Re: realloc(): invalid next size


In article <e1g4q3$d81e$1@xxxxxxxxxxxxxxxxx>, Deephay <tudoxxx@xxxxxxxxx> writes:

I have a program that used the realloc() function to change the
allocated size of a buffer, the program works with some arguments, but
with some other arguments, it will show me the error message like:

*** glibc detected *** realloc(): invalid next size: 0x0804c3a8 ***

glibc is off-topic for comp.lang.c, but this is glibc telling you
that you have invoked Undefined Behavior. Probably you have
corrupted glibc's housekeeping data by performing an illegal
operation on an object with dynamic storage duration, such as writing
past the end of an allocated area.

and then I inserted a perror("realloc") to see what happend, it says that:

What will happen is that you will get a meaningless message written
to stderr. realloc does not set errno, so perror will report whatever
happens to have already been in errno.

the realloc() is in a loop:

for (m = 0; m < len; m++) {
if (isspace(data[m]) || ispunct(data[m]) ||
isdigit(data[m]))
printf("%c", data[m]);
else {
p = min(strcspn(&data[m], " "),
strcspn(&data[m], "\t"),
strcspn(&data[m], "\r"),
strcspn(&data[m], "\n"));
key = realloc(key, p);

Wrong for two reasons. You failed to check whether realloc
succeeded, and if it failed, you just lost the old value of "key"
and so introduced a memory leak.

The result of realloc should always be stored in a temporary
variable and should be checked for null. If it is null, remember
to free the old value:

char *newkey;
newkey = realloc(key, p);
if (! newkey)
{
free(key);
[perform error handling]
}
key = newkey;

strncpy(key, &data[m], p);
key[p] = '\0';

You just wrote past the end of the allocated area. Since key is an
area of p bytes, valid indices are 0 through p-1, inclusive.

and the "key" is already malloced before the loop:

char *key = malloc(1);

Did you check to see whether malloc succeeded?

Any suggestion could be helpful, thx very much!

Read the comp.lang.c FAQ (http://www.c-faq.com is one source). Get a
copy of the C standard. C makes little effort to protect you from
yourself; you will only produce reliable, correct C code by learning
the language and its pitfalls.

--
Michael Wojcik michael.wojcik@xxxxxxxxxxxxxx

The lecturer was detailing a proof on the blackboard. He started to say,
"From the above it is obvious that ...". Then he stepped back and thought
deeply for a while. Then he left the room. We waited. Five minutes
later he returned smiling and said, "Yes, it is obvious", and continued
to outline the proof. -- John O'Gorman
.

Relevant Pages

  • Re: realloc(): invalid next size
    ... I have a program that used the realloc() function to change the ... char *newkey; ... newkey = realloc; ... You just wrote past the end of the allocated area. ...
    (comp.lang.c)
  • Re: realloc(): invalid next size
    ... char *newkey; ... newkey = realloc; ... Doesn't realloc(), when it doesn't fail, call freeall by itself ...
    (comp.lang.c)
  • Re: realloc(): invalid next size
    ... newkey = realloc; ... Also suppose the reallocated memory doesn't ... The code above only frees key if realloc failed. ... If the reallocation fails and NULL is assigned to newkey, ...
    (comp.lang.c)
  • Re: realloc(): invalid next size
    ... char *newkey; ... newkey = realloc; ... The code above only frees key if realloc failed. ...
    (comp.lang.c)
  • Re: Bug analysis
    ... char *ReadTextFile ... while (fgets(buffer, sizeof buffer, fp) { ... and in my view it /is/ a bug. ... Well, no, it is better to change the realloc. ...
    (comp.lang.c)