C语言 free() 后出现分段错误,常见原因有哪些?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2307545/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Segmentation fault after free(), what are the common causes for this?
提问by Pieter
I get a segmentation fault after freeing a certain pointer:
free输入某个指针后出现分段错误:
free(studentDB->name);
I can get its value without any errors or warnings:
我可以在没有任何错误或警告的情况下获得它的值:
printf("[DBG] studentDB->name: %s\n", studentDB->name);
However, as I said, the program crashes when I try to free it. What are the most common causes for a freecommand leading to a segmentation fault?
但是,正如我所说,当我尝试释放它时,程序会崩溃。free导致分段错误的命令的最常见原因是什么?
回答by Carl Norum
If you didn't malloc()it, you can't free()it. Where does studentDB->namecome from?
如果你没有malloc(),你就做不到free()。哪里studentDB->name来的呢?
回答by Arthur Kalliokoski
You've probably either free()'ed it already, or overwritten the malloc info preceding the block with a buffer overrun
您可能已经对其进行了 free() 处理,或者使用缓冲区溢出覆盖块前的 malloc 信息
回答by Alexander Gessler
Usually heap corruption somewhere else in the program. The heap is usually continous and the heap manager surrounds heap blocks with headers to track the blocks- If you overwrite the header of the block, access to it is fine, but freeis most likely to fail.
通常在程序中的其他地方堆损坏。堆通常是连续的,堆管理器用头包围堆块以跟踪块 - 如果覆盖块的头,访问它是好的,但free最有可能失败。
回答by t0mm13b
Has studentDB->namebeing allocated previously? If you did not allocate memory for that field, chances are when you called free, you end up with a seg-fault! Please check on that field and make sure it has being mallocd or strdupd.
之前有studentDB->name分配过吗?如果您没有为该字段分配内存,则很可能在您调用 时free,最终会出现段错误!请检查该字段并确保它是mallocd 或strdupd。
Or that there is a corruption elsewhere on the heap, that coincided with this as you rightly pointed out you can see the value of name...
或者堆上的其他地方存在损坏,与此相符,正如您正确指出的那样,您可以看到name...
Hope this helps, Best regards, Tom.
希望这会有所帮助,最好的问候,汤姆。
回答by Platinum Azure
Could also be that accessing the name member of the studentDB pointer is a segfault if studentDB is NULL.
如果 studentDB 为 NULL,则访问 studentDB 指针的 name 成员也可能是段错误。
回答by Arun
From manpage:
从联机帮助页:
free( ptr ) frees the memory space pointed to by ptr, which must have been returned by a previous call to malloc(), calloc() or realloc(). Otherwise, or if free(ptr) has already been called before, undefined behaviour occurs. If ptr is NULL, no operation is performed.
free( ptr ) 释放 ptr 指向的内存空间,该内存空间必须由先前对 malloc()、calloc() 或 realloc() 的调用返回。否则,或者如果之前已经调用过 free(ptr),则会发生未定义的行为。如果 ptr 为 NULL,则不执行任何操作。
One can also check:
还可以检查:
- Is studentDB a non-NULL pointer to a class/struct containing a member "name"?
- Is the space pointed to by studentDB->name was returned by malloc/calloc/realloc?
- studentDB 是指向包含成员“名称”的类/结构的非空指针吗?
- studentDB->name 指向的空间是由 malloc/calloc/realloc 返回的吗?
回答by Kyle Lutz
A segfault from freecan be caused by calling it on a pointer that was not allocated with malloc, or had been free'd already.
段错误 fromfree可能是通过在未分配malloc或已经分配的指针上调用它引起的free。
It would help if you posted the code where studentDB->namewas allocated.
如果您在studentDB->name分配的位置发布代码会有所帮助。
