I'm trying reallocate more 256 bytes to buffer on each loop call. In this buffer, I will store the buffer obtained from read().
Here is my code:
#define MAX_BUFFER_SIZE 256
//....
int sockfd = socket( ... );
char *buffer;
buffer = malloc( MAX_BUFFER_SIZE );
assert(NULL != buffer);
char *tbuf = malloc(MAX_BUFFER_SIZE);
char *p = buffer;
int size = MAX_BUFFER_SIZE;
while( read(sockfd, tbuf, MAX_BUFFER_SIZE) > 0 ) {
while(*tbuf) *p++ = *tbuf++;
size = size + MAX_BUFFER_SIZE; // it is the right size for it?
buffer = realloc(buffer, size);
assert(NULL != buffer);
}
printf("%s", buffer);
free(tbuf);
free(p);
free(buffer);
close(sockfd);
But the above code returns segment fault. Where am I wrong?
These are the problems that are apparent to me:
Your realloc can modify the location to which buffer points. But you fail to modify p accordingly and it is left pointing into the previous buffer. That's clearly an error.
I see potential for another error in that the while loop need not terminate and could run off the end of the buffer. This is the most likely cause of your segmentation fault.
The way you use realloc is wrong. If the call to realloc fails then you can no longer free the original buffer. You should assign the return value of realloc to a temporary variable and check for errors before overwriting the buffer variable.
You should not call free on the pointer p. Since that is meant to point into the block owned by buffer, you call free on buffer alone.
Thing is read doesn't add a 0-terminator. So your inner while is undoubtedly stepping outside the allocated memory:
while(*tbuf) *p++ = *tbuf++;
Another problem is that you are freeing stuff you didn't receive via malloc. By the time you call free, you will have incremented both p and tbuff which you try to free.
The whole buffer allocation things looks useless as you're not actually using it anywhere.
When you use realloc on buffer, it is possible that the address of buffer is changed as a result of changing the size. Once that happens, p is no longer holding the correct address.
Also towards the end, you are freeing both p and buffer while they point to the same location. You should only free one of them.
Related
I know this has been asked quite a bit, but every example I looked at never seemed to fit exactly. In the code below if I keep the free(), the resulting compiled binary segfaults. If I remove it, the code works just fine. My question is, why?
int convertTimeToStr(time_t* seconds, char* str)
{
int rc = 0;
if (str == NULL) {
printf("The passed in char array was null!\n");
rc = 1;
} else {
char* buf = malloc(sizeof(char) * 100);
memset(buf, '\0', sizeof(buf));
buf = asctime(gmtime(seconds));
strcpy(str, buf);
free(buf);
}
return rc;
}
The problem is that you reassign the pointer to your allocated memory. What you're doing is basically equivalent to
int a = 5;
int b = 10;
a = b;
and then wondering why a is no longer equal to 5.
With the assignment buf = asctime(gmtime(seconds)) you lose the original pointer and have a memory leak.
What the asctime function returns is a pointer to a static internal buffer, it's not something you should pass to free.
You should not be surprised by that, since you've changed the value of the pointer buf from what malloc() returned.
char* buf = malloc(sizeof(char) * 100); // value returned by malloc()
memset(buf, '\0', sizeof(buf));
buf = asctime(gmtime(seconds)); // change value of buf
strcpy(str, buf);
free(buf); // buf differs from above
Calling free() with an argument that was not returned from malloc() (or calling it for the second time) is undefined behaviour.
You call malloc and memset, which allocates a buffer and sets it to zeroes, but then you overwrite the value of buf with the return value from asctime. By the time you call free, it is on the return value from asctime, not your original allocation. This has three issues:
You never use the buffer you allocated with malloc for any useful purpose, so you don't need that malloc nor the memset
You lose the pointer returned by malloc so you can never free it. Your process has leaked memory.
You try to free the return value from asctime. The return value from asctime does not need to be freed and should not be freed. This causes undefined behavior, in your case a segfault.
The below code occasionally fails on the buffer = (char*) realloc(buffer, allocated * sizeof(char)); call (marked down below) that I use to dynamically allocate space for a char*,by allocating 1 char initially, and doubling the allocated amount every time the memory I already have is insufficient to store the string.
I have very similar code in many other parts of my project, with the same memory allocation policy and calls (changing only the type of the void* I pass to realloc).
I am using VS2010 to debug the problem, and when I start the program on debug mode, the function always completes successfully.
However, when calling the program from the command line, there is a good chance that one of the calls to realloc will fail after some time with an "Access violation reading location" error - though it doesn't happen all the time, and only happens after the function below has been called multiple times, with many reallocations having already taken place.
What's weirder, I put some prints before and after the realloc call to assert if the pointer location was changed, and, when I did so and ran the program, the calls to realloc stopped failing randomly.
What am I doing wrong?
TOKEN
next_token_file(FILE* file,
STATE_MACHINE* sm,
STATE_MACHINE* wsssm)
{
char* buffer = (char*) malloc(sizeof(char));
size_t allocated = 1;
size_t i = 0;
while(1)
{
/*
... code that increments i by one and messes with sm a bit. Does nothing to the buffer.
