Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

free(): invalid pointer problem

Status
Not open for further replies.

Biogenicsoup

Programmer
Jul 4, 2005
6
DK
Hi all

I am currently working on a program where i use a lot of different vectors. Most of my program runs perfectly but one particular vector is causing trouble when i try to deallocate it.

the structure of a vector is pretty straight forward

Code:
typedef struct vector
{ int type;
  int size;
  void* array;
} vector;

My deallocation method looks like this (scaled down for debugging)

Code:
void DeallocVector(vector* vec)
{ global.alloc--;
  global.vector--;
  global.vecsize-=sizeof(vector)*vec->size;
  global.heapsize-=sizeof(vector)*vec->size;

  if(vec->type==CHAR)
    { DeallocCharArray(vec->array, vec->size);
    }

  if(vec->type==INT)
    { DeallocIntArray(vec->array, vec->size);
    }

  if(vec->type==DOUBLE)
    { DeallocDoubleArray(vec->array, vec->size);
    }
  free(vec);
}

Everyting runs smmothly until i reach the final free(vec) command, where the error occurs.

I dont know if this will help, byt here is the output from gdb when running through the DeallocVector method.

Breakpoint 2, DeallocVector (vec=0x6000000000010340) at deallocation.c:6
6 global.vector--;
(gdb) disp vec->type
1: vec->type = 1
(gdb) disp vec->size
2: vec->size = 4
(gdb) disp vec
3: vec = (vector *) 0x6000000000010340
(gdb) disp ((int*)vec->array)[0]
4: ((int *) vec->array)[0] = 0
(gdb) n
7 global.vecsize-=sizeof(vector)*vec->size;
4: ((int *) vec->array)[0] = 0
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
8 global.heapsize-=sizeof(vector)*vec->size;
4: ((int *) vec->array)[0] = 0
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
10 if(vec->type==CHAR)
4: ((int *) vec->array)[0] = 0
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
14 if(vec->type==INT)
4: ((int *) vec->array)[0] = 0
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
15 { DeallocIntArray(vec->array, vec->size);
4: ((int *) vec->array)[0] = 0
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
18 if(vec->type==DOUBLE)
4: ((int *) vec->array)[0] = 89952
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
21 free(vec);
4: ((int *) vec->array)[0] = 89952
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
free(): invalid pointer 0x6000000000010340!
22 }
4: ((int *) vec->array)[0] = 89952
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)
22 }
4: ((int *) vec->array)[0] = 89952
3: vec = (vector *) 0x6000000000010340
2: vec->size = 4
1: vec->type = 1
(gdb)

 
In your DeallocVector() function, try this and see if the problem still happens:
Code:
void DeallocVector( vector* vec )
{
  if ( vec != NULL )
  {
    --global.alloc;
    --global.vector;
    global.vecsize -= sizeof(vector)* vec->size;
    global.heapsize -= sizeof(vector)* vec->size;

    if ( vec->type == CHAR )
    {
      DeallocCharArray( vec->array, vec->size );
    }

    if ( vec->type == INT )
    {
      DeallocIntArray( vec->array, vec->size );
    }

    if ( vec->type == DOUBLE )
    {
      DeallocDoubleArray( vec->array, vec->size );
    }

    free( vec );
    vec = NULL;
  }
}
 
Thanks for the quick reply, but that does not make any difference.
 
Which OS/Compiler are you running with at the moment?


--
 

Hardware: SGI Altix 3700
OS: SuSE Linux ES9, SP1, kernel 2.6.5-7.139-sn2
Compiler: GCC v.3.3.3 and ICC v.8.1

Both compilers produce the same problem.

ICC is the Intel C++ Compiler for Linux Systems
 
On your linux system, do
[tt]gcc -g prog.c -lefence[/tt]
and run the resultant program in the debugger.

Electric Fence ([tt]man efence[/tt]) spots a number of malloc related problems at the point the problem occurs, rather than the usual much later on when you next call a malloc/free and those routines trip up over a damaged memory pool.

When run within the debugger, you should be taken to the actual line of code which "did the deed".

--
 

That sounds like a very usefull application. Unfortunaltely it exist on neither the SGI or my local Cygwin build :-(

I have started to install Fedora core 4 on my own system as it appears that Electric fence is availeble on that build.

I'll post when i know more.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top