I am using (http://linux.die.net/man/3/hsearch) in my source code. I wrote a very basic code to test the hash functionality (did not want to reinvent the wheel by writing my own hash implementation). I see that it crashes with a segmentation fault in the search routine.
Any idea why its crashing?
#include <stdio.h>
#include <search.h>
#include <stdlib.h>
char *data[] = {
"cpe1","cpe2","cpe3","cpe4","cpe5","cpe6","cpe7","cpe8","cpe9","cpe10","cpe11","cpe12","cpe13"};
int main()
{
ENTRY ep, ep1, *ep_ptr, ep2;
int loop;
char *ptr;
char input[100];
hcreate (30);
for (loop=0; loop<13;loop++)
{
ptr = malloc (100);
sprintf (ptr, "%d.%d.%d.%d%c", loop+1, loop*2, loop*3, loop, '\0');
ep.key = data[loop];
ep.data = (void *) ptr;
printf ("%s --> %s\n", ep.key, (char *) ep.data);
ep_ptr = hsearch(ep, ENTER);
}
ep2.data = (void *) "cpe1";
ep_ptr = hsearch(ep2, FIND);
printf("%9.9s -> %9.9s: %s\n", ep2.key,
ep_ptr ? ep_ptr->key : "NULL", ep_ptr ? (char *)(ep_ptr->data) : "NULL");
return 0;
}
OUtput:
(gdb) r
Starting program: /home/globus/code/cpe/a.out
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
cpe1 --> 1.0.0.0
cpe2 --> 2.2.3.1
cpe3 --> 3.4.6.2
cpe4 --> 4.6.9.3
cpe5 --> 5.8.12.4
cpe6 --> 6.10.15.5
cpe7 --> 7.12.18.6
cpe8 --> 8.14.21.7
cpe9 --> 9.16.24.8
cpe10 --> 10.18.27.9
cpe11 --> 11.20.30.10
cpe12 --> 12.22.33.11
cpe13 --> 13.24.36.12
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:32
32 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:32
#1 0x00007ffff7b0ba71 in __GI_hsearch_r (item=..., action=FIND, retval=0x7fffffffdfd8,
htab=0x7ffff7dd67d0) at hsearch_r.c:149
#2 0x00007ffff7b0b92e in hsearch (item=..., action=<optimized out>)
at hsearch.c:34
#3 0x00000000004007a0 in main () at hash_test.c:32
(gdb)
While searching you should set ep2.key to search for the entry not ep2.data. So update your code to
//--v
ep2.key = (void *) "cpe1";
ep_ptr = hsearch(ep2, FIND);
As you have not set ep2.key the hsearch() function tries to access uninitialized pointer causing segmentation fault.
ep2.data = (void *) "cpe1";
ep_ptr = hsearch(ep2, FIND);
That first statement there is in error, you need to set the key to what you want to find, not the data.
Because you haven't set the key to anything, it has some arbitrary value in it (it's not static storage duration, so it's not initialised).
Then, hsearch is then running string functions on it (such as strlen) which is why you're getting the crash:
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ...
^^^^^^^^^^^^^
(running string function on non-string).
Your code should instead be:
ep2.key = (void *) "cpe1";
ep_ptr = hsearch(ep2, FIND);
In last printf, ep2.key which is not initialized
i notice a few things.
You are allocating ptr repeatedly within the loop but you are not freeing it. So thats a memory leak right there.
What is the data type for ep.data? Why do you have to convert to (void *)? Then again you are converting it to (char *)!!. Why?? If you data is already of char type then why this need to convert to (void *) repeatedly?
Fix these errors and then give it a try.
That line does not look correct:
ep2.data = (void *) "cpe1";
I found the definition of ENTRY so you'll have a better view of why it does not work as expected:
typedef struct entry {
char *key;
void *data;
} ENTRY;
You need to first allocate both key and data before copying all the bytes in it.
Related
Heres my main.c:
int main() {
char *x = "add r3,r5";
char *t;
char **end;
t = getFirstTok(x,end);
printf("%s",t);
}
And the function getFirstTok:
/* getFirstTok function returns a pointer to the start of the first token. */
/* Also makes *endOfTok (if it's not NULL) to point at the last char after the token. */
char *getFirstTok(char *str, char **endOfTok)
{
char *tokStart = str;
char *tokEnd = NULL;
/* Trim the start */
trimLeftStr(&tokStart);
/* Find the end of the first word */
tokEnd = tokStart;
while (*tokEnd != '\0' && !isspace(*tokEnd))
{
tokEnd++;
}
/* Add \0 at the end if needed */
if (*tokEnd != '\0')
{
*tokEnd = '\0';
tokEnd++;
}
/* Make *endOfTok (if it's not NULL) to point at the last char after the token */
if (endOfTok)
{
*endOfTok = tokEnd;
}
return tokStart;
}
Why do i get segmentation fault running this main program?
