corrupted double-linked list after use fclose();

Question

I have got problem in my program. After I use function fclose() I got error:

"* Error in `./server': corrupted double-linked list: 0x000000000251a230 * Przerwane (zrzut pamięci)"

If i delete fclose() function everythink is OK. This is code of my fuction:

FILE *fHandler;
struct udp_message **returnArray;
struct udp_message *message;
char *line = NULL;
uint32_t linesNum;
uint32_t i = 0;
size_t length; 
ssize_t read;

fHandler = fopen(filePath, "r");
if (fHandler == NULL) {
    perror("ERROR");
    return NULL;
}

returnArray = malloc(sizeof(struct udp_message *)*CONSOLE_BUFFER);
message = malloc(sizeof(struct udp_message));

while ((read = getline(&line, &length, fHandler)) != -1) {
    message = (struct udp_message *)line;
    if (message->messageTime < aboveTime) {
        continue;
    }

    returnArray[i] = malloc(sizeof(struct udp_message));
    memcpy(returnArray[i++], message, sizeof(struct udp_message));
}

memcpy(messageNum, &i, sizeof(i));
fclose(fHandler);

return returnArray;

ameyCU · Accepted Answer · 2016-01-01T18:13:26.560

2

See this part of your code-

message = malloc(sizeof(struct udp_message));       /* <--- 1 */

while ((read = getline(&line, &length, fHandler)) != -1) {
   message = (struct udp_message *)line;            /*  <--- 2.  */
   if (message->messageTime < aboveTime) {
       continue;
   }

You allocate memory to message (see point 1.) , but then in while loop you make it point to line (point 2.).

So you loose reference to previously allocated memory (and both these pointers point to same memory location), and hence if you free them ,it will free the same memory causing double free of same memory location.

So , if you want to make message to point line , then don't allocate memory to message.

edited Jan 01 '16 at 18:13

answered Jan 01 '16 at 18:08

ameyCU

16,489
2
26
41

@DanielHornik Welcome :-) – ameyCU Jan 01 '16 at 18:30
You have a good point, but reading the udp message with `getline` is still inconsistent with the rest of the code, and the loop does not test if `i` becomes too large. Chances are the code is not really *working*, it just does not crash anymore. – chqrlie Jan 01 '16 at 18:49
@chqrlie That is true , as value of `CONSOLE_BUFFER` is unknown to us ,therefore without a check for `i` could result in out of bound access causing undefined behaviour . – ameyCU Jan 02 '16 at 04:17

score 0 · Answer 2 · answered Jan 01 '16 at 18:01

0

May be worth checking object is not null

if(fHandler != NULL)
    fclose(fHandler);

answered Jan 01 '16 at 18:01

Konstantin Kulakov

136
1
8

score 0 · Answer 3 · answered Jan 01 '16 at 18:03

It is unlikely you can read your binary UDP messages with getline. There is a chance the while loop iterates more than CONSOLE_BUFFER times and you write beyond the end of the returnArray, corrupting the heap internal structures. fclose() frees the buffer associated with the stream, free crashes because of the heap corruption.

Incidentally, memcpy(messageNum, &i, sizeof(i)); is probably incorrect. You did not post the function prototype, but you should set the number of messages stored in returnArray with *messageNum = i;, especially if the type is not uint32_t *.

corrupted double-linked list after use fclose();

3 Answers3