neelpatel |
02-17-2010 04:12 AM |
Subsequent Calls to Realloc Cause Memory Dump
I'm trying to write a C program that extends an array to any user inputed size.
Code:
if (arraysize == 0) {
arraysize = (int) pos + 1;
a = (int *) calloc (arraysize,sizeof(int));
for (i = 0 ; i < arraysize ; i++ )
a[i] = -1;
a[pos] = val;
} else if ( pos >= arraysize ) {
newarraysize = (size_t) pos + 1;
a = (int *) realloc (a,newarraysize);
if (a == NULL) {
printf("Cannot allocate memory\n");
free(a);
a = NULL;
exit(1);
}
for (i = arraysize ; i < newarraysize ; i++ )
a[i] = -1;
a[pos] = val;
arraysize = newarraysize;
User inputs integers pos and val. An example interaction:
Quote:
Enter a position:
1
Enter a value:
1
Another assignment (y or n)?
y
array[0] = [No value assigned]
array[1] = 1
Enter a position:
2
Enter a value:
2
Another assignment (y or n)?
y
array[0] = [No value assigned]
array[1] = 1
array[2] = 2
Enter a position:
3
Enter a value:
3
Another assignment (y or n)?
y
array[0] = [No value assigned]
array[1] = 1
array[2] = 2
array[3] = 3
Enter a position:
4
Enter a value:
4
Another assignment (y or n)?
y
*** glibc detected *** ./a.out: realloc(): invalid next size: 0x09d9d008 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0x17aff1]
/lib/tls/i686/cmov/libc.so.6[0x1804d0]
/lib/tls/i686/cmov/libc.so.6(realloc+0xdd)[0x18085d]
./a.out[0x804873f]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x126b56]
./a.out[0x8048541]
======= Memory map: ========
00110000-0024e000 r-xp 00000000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
0024e000-0024f000 ---p 0013e000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
0024f000-00251000 r--p 0013e000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
00251000-00252000 rw-p 00140000 08:01 1066 /lib/tls/i686/cmov/libc-2.10.1.so
00252000-00255000 rw-p 00000000 00:00 0
005a5000-005c0000 r-xp 00000000 08:01 1183 /lib/ld-2.10.1.so
005c0000-005c1000 r--p 0001a000 08:01 1183 /lib/ld-2.10.1.so
005c1000-005c2000 rw-p 0001b000 08:01 1183 /lib/ld-2.10.1.so
00818000-00834000 r-xp 00000000 08:01 1035 /lib/libgcc_s.so.1
00834000-00835000 r--p 0001b000 08:01 1035 /lib/libgcc_s.so.1
00835000-00836000 rw-p 0001c000 08:01 1035 /lib/libgcc_s.so.1
00c83000-00c84000 r-xp 00000000 00:00 0 [vdso]
08048000-08049000 r-xp 00000000 08:01 153265 /home/neel/cs/lab05/exercise1/a.out
08049000-0804a000 r--p 00000000 08:01 153265 /home/neel/cs/lab05/exercise1/a.out
0804a000-0804b000 rw-p 00001000 08:01 153265 /home/neel/cs/lab05/exercise1/a.out
09d9d000-09dbe000 rw-p 00000000 00:00 0 [heap]
b7600000-b7621000 rw-p 00000000 00:00 0
b7621000-b7700000 ---p 00000000 00:00 0
b7702000-b7703000 rw-p 00000000 00:00 0
b770f000-b7713000 rw-p 00000000 00:00 0
bfcdf000-bfcf4000 rw-p 00000000 00:00 0 [stack]
Aborted
|
The program dumps with that sequence of inputs everytime, but might dump an input before or after if different positions are requested. Interestingly, when I tested pos = 2000..2008, I got no dumps. So is realloc somehow trying to extend the array into bad space?
Full source is available on request.
Thanks in advance,
Neel
|