*/
// XXX: This fails when using realloc. Why?
if(i + 1 >= allocated)
{
allocated = allocated << 1;
buffer = (char*) realloc(buffer, allocated * sizeof(char));
}
buffer[i] = sm->current_state->state;
/*
... more code that doesn't concern the buffer
*/
}
// Null-terminate string.
buffer[++i] = 0;
TOKEN t = {ret, buffer};
return t;
}
Due to these lines
char* buffer = (char*) malloc(16 * sizeof(char));
size_t allocated = 1;
the program shrinks buffer for the first 4 re-allocations. So the program writes to unallocated memory from i=16 on, which is undefined behaviour, so anything could happen. Also this most likely smashes the memory management which in turn makes realloc() fail.
You might like to change those two lines to be:
size_t allocated = 16; /* or = 1 if the 16 was a typo. */
char * buffer = malloc(allocated);
Other notes:
sizeof(char) is always 1.
Do not cast the result of malloc/calloc/realloc as it is not necessary nor recommended: https://stackoverflow.com/a/605858/694576.
Do check the result of system calls.
Refering the last note, the following modifications should be applied
char * buffer = malloc(allocated);
might become:
char * buffer = malloc(allocated);
if (NULL == buffer)
{
/* Error handling goes here. */
}
and
buffer = (char*) realloc(buffer, allocated * sizeof(char));
might become:
{
char * pctmp = realloc(buffer, allocated);
if (NULL == pctmp)
{
/* Error handling goes here. */
}
else
{
buffer = pctmp;
}
}
More of a comment than an answer but I don't have 50 points to comment.
This:
char* buffer = (char*) malloc(16 * sizeof(char));
should be
char* buffer = (char*) malloc(1 * sizeof(char));
or
allocated = 16.
I dont know, when you are increasing or decreasing i.
But I would bet, acording to this snippet, your problem is: your reallocating infinitly, and as your not checking for realloc is returning NULL, that will crash your programm ;)
As allready said, even the not well running pritf's are conforming it, your violating your memory block. this will happen by reallocing the memory adress which has been overwritten outside the range.(excepting its UB anyway)
Or if you try to work if an invalid return value (what is when NULL is returned, what could happen because u aren't checking it)
Or if you request zerosized area(size parameter is 0) and you get returned an non zero pointer and you work with that one.
But 2nd case probably wont happen in your programm ;)
I wrote a function to read a string with fgets that uses realloc() to make the buffer grow when needed:
char * read_string(char * message){
printf("%s", message);
size_t buffsize = MIN_BUFFER;
char *buffer = malloc(buffsize);
if (buffer == NULL) return NULL;
char *p;
for(p = buffer ; (*p = getchar()) != '\n' && *p != EOF ; ++p)
if (p - buffer == buffsize - 1) {
buffer = realloc(buffer, buffsize *= 2) ;
if (buffer == NULL) return NULL;
}
*p = 0;
p = malloc(p - buffer + 1);
if (p == NULL) return NULL;
strcpy(p, buffer);
free(buffer);
return p;
}
I compiled the program and tried it, and it worked like expected. But when I run it with valgrind, the function returns NULL when the read string is >= MIN_BUFFER and valgrind says:
(...)
==18076== Invalid write of size 1
==18076== at 0x8048895: read_string (programme.c:73)
==18076== by 0x804898E: main (programme.c:96)
==18076== Address 0x41fc02f is 0 bytes after a block of size 7 free'd
==18076== at 0x402BC70: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18076== by 0x8048860: read_string (programme.c:76)
(...)
==18076== Warning: silly arg (-48) to malloc()
(...)
I added a printf statement between *p=0; and p=malloc... and it confirmed that the arg passed had a value of -48.
I didn't know that programs don't run the same way when launched alone and with valgrind. Is there something wrong in my code or is it just a valgrind bug?
When you realloc the buffer, your pointer 'p' still points at the old buffer.
That will stomp memory, and also cause future allocations to use bogus values.
realloc returns a pointer to a new buffer of the requested size with the same contents as the pointer passed in, assuming that the pointer passed in was previously returned by malloc or realloc. It does not guarantee that it's the same pointer. Valgrind very likely modifies the behavior of realloc, but keeps it within the specification.
Since you are resizing memory in a loop, you would be better served by tracking your position in buffer as an offset from the beginning of buffer rather than a pointer.
As man 3 realloc says
...The function may move the memory block to a new location.
What this means, is that
p = malloc(p - buffer + 1);
is the problem. If realloc() was called, buffer might be pointing to a new block of memory and expression
(p - buffer)
does not make any sense.
