Invalid free() / delete / delete[] / realloc() error when calling a function

Question

when I am running the below code, I am getting the following memory error:

Filling an array at address 0x7ff0005c0 with 10 values
Done!
Filling an array at address 0x7ff0005bc with 1 values
Done!
Filling an array at address 0x7ff0005a0 with 4 values
Done!
Filling an array at address 0x4c30040 with 5 values
Done!
Filling an array at address 0x7ff000598 with 16 values
Done!
==30871== Invalid free() / delete / delete[] / realloc()
==30871==    at 0x4A07786: free (vg_replace_malloc.c:446)
==30871==    by 0x40081A: main (arrays.c:142)
==30871==  Address 0x500000002 is not stack'd, malloc'd or (recently) free'd
==30871== 
==30871== 
==30871== HEAP SUMMARY:
==30871==     in use at exit: 16 bytes in 1 blocks
==30871==   total heap usage: 2 allocs, 2 frees, 36 bytes allocated
==30871== 
==30871== LEAK SUMMARY:
==30871==    definitely lost: 16 bytes in 1 blocks
==30871==    indirectly lost: 0 bytes in 0 blocks
==30871==      possibly lost: 0 bytes in 0 blocks
==30871==    still reachable: 0 bytes in 0 blocks
==30871==         suppressed: 0 bytes in 0 blocks
==30871== Rerun with --leak-check=full to see details of leaked memory
==30871== 
==30871== For counts of detected and suppressed errors, rerun with: -v
==30871== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

The code is given below:

#include <assert.h>
#include <stdio.h>
#include <stdlib.h>

void fillArray(int* array, int len) {
  printf("Filling an array at address %p with %d "
         "values\n", array, len);
  for (int i = 0; i < len; ++i) {
    array[i] = i * 3 + 2;
    assert(array[i] == i * 3 + 2);
  }
  printf("Done!\n");
}


typedef struct {
  int a, b, c, d;
} FourInts;


int main(int argc, char* argv[]) {
  int array[10];

  fillArray(array, 10);

  int value;
  fillArray(&value, 1);
  assert(value == 2);

  FourInts four_ints;

  four_ints.a = 0;
  assert(four_ints.a == 0);

  fillArray((int*) &four_ints, 4);

  assert(four_ints.a == 2);
  assert(four_ints.b == 5);
  assert(four_ints.c == 8);
  assert(four_ints.d == 11);


  int* heap_array = (int*) malloc(sizeof(int) * 5);
  fillArray(heap_array, 5);

  free(heap_array);    
  FourInts* heapstruct=(FourInts*)malloc(sizeof(FourInts));
  fillArray((int*)&heapstruct,sizeof(FourInts));
  free(heapstruct);
  return 0;
}

I cannot quite figure out how the memory leak is occurring. Any help regarding this would be appreciated!

http://stackoverflow.com/questions/605845/do-i-cast-the-result-of-malloc — mch, Jul 10 '14 at 14:41
change to `fillArray((int*)heapstruct,sizeof(FourInts)/sizeof(int));` — BLUEPIXY, Jul 10 '14 at 14:49
@unwind It's a contended issue and has nothing to do with the OP's problem. — Peter - Reinstate Monica, Jul 10 '14 at 14:51

score 2 · Accepted Answer · answered Jul 10 '14 at 14:41

2

heapstruct is already a pointer, so

fillArray((int*)&heapstruct,sizeof(FourInts));

is taking the address of a pointer (resulting in a pointer to a pointer). This is causing you to muck with memory you shouldn't be accessing.

Change it to

fillArray((int*)heapstruct,sizeof(FourInts));

answered Jul 10 '14 at 14:41

Jeffery Thomas

42,202
8
92
117

3

len parameter is `sizeof(FourInts)/sizeof(int)` – BLUEPIXY Jul 10 '14 at 14:50

score 1 · Answer 2 · answered Jul 10 '14 at 14:47

1

In addition to @Jefferey's answer, you use sizeof(FourInts) a upper bound for indexing the ints in it which makes you run out of bounds. Correct (well, less incorrect) is sizeof(FourInts)/sizeof(int).

answered Jul 10 '14 at 14:47

Peter - Reinstate Monica

15,048
4
37
62

Invalid free() / delete / delete[] / realloc() error when calling a function

2 Answers2