Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

realloc() : invalid next size Aborted (core dumped)

byMR
November 4, 2023

I’m Tryng to write a code that have to expand the memory of a malloc array of 1 for some cicles of a loop (i need to store the zeros of a function). but after compiling this error occurs:

realloc(): invalid next size
Aborted (core dumped)

have someone an idea of the reasons of this error?

here’s the the code:

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

#include <stdio.h>
#include <stdlib.h>
#include <math.h>

#define ARGMAX 5
#define ARGUMENTS_ERROR -3
#define REALLOC_FAILURE -2

typedef struct{
  double x;
  double y;
}point;



point Func(point p,double dt);
double Tzero(double x1,double x2,double dt,int i);

//START
int main(int argc,char* argv[]){

  int n,i,nzeri=0;
  point p,pp;
  double *tzeri, *temp;
  tzeri=(double *)malloc(0*sizeof(double));
  pp.x=atof(argv[1]);
  pp.y=atof(argv[2]);
  double dt=atof(argv[3]);
  double tmax=atof(argv[4]);

  n=(int)tmax/dt;
  for(i=0;i<n;i++){
    p=Func(pp,dt);
    printf("%lf %lf\n",dt*(i+1),p.x);
    if(pp.x*p.x<=0.){
      nzeri++;
      temp=(double *)realloc(tzeri,nzeri*sizeof(double));
      if(temp==NULL){
    printf("--------ERROR-------\nrealloc failed\n");
    exit(REALLOC_FAILURE);
      }
      tzeri[nzeri-1]=Tzero(pp.x,p.x,dt,i);
      printf("----------\n%d %lf\n----------\n",nzeri,tzeri[nzeri-1]);
    }
    
    pp.x=p.x;
    pp.y=p.y;
  }
  
}//END


point Func(point p,double dt){
  point p2;
  p2.x=p.x-0.1;
  if(p2.x<-3)p2.x=3.;
  return p2;
}


double Tzero(double x1,double x2,double dt,int i){
  double d,t;
  d=x1*dt/(x1-x2);
  t=dt*i+d;
  return t;
}

I expect the size of tzeri to grow by one ‘cell’ (one sizeof(double)) in a way like nzeri, but it seems to work just until the fifth reallocation, so it can’t be a syntax error.

hope for news soon, thanks

—-UPDATES—-

i build the program with the debugging parameters -g -fsanitize=address and i got this:

==6465==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000010 at pc 0x55fe8cdcc642 bp 0x7fff53fd3280 sp 0x7fff53fd3270                   
WRITE of size 8 at 0x602000000010 thread T0                                  
    #0 0x55fe8cdcc641 in main /home/gerry/Desktop/FisComp/2088811/error.c:42
    #1 0x7ff3aaa29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #2 0x7ff3aaa29e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #3 0x55fe8cdcc244 in _start (/home/gerry/Desktop/FisComp/2088811/a.x+0x1244)

0x602000000011 is located 0 bytes to the right of 1-byte region [0x602000000010,0x602000000011)                                                           
freed by thread T0 here:                                                     
    #0 0x7ff3aaeb4c38 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x55fe8cdcc5a6 in main /home/gerry/Desktop/FisComp/2088811/error.c:37
    #2 0x7ff3aaa29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

previously allocated by thread T0 here:
    #0 0x7ff3aaeb4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55fe8cdcc3b6 in main /home/gerry/Desktop/FisComp/2088811/error.c:25
    #2 0x7ff3aaa29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free /home/gerry/Desktop/FisComp/2088811/error.c:42 in main
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa[fd]fa fa fa 00 fa fa fa fa fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==6465==ABORTING

Someone can find the error?

>Solution :

Your code never assigns a new value to tzeri. It first sets tzeri with tzeri=(double *)malloc(0*sizeof(double));. Later, it allocates new space with temp=(double *)realloc(tzeri,nzeri*sizeof(double));, but it never assigns that value to tzeri. After checking that temp is not null, you need tzeri = temp;.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading