sysmalloc: Assertion failure on ubuntu environment

3
votes

The C code below runs fine in my mac OS X environment, but if i try to run this code in a ubuntu environment, i get a malloc assert failure whenever i put in even number of inputs, such as "1 2", but odd input "1 2 3" works. the error is.

a.out: malloc.c:2372: sysmalloc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 *(sizeof(size_t))) - 1)) & ~((2 *(sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long) old_end & pagemask) == 0)' failed. Aborted (core dumped)

I have no clue the difference between the OS X and ubuntu environment, so if anybody can point out what's wrong i'd appreciate it. I'm running Ubuntu 14.04. It seems to crash within the y != NULL loop

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>


void free_argv(char **argv,int counter)
{
    int i = 0;
    for(i=0;i<counter;i++)
    {
        free(argv[i]);
    }

    free(argv);
}

int main()
{
    char *line = NULL;
    size_t len = 0;
    ssize_t read;
    char **argv = NULL;
    int counter;
    int status;

    while ((read = getline(&line, &len, stdin)) != -1)
    {

        counter = 1;
        printf("$ ");
        char* x = strtok(line,"\n");

        int i = 0;

        while(x[i] != '\0')
        {
            if(x[i] == ' ')
            {
                counter++;
            }
            i++;
        }


        argv = malloc(sizeof(char*)*(counter+1));

        argv[counter+1] = NULL;

        i = 0;

        char* y = strtok(x," ");

        printf("user input:\n");
        while(y != NULL)
        {
            argv[i] = malloc(sizeof(char)*strlen(y));
            strncpy(argv[i],y,strlen(y));
            printf("      %s\n",argv[i]);
            y = strtok(NULL," ");
            i++;
        }
        free_argv(argv,counter);
    }
    return 0;
}
2
c
argv[i] = malloc(sizeof(char)*strlen(y)); doesnt allocate anough memory , you need + 1 - pm100
BTW strdup will do the malloc and copy for you - pm100
@myaut I can't believe i missed the argv[counter+1] = NULL; THANK YOU! - killerkev

2 Answers

2
votes

Consider using valgrind in such cases - it is very helpful! What it gave to me:

==6454== Invalid write of size 8
==6454==    at 0x4008CE: main (sysmalloc.c:49)
==6454==  Address 0x51e0128 is 0 bytes after a block of size 40 alloc'd
==6454==    at 0x4C2C27B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6454==    by 0x4008B1: main (sysmalloc.c:47)

sysmalloc.c:49 is argv[counter+1] = NULL; - this is line caused problem. Note that in C array indexes start with zero, so for array of length N+1 last index is N. So instead of writing last argv pointer, you wrote NULL to area used internally by sysmalloc and thus caused a fault.

Change this line to argv[counter] = NULL;

Also note comments about strcpy usage.

0
votes

In addition to the argv[counter+1] problem referenced by myaut, these lines:

argv[i] = malloc(sizeof(char)*strlen(y));
strncpy(argv[i],y,strlen(y));
printf("      %s\n",argv[i]);

are printing a string which is not guaranteed to be null-terminated. 

malloc(sizeof(char)*strlen(y));

does not allocate enough space for the null terminator (you would need strlen(y) + 1). The strncpy will not overflow the buffer, but neither will it supply a terminator. The printf() is printing a string which you have not terminated - if it prints the right thing, it is by happenstance that the argv[i] buffer is followed by a zero byte.

Also, I do not think you need the first strtok() call because getline() has done that work for you, and argv is a confusing name for your variable given that it is unlike its common usage as the command-line input. Neither of those things are causing your crash, though.