Re: segmentation fault in strcmp()

mohangupta13 wrote:
....
now i get an error like ****** free:invalid next size
(fast) .....********
at some different place. Though I am quite sure that the object being
freed at the point where this error occurs is surely allocated by
malloc and is not doubly freed ....as i can use gdb to print the
various fields using the pointer in question..(.after the crash using
backtrace)

Now can anyone please clear few doubts of mine:

1. What is the meaning of such an error like invalid next size(fast) /
invalid next size(normal) etc etc..

It means that the free() is trying to figure out the size of the next block of memory in the heap; information it needs in order to complete the process of freeing the memory you've asked it to release. Unfortunately, the piece of memory where it is looking for that information contains an invalid value. Since the place where it looks is determined in part by the pointer that you pass to free(), one possibility is that you're passing the wrong pointer to free(); another possibility is that the memory where that information was stored has become corrupted. There's several ways in which this can happen:

If char* p=malloc(N), executing an expression like "p[i] = expression" could cause such a problem if i<0 || i>=N.

If p is not a pointer returned by a call to malloc() (or calloc() or realloc()), then free(p) could cause this problem.

If p used to point into a block of memory allocated by malloc(), calloc(), or realloc(), but that memory has since been free()d, then free(p) could cause this problem. So could "p[i] = expression", regardless of the value of i.

2. Is it really occurring because of the call to free which i get
using backtrace or the actual cause may have been long bypassed
somewhere else and it ends up showing its side effects here.

While the problem is being detected in your call to free(), the actual defect that caused the problem may have occurred long before the call to free(), in some completely unrelated part of your program. This is what makes problems like this so hard to track down.
.

Relevant Pages

  • Re: sizeof(ptr) = ?
    ... The value returned by malloc() is of type 'void*', ... The memory is typeless until an object has been written ... Since 'void' is defined to be an incomplete ... an lvalue of a complete type, there must be a pointer conversion ...
    (comp.lang.c)
  • Re: Simple question, err... I think
    ... One assumption is then that client code should leak memory. ... Given that there's no deallocation for these RB trees, ... a pointer to an invalid tree and it might segfault. ...
    (comp.programming)
  • Re: Checking validity of a file pointer
    ... because the pointer looks valid. ... detected (preferably by having fclose return an error indication ... if the buffer of the file is returned from the malloc() function, ... with memory returned from mallocfunction in that buff ...
    (comp.lang.c)
  • Re: memory allocation wrapper
    ... I've written a wrapper for malloc and friends. ... The reason for doing writing this so that newbies ... How do I know how much memory a pointer points to? ...
    (comp.lang.c)
  • Re: 2D array of structures
    ... Don't cast the return value of malloc(), ... you allocate here memory for 7 such structures. ... a pointer to the start of this memory, which is of type 'STRUCTURE *' ...
    (comp.lang.c)