malloc上已释放对象的校验和不正确 [英] Incorrect checksum for freed object on malloc
问题描述
我得到
malloc: *** error for object 0x1001012f8: incorrect checksum for freed object
- object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
以下功能错误:
char* substr(const char* source, const char* start, const char* end) {
char *path_start, *path_end, *path;
int path_len, needle_len = strlen(start);
path_start = strcasestr(source, start);
if (path_start != NULL) {
path_start += needle_len;
path_end = strcasestr(path_start, end);
path_len = path_end - path_start;
path = malloc(path_len + 1);
strncpy(path, path_start, path_len);
path[path_len] = '\0';
} else {
path = NULL;
}
return path;
}
我该如何进行这项工作?当我重写该函数以使用path[path_len + 1]
分配内存时,它工作得很好.
How can I make this work? When I rewrite the function to allocate the memory using path[path_len + 1]
it works just fine.
现在,我不了解的部分是,我什至从未在应用程序的任何地方调用free
,因为该程序需要每个分配的内存,直到它存在为止(AFAIK将使每个分配的内存无效)反正?!)
Now, the part I don't understand is, that I never even call free
in any point of my application, as every allocated memory is needed for the program until it exists (which, AFAIK will invalidate every allocated memory anyway?!)
那么,如果我从不释放一个释放的对象,怎么会损坏它呢?
So, how can a freed object be corrupt if I never free one?
在此函数中调用该函数:
The function is called in this one:
char *read_response(int sock) {
int bytes_read;
char *buf = (char*)malloc(BUF_SIZE);
char *cur_position = buf;
while ((bytes_read = read(sock, cur_position, BUF_SIZE)) > 0) {
cur_position += bytes_read;
buf = realloc(buf, sizeof(buf) + BUF_SIZE);
}
int status = atoi(substr(buf, "HTTP/1.0 ", " "));
有realloc
,我用错了吗?我想阅读完整的服务器响应,所以每次迭代后都必须重新分配,不是吗?
There is the realloc
, am I using that wrong? I want to read the complete server response, so I have to reallocate after every iteration, don't I?
推荐答案
在read_response
中,您可能会覆盖buf
指向的缓冲区的末尾.
In read_response
, you are probably overwriting the end of the buffer pointed to by buf
.
问题在于buf是一个指针,因此sizeof(buf)
将返回指针的大小(取决于您的CPU,可能是4或8).您正在使用sizeof
,就好像buf
是一个数组一样,尽管在某些情况下它们看起来是可互换的,但这实际上与C中的指针不是同一回事.
The problem is that buf is a pointer, so sizeof(buf)
will return the size of a pointer (probably 4 or 8 depending on your CPU). You are using sizeof
as if buf
were an array, which is not really the same thing as a pointer in C although they seem interchangeable in some contexts.
代替使用sizeof
,您需要跟踪为buf
分配的最后一个大小,并在每次扩大缓冲区时将BUF_SIZE
添加到该大小.
Instead of using sizeof
, you need to be keeping track of the last size that you allocated for buf
, and add BUF_SIZE
to that each time you enlarge the buffer.
您还应该考虑到read
操作在每个调用中返回的字符可能比BUF_SIZE
少得多,因此在每次迭代中在buf
上执行realloc
可能会过大.不过,就正确性而言,这可能不会给您带来任何问题;它只会使用比需要更多的内存.
You should also consider that the read
operation may be returning considerably fewer characters than BUF_SIZE
on each call, so doing a realloc
on buf
in each iteration may be overkill. That probably won't cause any problems for you in terms of correctness, though; it will just use more memory than it needs to.
我会做类似下面的代码.
I would do something more like the code below.
#define MIN_BUF_SPACE_THRESHOLD (BUF_SIZE / 2)
char *read_response(int sock) {
int bytes_read;
char *buf = (char*)malloc(BUF_SIZE);
int cur_position = 0;
int space_left = BUF_SIZE;
if (buf == NULL) {
exit(1); /* or try to cope with out-of-memory situation */
}
while ((bytes_read = read(sock, buf + cur_position, space_left)) > 0) {
cur_position += bytes_read;
space_left -= bytes_read;
if (space_left < MIN_BUF_SPACE_THRESHOLD) {
buf = realloc(buf, cur_position + space_left + BUF_SIZE);
if (buf == NULL) {
exit(1); /* or try to cope with out-of-memory situation */
}
space_left += BUF_SIZE;
}
}
此版本的优点是,如果read
调用仅返回几个字节的数据,则不会尝试分配更多的空间.
This version has the advantage of not trying to allocate more space if the read
call comes back with only a few bytes of data.
这篇关于malloc上已释放对象的校验和不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!