C语言 分析 valgrind 输出:“invalid free()”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15622215/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Analyze valgrind output: "invalid free()"
提问by Fabio Carello
I have this strange error found by valgrind on a (stupid) authentication module which makes some on heap allocations.
我在一个(愚蠢的)身份验证模块上发现了 valgrind 发现的这个奇怪的错误,该模块在堆分配上做了一些。
==8009== Invalid free() / delete / delete[] / realloc()
==8009== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8009== by 0x40263F: authenticate (server_utils.c:109)
==8009== by 0x401A27: main (server.c:240)
==8009== Address 0x51f1310 is 0 bytes inside a block of size 18 free'd
==8009== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8009== by 0x402633: authenticate (server_utils.c:108)
==8009== by 0x401A27: main (server.c:240)
=8009==
==8009== Invalid free() / delete / delete[] / realloc()
==8009== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8009== by 0x40264B: authenticate (server_utils.c:110)
==8009== by 0x401A27: main (server.c:240)
==8009== Address 0x51f1319 is 9 bytes inside a block of size 18 free'd
==8009== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8009== by 0x402633: authenticate (server_utils.c:108)
==8009== by 0x401A27: main (server.c:240)
==8009==
==8009== Invalid free() / delete / delete[] / realloc()
==8009== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8009== by 0x402657: authenticate (server_utils.c:111)
==8009== by 0x401A27: main (server.c:240)
==8009== Address 0x51f131e is 14 bytes inside a block of size 18 free'd
==8009== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8009== by 0x402633: authenticate (server_utils.c:108)
==8009== by 0x401A27: main (server.c:240)
==8009== ...
From what I understand he says I do three invalid free() on lines 109-110-111. The error should be that I try to free up more space than is actually allocated, but I can not decide how much space deallocate. Also I do not understand why then it refers to line 108 (which is also a free()).
据我了解,他说我在第 109-110-111 行做了三个无效的 free()。错误应该是我尝试释放比实际分配更多的空间,但我无法决定释放多少空间。我也不明白为什么它指的是第 108 行(这也是一个 free())。
This is from the documentation (Invalid free):
这是来自文档(无效免费):
Memcheck keeps track of the blocks allocated by your program with malloc/new, so it can know exactly whether or not the argument to free/delete is legitimate or not. Here, this test program has freed the same block twice. As with the illegal read/write errors, Memcheck attempts to make sense of the address freed. If, as here, the address is one which has previously been freed, you wil be told that -- making duplicate frees of the same block easy to spot.
You will also get this message if you try to free a pointer that doesn't point to the start of a heap block.
Memcheck 使用 malloc/new 跟踪程序分配的块,因此它可以准确知道 free/delete 的参数是否合法。在这里,这个测试程序已经两次释放了同一个块。与非法读/写错误一样,Memcheck 尝试理解释放的地址。如果像这里一样,地址是先前已释放的地址,您将被告知——使同一块的重复释放很容易被发现。
如果您尝试释放不指向堆块开头的指针,您也会收到此消息。
I can not really imagine how be in one of these cases.
我真的无法想象在其中一种情况下会怎样。
/* Authentication through <user_id:password:flag>
* Returns 1 on success, -1 if user_id doesn't exist, -2 on password mismatch
* On success sets access_permissions
*/
int authenticate(USR_PSW *received, int *access_permissions) {
/*Users file opening*/
FILE *fd;
fd = fopen(USERS_FILE, "r");
if (fd == NULL) {
fprintf(stderr, "Users file opening error\n");
exit(EXIT_FAILURE);
}
char *usr_psw_line = malloc(USR_SIZE + PSW_SIZE + 3 + 1);
if (usr_psw_line == NULL) {
fprintf(stderr, "Dynamic alloc error\n");
exit(EXIT_FAILURE);
}
char *usr_tok = malloc(USR_SIZE);
if (usr_tok == NULL) {
free(usr_psw_line);
fprintf(stderr, "Dynamic alloc error\n");
exit(EXIT_FAILURE);
}
char *psw_tok = malloc(PSW_SIZE);
if (psw_tok == NULL) {
free(usr_psw_line);
free(usr_tok);
fprintf(stderr, "Dynamic alloc error\n");
