LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   Subsequent Calls to Realloc Cause Memory Dump (http://www.linuxquestions.org/questions/programming-9/subsequent-calls-to-realloc-cause-memory-dump-789651/)

neelpatel 02-17-2010 05:12 AM

Subsequent Calls to Realloc Cause Memory Dump
 
I'm trying to write a C program that extends an array to any user inputed size.

Code:

if (arraysize ==  0) {
                        arraysize = (int) pos + 1;
                        a = (int *) calloc (arraysize,sizeof(int));
                        for (i = 0 ; i < arraysize ; i++ )
                                a[i] = -1;
                        a[pos] = val;
                } else if ( pos >= arraysize ) {
                        newarraysize = (size_t) pos + 1;
                        a = (int *) realloc (a,newarraysize);
                        if (a == NULL) {
                                printf("Cannot allocate memory\n");
                                free(a);
                                a = NULL;
                                exit(1);
                        }
                        for (i = arraysize ; i < newarraysize ; i++ )
                                a[i] = -1;
                        a[pos] = val;
                        arraysize = newarraysize;


User inputs integers pos and val. An example interaction:


Quote:

Enter a position:
1
Enter a value:
1
Another assignment (y or n)?
y

array[0] = [No value assigned]
array[1] = 1
Enter a position:
2
Enter a value:
2
Another assignment (y or n)?
y

array[0] = [No value assigned]
array[1] = 1
array[2] = 2
Enter a position:
3
Enter a value:
3
Another assignment (y or n)?
y

array[0] = [No value assigned]
array[1] = 1
array[2] = 2
array[3] = 3
Enter a position:
4
Enter a value:
4
Another assignment (y or n)?
y

*** glibc detected *** ./a.out: realloc(): invalid next size: 0x09d9d008 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0x17aff1]
/lib/tls/i686/cmov/libc.so.6[0x1804d0]
/lib/tls/i686/cmov/libc.so.6(realloc+0xdd)[0x18085d]
./a.out[0x804873f]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x126b56]
./a.out[0x8048541]
======= Memory map: ========
00110000-0024e000 r-xp 00000000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
0024e000-0024f000 ---p 0013e000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
0024f000-00251000 r--p 0013e000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
00251000-00252000 rw-p 00140000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
00252000-00255000 rw-p 00000000 00:00 0
005a5000-005c0000 r-xp 00000000 08:01 1183 /lib/ld-2.10.1.so
005c0000-005c1000 r--p 0001a000 08:01 1183 /lib/ld-2.10.1.so
005c1000-005c2000 rw-p 0001b000 08:01 1183 /lib/ld-2.10.1.so
00818000-00834000 r-xp 00000000 08:01 1035 /lib/libgcc_s.so.1
00834000-00835000 r--p 0001b000 08:01 1035 /lib/libgcc_s.so.1
00835000-00836000 rw-p 0001c000 08:01 1035 /lib/libgcc_s.so.1
00c83000-00c84000 r-xp 00000000 00:00 0 [vdso]
08048000-08049000 r-xp 00000000 08:01 153265 /home/neel/cs/lab05/exercise1/a.out
08049000-0804a000 r--p 00000000 08:01 153265 /home/neel/cs/lab05/exercise1/a.out
0804a000-0804b000 rw-p 00001000 08:01 153265 /home/neel/cs/lab05/exercise1/a.out
09d9d000-09dbe000 rw-p 00000000 00:00 0 [heap]
b7600000-b7621000 rw-p 00000000 00:00 0
b7621000-b7700000 ---p 00000000 00:00 0
b7702000-b7703000 rw-p 00000000 00:00 0
b770f000-b7713000 rw-p 00000000 00:00 0
bfcdf000-bfcf4000 rw-p 00000000 00:00 0 [stack]
Aborted
The program dumps with that sequence of inputs everytime, but might dump an input before or after if different positions are requested. Interestingly, when I tested pos = 2000..2008, I got no dumps. So is realloc somehow trying to extend the array into bad space?

Full source is available on request.


Thanks in advance,
Neel

irmin 02-17-2010 05:28 AM

Quote:

Code:

                        a = (int *) realloc (a,newarraysize);

The size argument you pass to realloc is wrong. realloc expects the size in bytes. But an integer is not only one byte in size. Replace it with:
Code:

                        a = (int *) realloc (a,sizeof(int)*newarraysize);
Because the size of the memory associated with the array is too small, you're overwriting some of glibc's internal structures, that are used to keep track of the memory blocks. This results in the error.

neelpatel 02-17-2010 05:32 AM

*hits self in head*

Thanks you so much. I've spent forever thinking that it just didn't like realloc to be called recursively and was wondering if it somehow was moving the a pointer around without freeing memory, or just generally memory leaking somehow.


Solved.


All times are GMT -5. The time now is 07:59 AM.