fscanf - segfault - Address 0x0 is not stack'd, malloc'd or (recently) free'd
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I checked the code with valgrind, the result is here:
Code:
--16922-- REDIR: 0x40189e0 (strlen) redirected to 0x3806ce31 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--16922-- Reading syms from /usr/local/lib/valgrind/vgpreload_core-amd64-linux.so
--16922-- Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck-amd64-linux.so
--16922-- REDIR: 0x4018850 (index) redirected to 0x4c2cc80 (index)
--16922-- REDIR: 0x40188d0 (strcmp) redirected to 0x4c2dd40 (strcmp)
--16922-- Reading syms from /lib/x86_64-linux-gnu/libm-2.15.so
--16922-- Considering /lib/x86_64-linux-gnu/libm-2.15.so ..
--16922-- .. CRC mismatch (computed e81d4037 wanted fad28d48)
--16922-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libm-2.15.so ..
--16922-- .. CRC is valid
--16922-- Reading syms from /lib/x86_64-linux-gnu/libc-2.15.so
--16922-- Considering /lib/x86_64-linux-gnu/libc-2.15.so ..
--16922-- .. CRC mismatch (computed 3af7ebbf wanted 50fc58fa)
--16922-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.15.so ..
--16922-- .. CRC is valid
--16922-- REDIR: 0x51bce30 (strcasecmp) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16922-- REDIR: 0x51b91d0 (strnlen) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16922-- REDIR: 0x51bf100 (strncasecmp) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16922-- REDIR: 0x51babc0 (__GI_strrchr) redirected to 0x4c2caa0 (__GI_strrchr)
--16922-- REDIR: 0x51b2f40 (malloc) redirected to 0x4c2c5ed (malloc)
--16922-- REDIR: 0x51b3580 (free) redirected to 0x4c2b552 (free)
--16922-- REDIR: 0x51b8a40 (strcpy) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16922-- REDIR: 0x51b8a80 (__GI_strcpy) redirected to 0x4c2d0d0 (__GI_strcpy)
==16922== Invalid read of size 4
==16922== at 0x518E35A: __isoc99_fscanf (isoc99_fscanf.c:31)
==16922== by 0x400AF7: main (lightcurve.c:36)
==16922== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==16922==
==16922==
==16922== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==16922== Access not within mapped region at address 0x0
==16922== at 0x518E35A: __isoc99_fscanf (isoc99_fscanf.c:31)
==16922== by 0x400AF7: main (lightcurve.c:36)
==16922== If you believe this happened as a result of a stack
==16922== overflow in your program's main thread (unlikely but
==16922== possible), you can try to increase the size of the
==16922== main thread stack using the --main-stacksize= flag.
==16922== The main thread stack size used in this run was 8388608.
==16922==
==16922== HEAP SUMMARY:
==16922== in use at exit: 3,976 bytes in 7 blocks
==16922== total heap usage: 9 allocs, 2 frees, 5,112 bytes allocated
==16922==
==16922== Searching for pointers to 7 not-freed blocks
==16922== Checked 85,192 bytes
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 1 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x40098B: main (lightcurve.c:22)
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 2 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x4009B0: main (lightcurve.c:23)
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 3 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x4009D5: main (lightcurve.c:24)
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 4 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x400A1F: main (lightcurve.c:26)
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 5 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x400A44: main (lightcurve.c:27)
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 6 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x400A8E: main (lightcurve.c:29)
==16922==
==16922== 568 bytes in 1 blocks are still reachable in loss record 7 of 7
==16922== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16922== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16922== by 0x400AB3: main (lightcurve.c:30)
==16922==
==16922== LEAK SUMMARY:
==16922== definitely lost: 0 bytes in 0 blocks
==16922== indirectly lost: 0 bytes in 0 blocks
==16922== possibly lost: 0 bytes in 0 blocks
==16922== still reachable: 3,976 bytes in 7 blocks
