什么是glibc的免费/的malloc / realloc的无效接下来大小/无效指针错误,以及如何解决它? [英] What is a glibc free/malloc/realloc invalid next size/invalid pointer error and how to fix it?
问题描述
的您最有可能看到这个问题,因为你的问题已经关闭的这个副本。对于相关问题,适度的完整列表,请参阅<一个href=\"http://meta.stackoverflow.com/questions/254782/a-long-list-of-possible-duplicates-c-memory-allocation-and-overrunning-bounds\">A可能重复的长长的名单 - Visual C内存分配和超越界限的元上堆栈溢出的
You are most likely seeing this question because your question has been closed as a duplicate of this. For a moderately complete list of related questions, please see A long list of possible duplicates — C memory allocation and overrunning bounds on Meta Stack Overflow.
的
From free char*: invalid next size (fast) asked by noobie on 2014-04-11.
我释放一个的char * A级联过程之后,但我收到此错误:
I am freeing a char* after a concatenation process, but I receive this error:
free(): invalid next size (fast): 0x0000000001b86170
这是我的code:
void concat(stringList *list) {
char *res = (char*)malloc(sizeof(char*));
strcpy(res, list->head->string);
list->tmp = list->head->next;
while (list->tmp != NULL) {
strcat(res, ",");
strcat(res, list->tmp->string);
list->tmp = list->tmp->next;
}
printf("%s\n", res);
free(res);
}
通用问题
在运行我的程序,我看到这样的错误消息:
Generic Question
When running my program, I see an error message like this:
*** glibc detected *** ./a.out: free(): corrupted unsorted chunks: 0x12345678 ***
的详细信息,可以包含任何的 *** glibc的检测*** 和节目名称,以及消息后跟一个十六进制的地址后,以下的(如图为0x12345678),而另一个 *** :
The detailed information can contain any of the following after the *** glibc detected *** and the program name, and the message is followed by a hexadecimal address (shown as 0x12345678) and another ***:
-
免费():损坏的无序块:为0x12345678 -
免费():无效的下一个尺寸(快):为0x12345678 -
免费():无效的下一个尺寸(标准):为0x12345678 -
免费():无效的指针:为0x12345678 -
免费():无效的大小:为0x12345678 -
的malloc():损坏的无序块:为0x12345678 -
的malloc():损坏的无序块2:为0x12345678 -
的malloc()内存破坏:为0x12345678 -
的malloc()内存破坏(快):为0x12345678 -
的malloc():smallbin双链表损坏:为0x12345678 -
munmap_chunk():无效的指针:为0x12345678 -
的realloc():无效的下一个尺寸(快):为0x12345678 -
的realloc():无效的老大小(快):为0x12345678 -
的realloc():无效的指针:为0x12345678 -
损坏双链表:为0x12345678
free(): corrupted unsorted chunks: 0x12345678free(): invalid next size (fast): 0x12345678free(): invalid next size (normal): 0x12345678free(): invalid pointer: 0x12345678free(): invalid size: 0x12345678malloc(): corrupted unsorted chunks: 0x12345678malloc(): corrupted unsorted chunks 2: 0x12345678malloc(): memory corruption: 0x12345678malloc(): memory corruption (fast): 0x12345678malloc(): smallbin double linked list corrupted: 0x12345678munmap_chunk(): invalid pointer: 0x12345678realloc(): invalid next size (fast): 0x12345678realloc(): invalid old size (fast): 0x12345678realloc(): invalid pointer: 0x12345678corrupted double-linked list: 0x12345678
这会发生,而调用 frobnicate()功能;什么是错的功能?
This happens while calling the frobnicate() function; what is wrong with that function?
推荐答案
的 平仓给接受的回答的例子问题:的
Answer for Example Question
unwind gave the accepted answer to the example question:
您code是错误的。
您为单一指针分配空间(的malloc(sizeof的(字符*))),但没有文字。您正在使用的所有字符串覆盖你分配的空间,从而导致未定义的行为(在这种特殊情况下,破坏的malloc()的记账数据)。
You are allocating space for a single pointer (malloc(sizeof(char*))), but no characters. You are overwriting your allocated space with all the strings, causing undefined behavior (in this particular case, corrupting malloc()'s book-keeping data).