I'm programming a two pass aseembler and i need a function that get parse a string by a delimiter, In this case a white space. Is it better to use strtok instead for this purpose?
I need a command pasrer - So that it will extract "add", an operand parser (By , delimiter), To extract "r3" and "r5". I wanted to check if this getFirstTok function is good for this purpose but when i try to run it i get a segmentation fault:
Process finished with exit code 139 (interrupted by signal 11: SIGSEGV)
Thank you.
As pointed out in the comments, string literals are read-only, as they are baked into the compiled program. If you don't want to go with the suggested solution of making your "source program" a stack-allocated array of characters (char x[] = "add r3,r5"), you can use a function like strdup(3) to make a readable/writable copy like so:
#include <string.h>
[...]
char *rw_code = strdup(x);
t = getFirstTok(rw_code, end);
printf("%s", t);
free(rw_code); /* NOTE: invalidates _all_ references pointing at it! */
[...]
And as a little aside, I always make string literals constant const char *lit = "...", as the compiler will usually warn me if I attempt to write to them later on.
I'm working in C, Linux terminal. I need to find a pattern in a text and recolor it. GDB debugging can locate the function that is causing the problem via (gdb) backtrace, but it shows me a terrible message when I try to find the exact line:
Error
Program received signal SIGSEGV, Segmentation fault.
strstr_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:40
40 ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S: No such file or dir
ectory.
(gbd)
The broken function is find_and_recolor:
char* my_replace(char *text, char* replacement)
{
int lgreplacement = strlen(replacement);
int lgtext = strlen(text);
char *aux = (char*)malloc((lgreplacement + lgtext + 10) * sizeof(char));
strcpy(aux, replacement);
strcat(aux, text);
return(aux);
}
char* find_and_recolor(char* text, char* pattern)
{
int lgpattern = strlen(pattern);
int lgreplace = lgpattern + 10;//there are exactly 10 characters that must be inserted along the pattern word
int dif = 0;
char *p;
char *replacement = (char*)malloc(lgreplace * sizeof(char));
strcpy(replacement, "\e[0;31m");
strcat(replacement, pattern);
strcat(replacement, "\e[m");//to recolor a word in red, that word must be surrounded by those characters
while(p = strstr(text + dif, pattern))
{
p = my_replace(p, replacement);
p += lgreplace;
dif = p - text;
}
free(replacement);
return strdup(text);
}
it shows me a terrible message when I try to find the exact line:
There is nothing terrible, weird or unusual about this message, you just need to learn proper debugging technique.
What's happening is that the segmentation fault doesn't happen in your code, it happens inside GLIBC code (inside strstr), because you called strstr with bad arguments.
To find which call to strstr that was, use GDB up command to step out of GLIBC code, and into your code. Once you are inside find_and_recolor, you would be able to see the exact line, and print values of text, dif and pattern which caused your crash (assuming you compiled your code for debugging, i.e. with the -g flag).
Updating diff to p-text in while loop where both pointer points to different array doesn't make sense. It is undefined behavior.
Also code has other issues.
Uninitialized variable.
Less optimized as number of call can be reduced.
I got a struct Chat
struct Chat
{
int m_FD;
int m_BindPort;
char m_NameLength;
char* m_Name;
char m_PeerCount;
char** m_PeerList;
} typedef Chat_t;
i'm initializing it with this function:
int chat_init(Chat_t* this, unsigned int nameLen, char* name, unsigned short int bindPort, unsigned int peerCount, char** peerList)
{
this->m_NameLength = nameLen;
this->m_Name = malloc(sizeof(char) * (nameLen+1));
strcpy(this->m_Name, name);
this->m_BindPort = bindPort;
this->m_PeerCount = peerCount;
this->m_PeerList = malloc(sizeof(char*) * peerCount);
for(int i=0; i<peerCount; i++)
{
this->m_PeerList[i] = malloc(sizeof(char) * 16); // enough for xxx.xxx.xxx.xxx\0
strcpy(this->m_PeerList[i], peerList[i]);
}
//Socket initialization for TCP connection...
