*** glibc detected *** ./a.out malloc() memory corruption

Applications Programming
1

I am facing a problem of memory corruption. The loop runs for the first time but does not go through the second time. What could be the problem?

for(int z=0;z<2;z++)
{
fp=fopen("poly.dat","r");

/*do something which reads this file into a 2D array*/

fclose(fp);

fp=fopen("poly.dat","w");
/*do something which writes into this file*/

fclose(fp);

printf("\n***********************\n");
}


*** glibc detected *** ./a.out: malloc(): memory corruption: 0x09f901b0 *** 
======= Backtrace: ========= 
/lib/tls/i686/cmov/libc.so.6[0xb7747376] 
/lib/tls/i686/cmov/libc.so.6(__libc_malloc+0x95)[0xb7748ac5] 
/lib/tls/i686/cmov/libc.so.6[0xb7734acf] 
/lib/tls/i686/cmov/libc.so.6(fopen+0x2c)[0xb7734b9c] 
./a.out[0x8048807] 
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb76eb775] 
./a.out[0x8048621] 
======= Memory map: ======== 
08048000-0804a000 r-xp 00000000 08:05 6619566    /home/dare/Desktop/a.out 
0804a000-0804b000 r--p 00001000 08:05 6619566    /home/dare/Desktop/a.out 
0804b000-0804c000 rw-p 00002000 08:05 6619566    /home/dare/Desktop/a.out 
09f90000-09fb1000 rw-p 09f90000 00:00 0          [heap] 
b7500000-b7521000 rw-p b7500000 00:00 0  
b7521000-b7600000 ---p b7521000 00:00 0  
b76b6000-b76c3000 r-xp 00000000 08:05 7225409    /lib/libgcc_s.so.1 
b76c3000-b76c4000 r--p 0000c000 08:05 7225409    /lib/libgcc_s.so.1 
b76c4000-b76c5000 rw-p 0000d000 08:05 7225409    /lib/libgcc_s.so.1 
b76d4000-b76d5000 rw-p b76d4000 00:00 0  
b76d5000-b7831000 r-xp 00000000 08:05 7242659    /lib/tls/i686/cmov/libc-2.9.so 
b7831000-b7832000 ---p 0015c000 08:05 7242659    /lib/tls/i686/cmov/libc-2.9.so 
b7832000-b7834000 r--p 0015c000 08:05 7242659    /lib/tls/i686/cmov/libc-2.9.so 
b7834000-b7835000 rw-p 0015e000 08:05 7242659    /lib/tls/i686/cmov/libc-2.9.so 
b7835000-b7838000 rw-p b7835000 00:00 0  
b7842000-b7849000 rw-p b7842000 00:00 0  
b7849000-b784a000 r-xp b7849000 00:00 0          [vdso] 
b784a000-b7866000 r-xp 00000000 08:05 7225754    /lib/ld-2.9.so 
b7866000-b7867000 r--p 0001b000 08:05 7225754    /lib/ld-2.9.so 
b7867000-b7868000 rw-p 0001c000 08:05 7225754    /lib/ld-2.9.so 
bfb3e000-bfb53000 rw-p bffea000 00:00 0          [stack] 
Aborted
2

The only thing that can be said for certain is that the corruption is occurring in the heap. If you would like useful feedback, post your code instead of hiding it behind comments. And, please, use code tags in your post to preserve the indentation.

Regards and welcome to the forum,
Alister

3 
#include<stdio.h>
	#include<stdlib.h>
	#include<time.h>

	int random_no(int);
	void calc_file_row_col(FILE *,int *,int *);

	int main()
	{
	int i,j,z;
	int temp=0;
	int row,column;

	FILE *fp;
	char x,**a;

	for(z=0;z<2;++z){
	fp=fopen("poly.dat","r");
	
	calc_file_row_col(fp,&row,&column);     //Function which calculates 
                                                      // the no of rows and column of a file
	
        a=calloc(row,sizeof(char *));			// Declare a 2D array of size 
                                                                // row by column   
	for(i=0;i<row;i++)
		a=calloc(column,sizeof(char));

	for(i=0;i<row;i++)				//  Read the elements of file fp into 
		{                                      //  array a
		for(j=0;j<column+1;j++)
			{
			x=getc(fp);
			if(x=='\n')
			{}
			else
			{
			*(*(a+i)+j)=x;
			}
		}}

	fclose(fp);
	fseek(fp,0,SEEK_SET);

	temp=random_no(row);			// Generates a random no. between 0 and row
	printf("temp=%d\n",temp);

	fp=fopen("poly.dat","w");

	for(i=0;i<temp;i++)		//Write elements from 0 to temp and then temp to row in file fp; 
		{
		for(j=0;j<column;j++)
			fprintf(fp,"%c",a[j]);

	fprintf(fp,"\n");
	}

	for(i=temp+1;i<row;i++)
		{
		for(j=0;j<column;j++)
			fprintf(fp,"%c",a[j]);

		fprintf(fp,"\n");
		}	

	fclose(fp);	

	for(i=0;i<row;i++)
	free(a);

	free(a);
	a=NULL;
	}

	return 0;
	}

	int random_no(int range)
	{
	int LOW=0;							
	int r;						
	time_t seconds;                                 
	time(&seconds);                                 
	srand((unsigned int)seconds);                                       
	r = rand() % (range - LOW + 1) + LOW;                       
	return r%range;
	}

	void calc_file_row_col(FILE *poly,int *row,int *column)
	{
	int m=0;
	int n=0;
	char x;
	fseek(poly,0,SEEK_SET);
	while((x=getc(poly))!=EOF)
	{
	if(x=='\n'){
		m++;
		n=0;
		}
	else{
		n++;
		*column=n;
		}
	}
	*row=m;
	printf("row=%d column=%d\n",*row,*column);
	fseek(poly,0,SEEK_SET);
	}

The file poly.dat is:

	00132404 
	00013240 
	00001324 
	a0000132 
	16000013 
	53200001 
	05460000 
	4061a000 
	24062a00 
	32406fe0 
	132407aa 
	0132407d 
	13240860 
	00013240 
	00001324 
	e0000132
4

You are corrupting the heap by calling fseek on a stream that's been closed.

Regards,
Alister

5

Checking the return value of calloc would be a good place to start...

6

For production code, definitely, add the error handling code. For unimportant, personal stuff, I'm sure we all cut corners from time to time.

In this case, unless I'm mistaken, the first calloc of the second loop iteration never returns. When it calls malloc, malloc aborts after detecting corruption caused by fseek writing to memory freed by fclose.

Regards,
Alister

7

It is still better to promote good coding practices IMO...be it dev or prod code among newbie developers otherwise old timers like me get stuck with a lot of cleanup...:frowning:

8

The problem is that the second loop does not even open the file fp for reading. I have checked it by doing the following:

for(z=0;z<2;++z)

           {
              printf("@@@@@@@@@@@@@@@@@@@@@@@@@\n");
             fp=fopen("poly.dat","r");

             ......

              }

For z=0, printf statement gets executes while for z=1, this does not happen. So even the file fp is not opened for reading.

9

Because of buffering, printf is insufficient to determine if fopen was reached. Use strace or similiar to monitor open() syscalls.

Did you try recompiling without the pointless fseek which immediately follows fclose?

Regards,
Alister

10

I tried the code without using fseek but same thing happens.....as I am still in a nascent stage of learning, I am unable to ascertain the usefulness of strace....any help would be great.

11

Hmmm. With your code I was able to reproduce the malloc() corruption error; removing the fseek() call with the pointer to memory free()'d by fclose() fixed the issue.

Regards,
Alister