Application is crashing at assignment of memory to integer pointer variable

mits · #1 22nd April 2009, 12:43 PM

Hi all,

I am facing strange type of issue. As follows:

Application is getting segFault at memory assignment, only some time (Not all the times). Following is the code:

fun1(int ** var)
{
*var = (int *)calloc(1,sizeof(int)); // Here SegFault is coming
}

fun2()
{
int * local=NULL;
fun1(&local);
}

Kernal:
2.6.18-128.1.6.el5 #1 SMP Tue Mar 24 12:05:57 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

Strange thing is segFault is coming sometimes only.
Please give us your valuable help.

Thank You.

stevea · #2 23rd April 2009, 05:25 AM

treak007 is wrong.
You did allocate memory of the int* as an automatic variable called 'local'. You pass the address of the int * as var (an int**). So when you assign "*var = ..." you are assigning a value to the pointer 'local'. There is no problem there.
--
I tried this code, calling fun2 a million times with no error.
How do you cause the problem ? Give a complte example.

The only way I can see to cause a problem is if the pointer 'var' is incorrect (can't happen in the simple example), or id calloc is vailing intrnally (very unlikely).

Run the failure code with 'strace' and safe the result to a file.

This works.

Code:

#include <stdlib.h>

fun1(int ** var)
{
  *var = (int *)calloc(1,sizeof(int)); // Here SegFault is coming
}

fun2()
{
  int * local=NULL;

  fun1(&local);
}

int
main()
{
  int i;

  for(i = 0; i < 1000000; i++)
    fun2();
}

mits · #3 24th April 2009, 08:02 AM

Hi stevea,

Thanks for your reply.

This issue is coming some times. Like code is running 24 hour then one time it is crashing in 24 hours.
Below is the complex code (actual code):

Quote:

// fun1
herror_t
hssl_read(hsocket_t * sock, char *buf, size_t len, int ** received)
{

int count;

if (sock->ssl)
{
if ((count = SSL_read(sock->ssl, buf, len)) < 1)
return herror_new("SSL_read", HSOCKET_ERROR_RECEIVE,
"SSL_read failed (%s)", _hssl_get_error(sock->ssl,
count));
}
else
{
if ((count = hsocket_select_read(sock->sock, buf, len)) == -1)
return herror_new("hssl_read", HSOCKET_ERROR_RECEIVE,
"recv failed (%s)", strerror(errno));
}
/**********debug for crash at *received = count; ***************/
FILE *fp=NULL;
int ret=0;
time_t t_stamp=time(NULL);
char time_str[30]={"NULL"};
struct tm * timeinfo=NULL;

fp=fopen("/var/log/file.log","a+");
timeinfo = localtime ( &t_stamp );
strftime (time_str,80,"%Y-%m-%d %H:%M:%S",timeinfo);
/************************************************** ******************************/

*received = (int *)calloc(1,sizeof(int)); // segFault

if(*received == NULL)
{
*received = (int *)calloc(1,sizeof(int));
fprintf(fp,"%s If addr-of-received:%x count:%d\n",time_str,*received,count);
}

ret=fclose(fp);
**received=count;

return H_OK;

}

// fun2
herror_t
hsocket_read(hsocket_t * sock, byte_t * buffer, int total, int force,
int *received)
{

herror_t status;
size_t totalRead;

int * p_count=NULL;
int count=0;

totalRead = 0;
do
{
if ((status =
hssl_read(sock, &buffer[totalRead], (size_t) total - totalRead,
&p_count)) != H_OK) // function call to first function
{
log_warn2("hssl_read failed (%s)", herror_message(status));
free(p_count);
return status;
}

count = *p_count;

if (!force)
{
*received = count;
free(p_count);
return H_OK;
}

totalRead += count;

if (totalRead == total)
{
*received = totalRead;
free(p_count);
return H_OK;
}
}
while (1);

}

stevea · #4 25th April 2009, 04:56 AM

If your calloc fails and returns NULL, then you try again (which will certainly fail) and the nyou do this.
**received=count;

Which causes a segfault b/c received == NULL.

Sometime the segfault reported location is not perfectly identified.
---
I think you have a memory leak and eventually your program its it's memory quota ,then it fails as above.

Run the program and check if the process size keeps increasing all the time.
Use "valgrind" to debug for memory leaks.

Code:

[root@nidula tmp]# cat t.c
#include <stdio.h>
#include <stdlib.h>

int
main()
{
  int i = 0, *p;

  while(++i) {
    p = calloc(1000000, sizeof(int));
    if(p == NULL) {
      printf("about to die on iteration %d\n", i);
      fsync(stdout);
    }
    *p = 42;
  }
}
[root@nidula tmp]# ./t
about to die on iteration 803
Segmentation fault
[root@nidula tmp]# valgrind ./t
==23364== Memcheck, a memory error detector.
==23364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==23364== Using LibVEX rev 1732, a library for dynamic binary translation.
==23364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==23364== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==23364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==23364== For more details, rerun with: -v
==23364== 
about to die on iteration 766
==23364== Invalid write of size 4
==23364==    at 0x804849E: main (in /tmp/t)
==23364==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==23364== 
==23364== Process terminating with default action of signal 11 (SIGSEGV)
==23364==  Access not within mapped region at address 0x0
==23364==    at 0x804849E: main (in /tmp/t)
==23364== 
==23364== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 12 from 1)
==23364== malloc/free: in use at exit: 3,060,000,000 bytes in 765 blocks.
==23364== malloc/free: 766 allocs, 0 frees, 3,060,000,000 bytes allocated.
==23364== For counts of detected errors, rerun with: -v
==23364== searching for pointers to 765 not-freed blocks.
....

-S

mits · #5 27th April 2009, 04:39 PM

Hi stevea,

This application is very big. There are many malloc's and calloc's.
But application is crashing at this place only.
If this is the case of memory leak and all memory is get consumed then application should crash at any random place each time.
Let me know if I am making mistake.

Still I have started watching memory consumption, to make sure about this doubt.