//Commenting this out doesn't change anything so i'm hiding it for simplification
return 0;
}
After that i'm calling a second function
int chat_communicate(Chat_t* this)
{
printf("2\n");
fflush(stdout);
//Some stuff that doesn't matter because it isn't even called
return retVar;
}
in main like this
void main(void)
{
char* peerList[1];
char username[USERNAME_MAX_LEN];
int initRet;
int loopRet;
Chat_t chat;
peerList[0] = "192.168.2.2";
memset(username, 0, USERNAME_MAX_LEN);
printf("Please enter your user name: ");
scanf("%s", username);
username[USERNAME_MAX_LEN-1] = 0;
initRet = chat_init(&chat, strlen(username), username, 1234, 1, peerList);
printf("File Descriptor: %d\n", chat.m_FD);
printf("Binding Port: %d\n", chat.m_BindPort);
printf("Name Length: %d\n", chat.m_NameLength);
printf("Name: %s\n", chat.m_Name);
printf("Peer Count: %d\n", chat.m_PeerCount);
for(int i=0; i< chat.m_PeerCount; i++)
{
printf("Peer[%d]: %s\n", i, chat.m_PeerList[i]);
}
printf("1");
ret = chat_communicate(&chat);
//Even more Stuff that isn't even called
}
My program outputs the following
File Descriptor: 3
Binding Port: 1234
Name Length: 4
Name: User
Peer Count: 1
Peer[0]: 192.168.2.2
1
Segmentation Fault
It compiles without errors or even warnings.
You can also assume that every string is null-Terminated The stuff i replaced with comments itn't that complicated but just too much to show.
Every value inside the struct is printed with printf right before but when passing this very struct per reference the application crashes.
What i want to know is why i'm getting this Segmentation Fault. Since it appeared while calling a function i thought it is some kind of layout problem but i havn't find anything like that.
Addition:
Because some people weren't able to believe me that the code i hid behind "some stuff" comments doesn't change anything i want to state this here once again. This code just contains a tcp socket communication and only performs read-operations. I also am able to reproduce the error mentioned above without this code so please don't get stuck with it. Parts does not influence the object under observation at all.
Among other potential problems,
this->m_PeerList = malloc(sizeof(char)*peerCount);
is clearly wrong.
m_PeerList is a char **, yet you're only allocating peerCount bytes, which only works if a char * pointer is one byte on your system - not likely.
Replace it with something like
this->m_PeerList = malloc(peerCount * sizeof( *( this->m_peerList ) ) );
Note that sizeof( char ) is always one - by definition.
You're not allocating enough memory for the this->m_Name. It should be on more than this if you want it to store the null-terminated string of the name.
That, or we need more information about the peerList.
Now that you have posted an almost complete code, I was able to spot two problems next to each other:
int chat_init(Chat_t* this, unsigned int nameLen, char* name, unsigned short int bindPort, unsigned int peerCount, char** peerList)
{
this->m_NameLength = nameLen;
this->m_Name = malloc(sizeof(char) * (nameLen + 1)); // correct
//< this->m_Name = malloc(sizeof(char) * nameLen); // wrong
strcpy(this->m_Name, name); // correct
//< memcpy(this->m_Name, name, nameLen); // wrong
...
The lines starting with //< is your original code:
Here you don't allocate enough space, you need to account for the NUL terminator:
this->m_Name = malloc(sizeof(char) * nameLen);
And here you don't copy the NUL terminator:
memcpy(this->m_Name, name, nameLen);
You really need to be aware how strings work in C.
Why don't you debug it yourself. If using GCC, compile your code with options -g -O0. Then run it with gdb:
gdb ./a.out
...
(gdb) r
If it crashes do:
(gdb) bt
This will give exactly where it crashes.
Update: There may be potential problems with your code as found by other users. However, memory allocation related issues will not crash your application just on calling function chat_communicate. There could be different reasons for this behaviour ranging from stack overflow to improper compilation. Without seeing the whole code it is very difficult to tell. Best advice is to consider review comments by other users and debug it yourself.
I have a problem with a simple malloc/free functions I use in a more complex program and I can't find how to get rid of this problem.
