[Sussex] More C programming help

Captain Redbeard hairy.one at virgin.net
Thu May 12 22:23:37 UTC 2005 

Alright guys, explain this one!

Here's the original program:

#include <stdio.h>
#include <stdlib.h>

int main()
{
   int i = 0;
   int ArraySize = 100;
   char **CharArray;

   CharArray = (char **) malloc (ArraySize);

   int X = 100;

   for (i=0; i<X; i++)
   {
     CharArray[i] = NULL;
   }

   printf ("free()ing CharArray.\n");
   free (CharArray);
   return 0;
}


This simply creates an array of strings, allocates memory to 
  the array, NULLs every element of the array and then frees 
the memory.  However when I run this I get the following:

free()ing CharArray.
*** glibc detected *** double free or corruption (out): \ 
0x08049710 ***
Aborted

i.e. it got as far as the free() command and then crashed. 
Exploring this a bit I discovered that if I put the value of 
X at 25, that is NULL just the first 25 elements, the 
program compiles and runs fine and Valgrind is also happy 
with it but if I put X=26 then it crashes again.  Further 
exploration revealed that whatever value I put ArraySize at 
the program will ALWAYS crash if X is more than ArraySize/4 
but if X is only ArraySize/4 or less then no crash and no 
errors reported by Valgrind.  This was the case even when I 
put ArraySize = 100,000,000.  If X was 25,000,000 then all 
is OK but if X = 25,000,001 then it crashes.  Looking into 
this further I re-wrote the program as follows:

#include <stdio.h>
#include <stdlib.h>

int main()
{
   int ArraySize = 100;
   char **CharArray;

   CharArray = (char **) malloc (ArraySize);

   int X = 50;

   CharArray[X] = NULL;

   printf ("free()ing CharArray.\n");
   free (CharArray);
   return 0;
}

Now the program runs fine and doesn't crash but Valgrind 
reports a "Invalid write of size 4" in line 13 (CharArray[X] 
= NULL;).  It will do this for ANY value of X that is 
greater then ArraySize/4.  From this it seems that the 
command "(char **) malloc (ArraySize)" only allocates 
ArraySize/4 elements so that if I want to have ArraySize 
elements I should make the line "(char **) malloc 
(ArraySize*4)" which **seems** to work fine but why the hell 
would I need to do that?  What the hell am I missing?



-- 
Captain Redbeard



======================================================
Insomnia - it's not a condition, it's a mentality.
Registered Linux user: 388693.
Registered Linux machines: 289172, 289173.
v2sw5+8C+JGhw5ln4/5pr6/7Ock1ma6/8l6+8Sw3+2e4t2b9Hen4+6
g5+3RHaIr9 Hackerkey.com
======================================================

More information about the Sussex mailing list