您不必为指针分配空间( RES );它是一个局部变量。您的必须的您希望在由指针中保存的地址存储的所有字符分配空间。
You don't need to allocate space for the pointer (res); it's a local variable. You must allocate space for all the characters you wish to store at the address held by the pointer.
因为你将要遍历一个列表中查找的字符串来连接,你可以不知道总规模的前期。你将有超过列表做两遍:一是总结了的strlen()每一个字符串,然后分配该加的空间分隔和终止,然后当你真正做另一张通行证的连接。
Since you're going to be traversing a list to find strings to concatenate, you can't know the total size upfront. You're going to have to do two passes over the list: one to sum the strlen() of each string, then allocate that plus space for the separator and terminator, then another pass when you actually do the concatenation.
你们看到的是glibc的分配器的内部结构腐败的结果。当你分配或释放动态内存,分配器有权管理它从操作系统保留的内存,并根据您所请求的操作,找到一个新的大块来伸手,排序一个被释放的块到这些列表,它可以用手出来以后再或者给内存回操作系统。这些错误信息表明,数据结构,它用来管理此功能被破坏。
Generic Answer
What you are seeing is the result of a corruption in the internal structures of the glibc allocator. When you are allocating or freeing dynamic memory, the allocator has to manage the memory it reserved from the OS and, depending on the action requested by you, find a new chunk to hand out, sort a freed chunk into the list of those that it can hand out later again, or give the memory back to the operating system. These error messages show that the data structures it uses to manage this functionality are corrupted.
这些错误都意味着你的一些code已经修改后的内存,这是不给用,调用的未定义行为的。这是最有可能在你的程序重写一些内存颇有几分早期的结果,这是完全可能的错误不在于在 frobnicate()功能。
These errors all mean that some of your code has modified memory that it was not given to use, invoking undefined behaviour. This is most likely the result of overwriting some memory quite a bit earlier in your program, and it is totally possible that the error does not lie in the frobnicate() function.
是的,这意味着该错误可能的随时随地在程序或第三方库使用
Yes, this means that the error can be anywhere in your program or 3rd party libraries you use.
这可能是不适合堆栈溢出一个很好的问题。除非你有你的问题的一个很好的简单再生产,这个社区可能无法帮助你了。错误的原因可能是在任何地方你的code(而且是非常往往不是在发现是错误的函数),它可能会在code,我们看不到。堆栈溢出是的不的协作调试的网站。即使有人能找到你的code中的缺陷,这是不可能的,您的具体问题都不会帮助任何未来的访客。
This is probably not a good question for Stack Overflow. Unless you have a good simple reproduction of your problem, this community may be unable to help you very much. The cause of the error can be anywhere in your code (and is very often not in the function where the error is spotted), and it may be in code that we cannot see. Stack Overflow is not a collaborative debugging site. Even when someone can find the flaw in your code, it is unlikely that your specific question will ever help any future visitor.
- 免费后使用。您已经释放/删除了一些记忆,写进去之后,覆盖结构的glibc需要记账。
- 关闭按N错误。您是一个分配的块到未分配内存的glibc内部使用其记账后写N个字节。
- 未初始化的指针。您没有初始化的指针。巧合的是它指出了一些内存glibc的保留而不是由你的程序分配的,你写吧。
- 分配的空间量错了。这可能是因为你写
长*数据=的malloc(数量* 4)而不是长*数据=的malloc(数量*的sizeof(长));或(更好的)长*数据=的malloc(数量* sizeof的(*数据));。还有许多其他的方法来获得尺寸计算错误。另一种常见的一种是忘记在字符串的结尾要占空终止字符:的char *副本=的malloc(strlen的(STR));而不是的char *副本=的malloc(strlen的(STR)+1);
- Use after free. You have freed/deleted some memory and writing into it afterwards, overwriting the structures glibc needs for bookkeeping.
- Off-by-N error. You are writing N bytes after an allocated chunk into unallocated memory that glibc uses internally for its bookkeeping.