==16922== suppressed: 0 bytes in 0 blocks
==16922==
==16922== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==16922==
==16922== 1 errors in context 1 of 1:
==16922== Invalid read of size 4
==16922== at 0x518E35A: __isoc99_fscanf (isoc99_fscanf.c:31)
==16922== by 0x400AF7: main (lightcurve.c:36)
==16922== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==16922==
==16922== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Szegmentálási hiba (core készült)
jkobori@itl87:/data/fermi/080805584$ valgrind -v --tool=memcheck --leak-check=full --show-reachable=yes ./lightcurve ./dat/080805584n3.dat0 ./pos/080805584.scp0 ./d8/080805584n3.d8 ./dat/080805584.dat_line ./pos/080805584.scp_line ./dat/080805584.inf0 ./pos/080805584.detector ./pos/080805584.poz0 ./pos/080805584.nap 080805584
==16924== Memcheck, a memory error detector
==16924== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==16924== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==16924== Command: ./lightcurve ./dat/080805584n3.dat0 ./pos/080805584.scp0 ./d8/080805584n3.d8 ./dat/080805584.dat_line ./pos/080805584.scp_line ./dat/080805584.inf0 ./pos/080805584.detector ./pos/080805584.poz0 ./pos/080805584.nap 080805584
==16924==
--16924-- Valgrind options:
--16924-- -v
--16924-- --tool=memcheck
--16924-- --leak-check=full
--16924-- --show-reachable=yes
--16924-- Contents of /proc/version:
--16924-- Linux version 3.2.0-30-generic (buildd@batsu) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #48-Ubuntu SMP Fri Aug 24 16:52:48 UTC 2012
--16924-- Arch and hwcaps: AMD64, amd64-sse3-cx16-lzcnt
--16924-- Page sizes: currently 4096, max supported 4096
--16924-- Valgrind library directory: /usr/local/lib/valgrind
--16924-- Reading syms from /data/fermi/080805584/lightcurve
--16924-- Reading syms from /lib/x86_64-linux-gnu/ld-2.15.so
--16924-- Considering /lib/x86_64-linux-gnu/ld-2.15.so ..
--16924-- .. CRC mismatch (computed eabdc7b7 wanted 3ee54b4e)
--16924-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.15.so ..
--16924-- .. CRC is valid
--16924-- Reading syms from /usr/local/lib/valgrind/memcheck-amd64-linux
--16924-- object doesn't have a dynamic symbol table
--16924-- Scheduler: using generic scheduler lock implementation.
--16924-- Reading suppressions file: /usr/local/lib/valgrind/default.supp
==16924== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-16924-by-jkobori-on-???
==16924== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-16924-by-jkobori-on-???
==16924== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-16924-by-jkobori-on-???
==16924==
==16924== TO CONTROL THIS PROCESS USING vgdb (which you probably
==16924== don't want to do, unless you know exactly what you're doing,
==16924== or are doing some strange experiment):
==16924== /usr/local/lib/valgrind/../../bin/vgdb --pid=16924 ...command...
==16924==
==16924== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==16924== /path/to/gdb ./lightcurve
==16924== and then give GDB the following command
==16924== target remote | /usr/local/lib/valgrind/../../bin/vgdb --pid=16924
==16924== --pid is optional if only one valgrind process is running
==16924==
--16924-- REDIR: 0x40189e0 (strlen) redirected to 0x3806ce31 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--16924-- Reading syms from /usr/local/lib/valgrind/vgpreload_core-amd64-linux.so
--16924-- Reading syms from /usr/local/lib/valgrind/vgpreload_memcheck-amd64-linux.so
--16924-- REDIR: 0x4018850 (index) redirected to 0x4c2cc80 (index)
--16924-- REDIR: 0x40188d0 (strcmp) redirected to 0x4c2dd40 (strcmp)
--16924-- Reading syms from /lib/x86_64-linux-gnu/libm-2.15.so
--16924-- Considering /lib/x86_64-linux-gnu/libm-2.15.so ..
--16924-- .. CRC mismatch (computed e81d4037 wanted fad28d48)
--16924-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libm-2.15.so ..
--16924-- .. CRC is valid
--16924-- Reading syms from /lib/x86_64-linux-gnu/libc-2.15.so
--16924-- Considering /lib/x86_64-linux-gnu/libc-2.15.so ..
--16924-- .. CRC mismatch (computed 3af7ebbf wanted 50fc58fa)
--16924-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.15.so ..