exit(EXIT_FAILURE);
}
char *flg_tok = malloc(sizeof (char) *2);
if (flg_tok == NULL) {
free(usr_psw_line);
free(usr_tok);
free(psw_tok);
fprintf(stderr, "Dynamic alloc error\n");
exit(EXIT_FAILURE);
}
/*Reading from file <user_id:password:flag> */
while (fgets(usr_psw_line, USR_SIZE - 1 + PSW_SIZE - 1 + 3 + 1, fd) != NULL) {
usr_tok = strtok(usr_psw_line, ":");
if (strcmp(usr_tok, received->user_id) == 0) {
/*user_id found, password check*/
psw_tok = strtok(NULL, ":");
/*password match*/
if (strcmp(psw_tok, received->password) == 0) {
flg_tok = strtok(NULL, ":");
*access_permissions = atoi(flg_tok);
free(usr_psw_line); //108
free(usr_tok);//109
free(psw_tok);//110
free(flg_tok);//111
fclose(fd);
return AUTHENTICATED;
} else { //password unmatch
free(usr_psw_line);
free(usr_tok);
free(psw_tok);
free(flg_tok);
fclose(fd);
return INVALID_PSW;
}
} else {
fseek(fd, 1, SEEK_CUR);
continue;
}
}
/*EOF Reached without match*/
free(usr_psw_line);
free(usr_tok);
free(psw_tok);
free(flg_tok);
fclose(fd);
return INVALID_USR;
}
The header file:
头文件:
#ifndef __SERVER_UTILS_H__
#define __SERVER_UTILS_H__
#define USR_SIZE 9
#define PSW_SIZE 5
/*Authentication data structure definition*/
typedef struct{
char user_id[USR_SIZE]; // eg: user_123
char password[PSW_SIZE]; // eg: a1b2
} USR_PSW;
#define NM_MAX_SIZE 17
#define NR_MAX_SIZE 11
/*System record structure*/
typedef struct{
char first_name[NM_MAX_SIZE];
char last_name[NM_MAX_SIZE];
char number[NR_MAX_SIZE];
}TBOOK_RECORD;
/*Session status flags*/
#define NOT_AUTHENTICATED 0
#define AUTHENTICATED 1
#define INVALID_USR 2
#define INVALID_PSW 3
/*Persmissions flags*/
#define NO_PERM 0
#define READ_WRITE 1
#define O_WRITE 2
#define O_READ 3
/*Contains <user_id:password,flag> triplets stored in server */
#define USERS_FILE "users.txt"
/*Contains all telbook records <first_name:last_name:phone_number>*/
#define RECORDS_FILE "records.txt"
/*Single records file line max length (before \n) */
#define RECFILE_LINE_MAX_LEN 2*NM_MAX_SIZE+NR_MAX_SIZE+3+1;
/*Client operation*/
#define NO_OP 0
#define SEARCH_BY_NAME 1
#define SEARCH_BY_NUMBER 2
#define INSERT_RECORD 3
/*
* Returns number of bytes copied into buffer (excluding terminating null byte),
* or 0 on EOF, or -1 on error.
* size_t : used for sizes of objects.
* ssize_t: used for a count of bytes or an error indication (-1).
*/
ssize_t readline(int fd, void *buffer, size_t n);
/* Authentication through <user_id:password:flag>
* Returns 1 on success, -1 if user_id doesn't exist, -2 on password mismatch
* On success sets access_permissions
*/
int authenticate(USR_PSW *received, int *access_permissions);
int close_session(int sock_ds);
int search_by__(int op_code, TBOOK_RECORD *rc_rcvd, TBOOK_RECORD *rc_rspn
, FILE *fd, char *file_line);
int insert_record(TBOOK_RECORD *rc_rcvd);
#endif /* __SERVER_UTILS_H__ */
回答by Kevin
usr_tok = strtok(usr_psw_line, ":");
...
psw_tok = strtok(NULL, ":");
You are overwriting your pointer to your malloced memory (thereby leaking it) with a pointer elsewhere. Then you are trying to freethat pointer you received from elsewhere, which is (as valgrind says) invalid.
您正在用malloc其他地方的指针覆盖指向ed 内存的指针(从而泄漏它)。然后你试图free指向你从其他地方收到的那个指针,这是(正如 valgrind 所说)无效的。
回答by Pradheep
To add to the above answer just make sure you fclose (fp) in all the cases where you have a return statement
要添加到上述答案中,请确保在所有具有 return 语句的情况下都使用 fclose (fp)
回答by FELIPE_RIBAS
When you use strok() you are changing the pointer address. This way you may not point to the entire block when you call free(). You may use auxiliar pointers to store strok() return values and then you can use the original pointers to free() all the allocated space correclty.
当您使用 strok() 时,您正在更改指针地址。这样,当您调用 free() 时,您可能不会指向整个块。您可以使用辅助指针来存储 strok() 返回值,然后您可以使用原始指针指向 free() 正确分配的所有空间。