I'm new to C and I'm reading "The C Programming Language" by K&R to learn it. I had a question about this example function appearing on pg 109 of the 2nd edition:
/* readlines: read input lines */
int readlines(char *lineptr[], int maxlines)
{
int len, nlines;
char *p, line[MAXLEN];
nlines = 0;
while ((len = getline(line, MAXLEN)) > 0)
if (nlines >= maxlines || p = alloc(len) == NULL)
return -1;
else {
line[len-1] = '\0'; /* delete newline */
strcpy(p, line);
lineptr[nlines++] = p;
}
return nlines;
}
I was wondering why *p is at all necessary here? p is allocated memory and then line is copied into it. Why can't just line be used, so at the end lineptr[nlines++] = p could be replaced by lineptr[nlines++] = line.
If you don't allocate memory for each line, you'll end up with lineptr being an array full of pointers to just the last line you read (not to mention to stack memory which is likely to be overwritten). Allocating memory for each line as you read makes the returned array make sense. As an example, let's say that line happens to get allocated on the stack at address 0x1000. If you make your suggested change, the resulting lineptr array for an 8 line file would be:
0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000
Yowch! Allocating memory for each line as you read it, and then copying the line into that allocated memory is the only solution.
lineptr[nlines++] = line;
would fill lineptr with pointers to memory that is local to that function, and that memory becomes invalid as soon as the function returns. The values of all the elements of the lineptr array would all be identical and equal to line.
So the allocation is necessary here. You really need to copy the contents of line into a newly allocated memory location that persists after the function has returns.
You'd need storage for each line to be allocated somewhere. You can't just capture the value of line as you suggest because that is a local variable which will be out of scope after the function returns (and in this particular example, it's overwritten on each iteration).
You could avoid having line by doing getline directly into the elements of lineptr (which you would allocate as you go), but you cannot get rid of p.
A new chunk of memory needs to be allocated for each line. The pointer p is the only handle we have to that memory. We assign lineptr[nlines++] = p so we can reference each chunk of memory (e.g. line) as part of the array lineptr.
An assignment of the kind lineptr[nlines++] = p in c/c++, sets the address of lineptr[nlines++] to the address where p points to, no data is copied here.
so, the address of line is always the same address; so lineptr[nlines++] = line whould mean that all all lineptr[i] would point to the same address.
the worst part, after the function returns, line does no longer exist, so every lineptr[i] then points to some invalid address.
using the p allocates new memory for each line, and ensures that the address of that memory is still valid between functions (until you free it).
Okay, so let's show you how to do the same thing without char *p... I am going to slightly modify the code.
/* readlines: read input lines */
#include <string.h>
/* put that include line below #include <stdio.h> if you don't already have this
string.h defines strdup() function which we use below */
int readlines(char *lineptr[], int maxlines)
{
int len, nlines;
char line[MAXLEN];
nlines = 0;
while ((len = getline(line, MAXLEN)) > 0) {
line[len-1] = '\0'; /* delete newline */
lineptr[nlines] = strdup(line); /* allocate memory and make a copy */
if (lineptr[nlines] == NULL) {
return -1;
}
nlines++;
if (nlines >= marlines)
break;
}
return nlines;
}
This code is closest without the temporary char *p use.
The thing is that while this is functionally correct, use of the temporary variable char *p to test out all allocations and retrieval makes the code cleaner to read, easy to follow for teaching purposes. It also shows explicitly the allocation of the string memory as a separate step, which is hidden in strdup.
I'm trying to read a line from a file character by character and place the characters in a string; here' my code:
char *str = "";
size_t len = 1; /* I also count the terminating character */
char temp;
while ((temp = getc(file)) != EOF)
{
str = realloc(str, ++len * sizeof(char));
str[len-2] = temp;
str[len-1] = '\0';
}
The program crashes on the realloc line. If I move that line outside of the loop or comment it out, it doesn't crash. If I'm just reading the characters and then sending them to stdout, it all works fine (ie. the file is opened correctly). Where's the problem?
You can't realloc a pointer that wasn't generated with malloc in the first place.
You also have an off-by-one error that will give you some trouble.
Change your code to:
char *str = NULL; // realloc can be called with NULL
size_t len = 1; /* I also count the terminating character */
char temp;
while ((temp = getc(file)) != EOF)
{
str = (char *)realloc(str, ++len * sizeof(char));
str[len-2] = temp;
str[len-1] = '\0';
}
Your issue is because you were calling realloc with a pointer to memory that was not allocated with either malloc or realloc which is not allowed.
From the realloc manpage:
realloc() changes the size of the memory block pointed to by ptr to size bytes.
The contents will be unchanged to the minimum of the old and new
sizes; newly allocated memory will be uninitialized. If ptr is NULL,
then the call is equivalent to malloc(size), for all values of size;
if size is equal to zero, and ptr is not NULL, then the call is
equivalent to free(ptr). Unless ptr is NULL, it must have been
returned by an earlier call to malloc(), calloc() or realloc(). If
the area pointed to was moved, a free(ptr) is done.
On a side note, you should really not grow the buffer one character at a time, but keep two counter, one for the buffer capacity, and one for the number of character used and only increase the buffer when it is full. Otherwise, your algorithm will have really poor performance.
You can't realloc a string literal. Also, reallocing every new char isn't a very efficient way of doing this. Look into getline, a gnu extension.