- Uninitialized pointers. You are not initializing a pointer. By coincidence it points to some memory reserved by glibc but not allocated by your program and you write to it.
- Allocating the wrong amount of space. This can be because you wrote
long *data = malloc(number * 4)instead oflong *data = malloc(number * sizeof(long));or (better)long *data = malloc(number * sizeof(*data));. There are many other ways to get the size calculation wrong. Another common one is to forget to account for the null terminator character at the end of a string:char *copy = malloc(strlen(str));instead ofchar *copy = malloc(strlen(str)+1);.
你现在需要做的是卷起你的袖子和调试这个问题
有没有简单的答案,寻找什么,或者什么来解决。你用错了没有任何单一的语法结构。这个错误的原因可以进来的品种成千上万。
There is no simple answer what to look for, or what to fix. No single syntactical construct that you were using wrong. The cause of this bug can come in literally thousands of varieties.
- 的valgrind 大多是创造了寻找的正是这种类型的错误为目的的工具。如果无法找到任何请确保您使用的是最新版本,并且你也尝试了包括
EXP-sgcheck工具。如果你正在运行多线程code,原因也可能是这样,你可能想尝试附带的竞争条件跳棋DRD和<$ C $相关的竞争条件C> helgrind 为更深入的了解。在写这篇点,Valgrind的支持以下平台:- X86 / Linux上,
- AMD64 / Linux上,
- ARM / Linux的,
- PPC32 / Linux上,
- PPC64 / Linux上,
- S390X / Linux上,
- MIPS32 / Linux上,
- MIPS64 / Linux上,
- ARM / Android的(2.3.x版本及更高版本),
- X86 / Android版(4.0和更高版本),
- X86 /达尔文和
- AMD64 /达尔文键(Mac OS X 10.7,与10.8的支持有限)。
- valgrind A tool created mostly for the purpose of finding exactly this kinds of errors. If it can't find anything make sure you are using the latest version, and you are also trying out the included
exp-sgchecktool. If you are running multithreaded code, the cause might also be related to a race condition so you might want to try the included race condition checkersdrdandhelgrindfor more insight. At the point of writing this, valgrind supports the following platforms:- X86/Linux,
- AMD64/Linux,
- ARM/Linux,
- PPC32/Linux,
- PPC64/Linux,
- S390X/Linux,
- MIPS32/Linux,
- MIPS64/Linux,
- ARM/Android (2.3.x and later),
- X86/Android (4.0 and later),
- X86/Darwin and
- AMD64/Darwin (Mac OS X 10.7, with limited support for 10.8).
如果你解决不了使用一个这些工具你的问题,你应该尝试创建一个MCVE(如何创建一个最小的,完整的,和可验证的例子?),或者等价地,一个SSCCE(短,自成一体,正确的(可编译),实例)。
If you can't solve your problem using one these tools, you should try to create an MCVE (How to create a Minimal, Complete, and Verifiable Example?) or, equivalently, an SSCCE (Short, Self Contained, Correct (Compilable), Example).
请记住,在你的code的拷贝工作,因为建立一个MCVE需要你无情地删除了code,它并不能帮助重现该问题。使用VCS(版本控制系统),以协助是个好主意;可以在减少的问题降到最低记录中间阶段。这可能是一个新的扔掉的只是库减少您的问题可管理的大小。
Remember to work on a copy of your code because creating an MCVE requires you to ruthlessly remove code that does not help reproduce the problem. Using a VCS (version control system) to assist is a good idea; you can record intermediate stages in reducing the problem to a minimum. It might be a new throw-away repository just for reducing your problem to a manageable size.
有了一个良好的模块化设计到code,它应该是比较容易造成MCVE。也许你也已经有了一个单元测试,更适合被送入上述工具之一。你也可能只是想创建一个可以在以后作为回归测试的这个bug。
With a good modular design to your code, it should be relatively easy to create the MCVE. Maybe you also already have a unit test that is better suited to be fed into one of the above tools. You also might just want to create one that can later serve as a regression test for this bug.
这篇关于什么是glibc的免费/的malloc / realloc的无效接下来大小/无效指针错误,以及如何解决它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