My project looks like :
main.c
while(1){programm();}
I tried a lot of tests to know where it come from but I just can't find a solution...
here is the code part where it seems to bug :
programm.c
void programm(){
... Creating variables and getting infos from socket ...
char a[512];
char b[512];
sprintf(a,"blablabla",strlen(a));
sprintf(b,"blablabla",strlen(b));
char* MessageOut = NULL;
MessageOut = (char*)malloc(strlen(a)+strlen(b));
if(MessageOut==NULL)
printf("MessageOut Is Null\n");
else
printf("%x\n",(uint)MessageOut);
printf("Size of Malloc:%d\n",strlen(a)+strlen(b));
sprintf( (char*)MessageOut, "%s%s",a, b );
MessageOut[0] = 0x02;
MessageOut[1] = Data[1];
MessageOut[2] = Data[2];
MessageOut[3] = 0x03;
byte_nb = sendto(client_socket, (void *)MessageOut, strlen(a)+strlen(b), 0, (struct sockaddr *)&dist_addr, addr_len);
if (byte_nb == -1) {
printf("send error:%s\n", strerror(errno));
} else {
printf("%i bytes sent\n", byte_nb);
}
printf("%s\n",MessageOut);
if(MessageOut==NULL)
printf("MessageOut Is Null\n");
else
printf("%x\n",(uint)MessageOut);
free(MessageOut);
printf("Test\n");
}
As I said it is just a part of my code, I tried to summarize it to the part where it goes wrong.
All of this is in a while(1)-loop.
The error I got is double free or corruption (!prev)
The printf give me :
1c7eeb0
Size Of Malloc : 196
196 Bytes sent
1c7eeb0
The first loop works correctly but after a few one I got
Error: double free or corruption (!prev): 0x01c7eeb0
It does not seems to be a problem with the socket because I have the same address before and after the sendto.
Here
sprintf(a,"blablabla",strlen(a));
strlen() is passed an uninitialised a which invokes undefined behaviour.
To initially set a initialise it on definition:
char a[512] = "blablabla";
or set it right after:
char a[512];
strcpy(a, "blablabla");
(The same applies to b)
Assuming a and b were set correctly this call
sprintf( (char*)MessageOut, "%s%s",a, b );
would write 1 char beyond MessageOut bounds, as after setting the data as per a and b and additional '\0' will be put, the so called 0-terminator, that every C-"string" carries to maker is end.
To fix this adjust the related call to malloc() accordingly:
MessageOut = malloc(strlen(a) + strlen(b) + 1); /* There is no need to cast
the result fo malloc in C. */
I want to create an array of struct pointers and set each pointer to null. Eventually I want to have the pointers in the array point to my struct. I believed I had the write code to this but I keep getting a seg fault.
Code:
//struct in my .h
struct bin{
double cac; // current available capacity
struct node *list //pointer to linked list... bin struct points to linked list struct
}
//main file
void main(){
struct bin *bArray[20];
struct bin *binTemp, *pTemp;
for(i=0;i<20;i++) bArray[i]= NULL;
}
I assumed this would create an array of bin pointers, but I'm getting a seg fault here. Shouldn't I be able to make all the pointers NULL regardless of what type of pointer they are?
Eventually I want to make these all point to bin structs and I thought I could do this without having to make the pointers NULL first so i tried:
for(i=0;i<20;i++){
binTemp = (struct bin *)malloc(sizeof(struct bin));
binTemp->cac = 1.0;
binTemp->list = NULL;
bArray[i] = binTemp;
}
Once again I got a seg fault. I have no idea whats going on here. I know seg faults means I'm trying to write to an illegal memory location which makes me think I would have to set the size of the array indexes with malloc. However,
for(i=0;i<20;i++) bArray[i]= malloc(sizeof(struct bin));
also gives me a seg fault. I have no idea what I'm doing wrong.
