了解“双重释放或腐败"错误 [英] Understanding 'double free or corruption' error
问题描述
我正在从python
脚本(OS Ubuntu 14.04)中调用C++
应用程序,如下所示:
I am calling a C++
application from the python
script (OS Ubuntu 14.04) like this:
import sys, subprocess
run = subprocess.Popen(['app'] + args, stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
stdout, stderr = run.communicate()
if stderr:
sys.stderr.write('Error in app: ' + stderr.decode('utf-8'))
sys.exit(1)
然后我收到以下错误消息(尽管每次地址都不相同):
Then I get the following error message (although the address is different every time):
*** Error in `/usr/bin/app': double free or corruption (!prev): 0x00007f50eae98070 ***
该应用程序本身是第三方二进制文件,这意味着我无权访问源代码.但是,即使有人暗示app
中有一些错误会导致两次删除同一实体的尝试,但我仍然无法理解3种奇怪的行为:
The app itself is a third-party binary, that means, I have no access to the source code. However, even under suggestion that there is some bug in app
that causes deletion attempt the same entity twice there are 3 strangenesses in the behaviour that I cannot understand:
- 该错误是随机发生的,并且相当罕见(所有运行的大约20%都使用同一数据).
app
的其他一些用户也收到此错误;但是,其中一些人永远无法得到它. - 它不会被子进程的
stderr
流捕获(因此不会执行sys.exit(1)
). - 有时我在括号中看到的是
top
而不是!prev
.
- The error occurs randomly and rather rare (around 20% of all runs on the very same data). Some other users of the
app
get this error as well; however, some of them never get it. - It does not get caught in the
stderr
stream of the subprocess (and thereforesys.exit(1)
does not get executed). - Sometimes I see
top
instead of!prev
in the brackets.
有人可以向我解释一下这些功能是如何产生的,甚至给出一个可重现此行为的示例C ++代码吗?
Can someone explain me, how these features can be originated or even give an example C++ code that reproduces this behaviour?
推荐答案
双重免费正是其含义:
int *a = new int;
delete a;
delete a;
对于腐败之类的东西:
int *a = new int[10];
a++;
delete a;
当应用程序请求释放一些已经释放的内存,或者该地址与分配时获得的地址不对应,则glibc会生成此消息.
This message is generated by glibc when an app request to free some memory that was already freed, or the address does not correspond to an address obtained at allocation time.
这篇关于了解“双重释放或腐败"错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!