Segmentation fault when free

Sat Sep 20 03:03:10 UTC 2008

--- On Sat, 9/20/08, Nash Nipples <trashy_bumper at yahoo.com> wrote:

> From: Nash Nipples <trashy_bumper at yahoo.com>
> Subject: Re: Segmentation fault when free
> To: freebsd-questions at freebsd.org
> Date: Saturday, September 20, 2008, 4:14 AM
> --- On Fri, 9/19/08, Unga <unga888 at yahoo.com> wrote:
> 
> > From: Unga <unga888 at yahoo.com>
> > Subject: Segmentation fault when free
> > To: freebsd-questions at freebsd.org
> > Date: Friday, September 19, 2008, 9:17 AM
> > Hi all
> > 
> > I'm running FreeBSD 7 on i386. I have a C program
> > compiled with gcc 4.2.1 20070719.
> > 
> > Logically my program is:
> > 
> > char *a;
> > char *b;
> > char *c;
> > 
> > while (cond)
> > {
> >  a = f1(); /* malloc() and send a string */
> >  b = f2(); /* malloc() and send a string */
> > 
> >  c = (char *) malloc(strlen(a) + strlen(b) + 1);
> >  c[0] = '\0';
> > 
> >  strcat(c, a);
> >  strcat(c, b);
> > 
> >  free(a);
> >  free(b);
> > }
> > 
> > When it executes free(b), my program exits with
> > Segmentation fault: 11. The free(a) executes well.
> > 
> > The problem is with free(b). Even swap free(b) first
> and
> > free(a) next, it still crashes at free(b).
> > 
> > If I comment out free() lines, further down the
> program,
> > first few characters of one string get dropped when
> executes
> > a completely unrelated line.
> > 
> > How could I bit more narrow down the problem? 
> > 
> > Many thanks in advance.
> > 
> > Kind regards
> > Unga
> > 
> > 
> 
> im affraid i didnt implement your request correctly but the
> program below did not crash my server under root in 60
> seconds
> 
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> 
> char *a;
> char *b;
> char *c;
> 
> char *abd = "Hi, im a string 1\0";
> char *bbd = "Hey, im a string 2\0";
> 
> char *f1(void){
>   char *ab;
>   ab = malloc(strlen (abd));
>   memcpy(ab, abd, strlen(abd));
>   printf("f1(): %s\n", ab);
>   return ab;
> }
> 
> char *f2(void){
>   char *bb;
>   bb = malloc(strlen (bbd));
>   memcpy(bb, bbd, strlen(bbd));
>   printf("f1(): %s\n", bb);
>   return bb;
> }
> 
> int
> main(void)
> {
> 
> while (1)
> {
> 
> a = f1(); /* malloc() and send a string */
> b = f2(); /* malloc() and send a string */
> 
> c = (char *) malloc(strlen(a) + strlen(b) + 1);
> c[0] = '\0';
> 
> strcat(c, a);
> strcat(c, b);
> 
> free(a);
> free(b);
> }
> }
> 

Hi thank you very much for your reply and the test case.

That is, in a trivial case like this, free() works well. Hopefully free() works well in all cases too.

But my main program is 1900 lines, f1() and f2() are in a 2200 lines second file. The f1() and f2() calls some functions from a 500 lines third file. The main program call another function, f3(), from 2nd file, pass pointers to two functions f4(), f5() of main program. The while loop iterate more than one million times. Its quite a complex situation.

There must be an error somewhere else. I noted free() causes lot of troubles. It is easy to write complex programs if you just let to leak memory. But in my case, since the program iterate millions of times, if I let to leak, I'm sure it will run out of RAM.

So the question is, if you were to encounter this issue, how would you approach it and find the culprit? 

I'm using pretty basic tools to write complex programs. I use Kate to write programs, Makefiles to compile, use GCC, and use ddd in case of a trouble.

Best regards
Unga