--16924-- .. CRC is valid
--16924-- REDIR: 0x51bce30 (strcasecmp) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16924-- REDIR: 0x51b91d0 (strnlen) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16924-- REDIR: 0x51bf100 (strncasecmp) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16924-- REDIR: 0x51babc0 (__GI_strrchr) redirected to 0x4c2caa0 (__GI_strrchr)
--16924-- REDIR: 0x51b2f40 (malloc) redirected to 0x4c2c5ed (malloc)
--16924-- REDIR: 0x51b3580 (free) redirected to 0x4c2b552 (free)
--16924-- REDIR: 0x51b8a40 (strcpy) redirected to 0x4a2560a (_vgnU_ifunc_wrapper)
--16924-- REDIR: 0x51b8a80 (__GI_strcpy) redirected to 0x4c2d0d0 (__GI_strcpy)
==16924== Invalid read of size 4
==16924== at 0x518E35A: __isoc99_fscanf (isoc99_fscanf.c:31)
==16924== by 0x400AF7: main (lightcurve.c:36)
==16924== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==16924==
==16924==
==16924== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==16924== Access not within mapped region at address 0x0
==16924== at 0x518E35A: __isoc99_fscanf (isoc99_fscanf.c:31)
==16924== by 0x400AF7: main (lightcurve.c:36)
==16924== If you believe this happened as a result of a stack
==16924== overflow in your program's main thread (unlikely but
==16924== possible), you can try to increase the size of the
==16924== main thread stack using the --main-stacksize= flag.
==16924== The main thread stack size used in this run was 8388608.
==16924==
==16924== HEAP SUMMARY:
==16924== in use at exit: 3,976 bytes in 7 blocks
==16924== total heap usage: 9 allocs, 2 frees, 5,112 bytes allocated
==16924==
==16924== Searching for pointers to 7 not-freed blocks
==16924== Checked 85,192 bytes
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 1 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x40098B: main (lightcurve.c:22)
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 2 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x4009B0: main (lightcurve.c:23)
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 3 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x4009D5: main (lightcurve.c:24)
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 4 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x400A1F: main (lightcurve.c:26)
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 5 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x400A44: main (lightcurve.c:27)
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 6 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x400A8E: main (lightcurve.c:29)
==16924==
==16924== 568 bytes in 1 blocks are still reachable in loss record 7 of 7
==16924== at 0x4C2C66F: malloc (vg_replace_malloc.c:270)
==16924== by 0x519F20A: __fopen_internal (iofopen.c:76)
==16924== by 0x400AB3: main (lightcurve.c:30)
==16924==
==16924== LEAK SUMMARY:
==16924== definitely lost: 0 bytes in 0 blocks
==16924== indirectly lost: 0 bytes in 0 blocks
==16924== possibly lost: 0 bytes in 0 blocks
==16924== still reachable: 3,976 bytes in 7 blocks
==16924== suppressed: 0 bytes in 0 blocks
==16924==
==16924== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==16924==
==16924== 1 errors in context 1 of 1:
==16924== Invalid read of size 4
==16924== at 0x518E35A: __isoc99_fscanf (isoc99_fscanf.c:31)
==16924== by 0x400AF7: main (lightcurve.c:36)
==16924== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==16924==
==16924== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
It seems it has a problem with the fscanf lines, but the weird thing is that
the code runs without any segfault for some input files, while for others
gives the error above. The format of the input files are completely the same, except
they contain different numbers.
Add some code to test whether each fopen actually worked.
Your seg fault during fscanf is caused by an earlier failure of fopen.
When fopen fails (for whatever reason) the FILE* is returns is zero. When you pass a zero FILE* to fscanf, it seg faults exactly as you have shown.
Quote:
Originally Posted by jkobori
The relevant part of the code:
Not all the relevant part, since you didn't include the declaration of dat_line, which is quite relevant to the point of failure. Fortunately, we don't need that to diagnose an error this simple.
If you post any code for harder issues, please be more careful to include all the relevant code.
Quote:
Originally Posted by jkobori
the weird thing is that
the code runs without any segfault for some input files, while for others
gives the error above. The format of the input files are completely the same, except
they contain different numbers.
I expect the input files it didn't work for are ones whose names you typed incorrectly on the command line (so the format/contents of such files never mattered). But I didn't see the command line nor the directory of files, so more obscure reasons for the fopen failing are also possible.
OK, here is a little bit more, but I can't paste here the entire code, because it is very long,
and a little bit copyrighted...
Anyway, the rest of it is doing some calculations.
But what do you mean that seg fault during fscanf is caused by an earlier failure of fopen?
Not necessary. Please re-read Johnfine's post, specifically the second paragraph (sentence).
Otherwise, you can try out this simple program that duplicates exactly the problem you are experiencing with your program:
Code:
#include <stdio.h>
int main(int argc, char* argv[])
{
int someValue = 0;
FILE* fp = fopen("/root/foo", "r");
//if (fp != NULL)
//{
fscanf(fp, "%d", &someValue);
//}
//else
//{
// fprintf(stderr, "Error: Unable to open file '/root/foo'\n");
//}
return 0;
}
To fix the problem with the code above, merely comment in the code that I have commented out. See the difference between the code above and your code??
Well, the only difference I can see is the place of *, and the error check, which is commented out.
The "problem" is, that all of the fscanf's work, i.e. I can printf them out to stdout.
So, the real question is that how is that possible (fscanf's work, and give error message at the same time)?
The input files are parameters, so I can not specify them exactly in the code.
Well, the only difference I can see is the place of *, and the error check, which is commented out.
The "problem" is, that all of the fscanf's work, i.e. I can printf them out to stdout.
So, the real question is that how is that possible (fscanf's work, and give error message at the same time)?
The input files are parameters, so I can not specify them exactly in the code.
Anyway, thanks for your reply!
What I neglected to show in my example code (because of my carelessness) is that one should also check the return value from fscanf() to ensure that it reports the correct number of values successfully parsed.
If you take the code I presented earlier, compile it similar to what you do for your application, and then run it through valgrind, you will see the exact same error being reported as you indicated in your opening post of this thread. Coincidence? I think not.
When fopen fails (for whatever reason) the FILE* is returns is zero. When you pass a zero FILE* to fscanf, it seg faults exactly as you have shown.
Quote:
Originally Posted by jkobori
what do you mean that seg fault during fscanf is caused by an earlier failure of fopen?
That is exactly what I explained above. I don't know a better way to say it than I already have.
dwhitney67 wrote sample code to demonstrate what I meant and what you should do about it. But you seem to have gotten bogged down in minor details and side issues of that code and missed the main point.
Check the value returned by fopen. If it is zero, the fopen has failed. A zero FILE* returned by fopen should not be passed to fscanf.
Actually, I've already checked the return value of fopen, and it is correct, so, not a zero file* is passed to fscanf, it is sure.
My main problem is: "The "problem" is, that all of the fscanf's work, i.e. I can printf them out to stdout."
and: "Your seg fault during fscanf is caused by an earlier failure of fopen." Where?
It seems it has a problem with the fscanf lines, but the weird thing is that
the code runs without any segfault for some input files, while for others
gives the error above. The format of the input files are completely the same, except
they contain different numbers.
Valgrind is telling you what the problem is. You can duplicate this same anomaly using a trivial program similar to what I presented earlier in which the program fails to open a file and then attempts a call to fscanf().
Earlier you indicated that the program works with a certain collection of files, but yet fails when using others. Besides inserting proper error checking statements in your code, you should also verify that you have proper privileges to read/write the files you are dealing with.
Last edited by dwhitney67; 11-20-2012 at 06:53 AM.
I have tried your sample code, and I understand why it fails.
But my point is, that fopen and fscanf work fine, all the error checking are positive, the code can open the files,
the fscanf read them, I can printf them out again, everything seem to be correct.
I have read/write privilegies on all of the files.
What I do not understand, that how can the fscanf work anf give error at the same time.
By the way, if I compile the code with the -O2 option then it gives the error message for ALL input parameter files.
I think I'm going to try another method, if there is an another.
Actually, I've already checked the return value of fopen, and it is correct, so, not a zero file* is passed to fscanf, it is sure.
I don't see how the Valgrind results you posted initially could represent anything other than a failure to open the file resulting in the seg fault during scanf.
But that may mean you provided that file name incorrectly just when using Valgrind, but are seeing some unrelated error when you run the same program outside of Valgrind.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.