc it the first time, you're passing rubbish. Adding:
cf->sections = NULL;
to init_file should help.
You're also not checking any return codes, but you knew that yes?
You need to pass a pointer of the value to be updated... eg:
// Initialize a configfile structure (0 sections)
void init_file(configfile **cf) {
*cf = malloc(sizeof(configfile));
(*cf)->numsections = 0;
}
configfile *var;
init_file(&var);
printf("%d\n", var->numsections);
Otherwise you are just updating the local pointer *cf and not the original passed in value
You need to really rethink how function arguments are passed in C and what pointers are. Your problem has nothing to do with memory allocation. Rather, your code is assigning a pointer to dynamically allocated memory only to a local variable, of which the calling code knows nothing.
While you could solve the problem by passing a pointer to the caller's pointer (i.e. a double pointer), this is not necessarily the most elegant or most usual way of handling things. Rather, you should return the result of the allocation from the function. While you're at it, you should also use calloc to zero out the memory right away. Wrapping it all up:
typedef struct substuff_
{
int a;
double b;
} substuff;
typedef struct stuff_
{
unsigned int n;
substuff * data;
} stuff;
substuff * init_substuff()
{
substuff * const p = malloc(sizeof *p);
if (p) { p->a = 5; p->b = -0.5; }
return p;
}
stuff * init_stuff()
{
substuff * const p = init_substuff();
if (!p) return NULL;
stuff * const q = malloc(sizeof *q);
if (q) { q->n = 10; q->data = p; }
return q;
}
As an exercise, you should write the corresponding functions void free_substuff(substuff *) and void free_stuff(stuff *).
Yes, there is a problem in init_sec
// Initialize a configsection structure with a name (and 0 options)
void init_sec(configsection *sec, char *name) {
sec = malloc(sizeof(configsection));
sec->numopts = 0;
sec->name = name;
printf("%s\n", sec->name);
}
You're just copying the name pointer here, which means, that it points to the original storage of name. If you'd call init_sec like this
configsection foobar()
{
configsection sec;
char name[80];
get_name(name);
init_sec(sec, name);
return sec;
}
The name pointer became invalid the moment foobar returned. You need to duplicate the string and keep your private copy around. In init_sec:
sec->name = strdup(name);
But there's more. In the very first line of init_sec you're overwriting the pointer that was passed to init_sec with the one of malloc. So the new pointer never gets passed back to the calle. Either use a pointer to a pointer, don't take a configsection pointer at all (after all, you're allocating), but just return the allocated pointer: Complete corrected function:
// Initialize a configsection structure with a name (and 0 options)
configsection* init_sec(char *name) {
configsection *sec = malloc(sizeof(configsection));
sec->numopts = 0;
sec->name = name;
printf("%s\n", sec->name);
return sec;
}