Actual code I ran:
//Header File
#ifndef hBin_h
#define hBin_h
#include <stdio.h> // stdio used for file io
#include <stdlib.h> // standard c library
#define MAX_S 20
//bin struc
struct bin {
double cac; //current available capacity
struct node *list; // pointer to linked list
};
//linked list node struct
struct node{
char *name; //name of item
double size; // weight of item
struct node *next; //pointer to next
};
//insert the new item into a node in its appropriate location using alphabetical ordering of item names
struct node *oInsert(char *item, double size, struct node *head);
//print the items of the list out along with the list’s capacity
void traverse(struct node *head);
// deallocate the nodes of the list
void destory(struct node *head);
//input info from file - name of object, weight of object
void input(FILE *inFile, char item[], double *weight);
#endif // hBin_h
#include "hBin.h"
void main(){
FILE *inFile;
char *item;
double *weight;
struct bin *bArray[20];
int i;
struct bin *binTemp, *pTemp;
inFile = fopen("run1.txt", "r"); //open file
printf("HERE1\n");
for(i=0;i<20;i++){
binTemp = (struct bin *)malloc(sizeof(struct bin));
binTemp->cac = 1.0;
binTemp->list = NULL;
bArray[i] = binTemp;
}
/*while(!feof(inFile)){
input(inFile, item, weight);
printf("%s, %.2f\n", item, *weight);
}*/
}
I used gdb (not totally sure what I'm doing here):
(gdb) run
Starting program: /home/Christopher/CSC362/Pass_F/Main
[New Thread 813244.0xc7590]
[New Thread 813244.0xc6ce0]
[New Thread 813244.0xc7320]
[New Thread 813244.0xc5994]
HERE1
0 [main] Main 813244 cygwin_exception::open_stackdumpfile: Dumping stack trace to Main.exe.stackdump
[Thread 813244.0xc7320 exited with code 35584]
[Thread 813244.0xc6ce0 exited with code 35584]
[Inferior 1 (process 813244) exited with code 0105400]
(gdb) where
No stack.
(gdb) for(i=0;i<20;i++){
binTemp->cac = 1.0;
binTemp->list = NULL;
bArray[i] = binTemp;
} /usr/src/debug/cygwin-2.2.1-1/winsup/cygwin/crt0.c: No such file or directory.
(gdb) binTemp = (struct bin *)malloc(sizeof(struct bin));
Undefined command: "binTemp". Try "help".
(gdb) binTemp->cac = 1.0;
Undefined command: "binTemp->cac". Try "help".
(gdb) binTemp->list = NULL;
Undefined command: "binTemp->list". Try "help".
(gdb) bArray[i] = binTemp;
Undefined command: "bArray". Try "help".
(gdb) } for(i=0;i<20;i++){
Undefined command: "". Try "help".
(gdb) binTemp = (struct bin *)malloc(sizeof(struct bin));
Undefined command: "binTemp". Try "help".
(gdb) binTemp->cac = 1.0;
Undefined command: "binTemp->cac". Try "help".
(gdb) binTemp->list = NULL;
Undefined command: "binTemp->list". Try "help".
(gdb) bArray[i] = binTemp;
Undefined command: "bArray". Try "help".
(gdb) } for(i=0;i<20;i++){
binTemp->cac = 1.0;
Undefined command: "". Try "help".
(gdb) binTemp = (struct bin *)malloc(sizeof(struct bin));
Undefined command: "binTemp". Try "help".
(gdb) binTemp->cac = 1.0;
Undefined command: "binTemp->cac". Try "help".
(gdb) binTemp->list = NULL;
Undefined command: "binTemp->list". Try "help".
(gdb) bArray[i] = binTemp;
Undefined command: "bArray". Try "help".
Reading your code you commented out, you pass the variable weight to the input function and right after dereference it in your call to printf. There is a major problem here, and that is that the variable weight is not initialized, and that passing it to a function passes it by value, which means that the variable is copied and the function only operates on the copy and not the original, meaning that the weight variable in your main function will still be uninitialized when you dereference it and that leads to undefined behavior and a probable crash.
If you intend to emulate pass by reference (you can only emulate since C doesn't have passing by reference), you should declare weight as a normal variable, and use the address-of operator when calling the function:
double weight;
...
input(inFile, item, &weight);
// ^
// |
// Note ampersand here
You have a similar problem with the item variable. It's uninitialized and doesn't point anywhere special. Using it in any way except to initialize it will lead to undefined behavior. And if you try to initialize it in the input function then you have the same problem as described above, and you need to pass a pointer to the pointer using the address-of operator.
If you don't initialize the item pointer in the input function, but use it like it's already pointing to some valid memory (using e.g. strcpy or similar function) then you also have undefined behavior.
The actual crash you experience might be totally unrelated to the problems I describe above, since you seem to be doing something involving linked lists, which of course means pointers, and pointers used wrongly will give you many chances for further undefined behaviors and crashes.
The first thing you should do is enable more warning when building, as the compiler is usually very good at finding suspect behavior that can lead to UB. You do that by adding e.g. the flags -Wall -Wextra -pedantic when building.