0

I met with this error in my project. The related codes are as follows: I allocate memory for the pointer "values" as follows:

data->TSSet[0].values = (float *)malloc(sizeof(float)*10000);

Then after using it, I release the values as follows:

free(data->TSSet[0].values);

Then I met with the error munmap_chunk(): invalid pointer Aborted (core dumped). The pointer "values" is valid because when I try to print out the contents in "values", like follows:

for(i=0;i<TSSet[0].length;i++)
    printf("%f\n",TSSet[0].values[i]);

I get the correct output. Why does the error happens? The full version of code is as follows:(I add comments on the key part, if you don't want to read the long code, just jump to the comments) In the main function, I just use ReadCSV(file, &data) to read in data, then immediately call ResetData(&data). Thank you all for helping me!!!!

void ReadCSV(char *file_path, DATA *Data){
    Data->tsname = (char*)malloc(sizeof(char)*MAXNAME);
    Data->TSSet = (TSItem*)malloc(sizeof(TSItem)*MAXNITEM);
    FILE *fp = fopen(file_path, "r");
    if(fp == NULL)
        return ;
    char line[MAXSTRL];
    char *save_ptr,*tk;
    int id = 0, num_class = 0, i,label;
    Data->ls_class = (int *)malloc(sizeof(int)*MAXC);
    Data->num_item = 0;
    Data->length = 0;
    while(fgets(line, sizeof(line), fp)) {
        tk = strtok_r(line,",", &save_ptr);
        if (tk == NULL)
            return ;
        label = atoi(trim(tk));
        Data->TSSet[id].label = label;
        Data->TSSet[id].num_nbr = 0;
        if(IsExist(label,Data->ls_class, num_class) == 0){
            Data->ls_class[num_class] = label;
            num_class++;
        }
        // malloc the memory for values
        Data->TSSet[id].values = (float *)malloc(sizeof(float)*MAXL);
        Data->TSSet[id].knn = (Neighbor*)malloc(sizeof(Neighbor)*MAXK);
        i=0;
        // read in content of values from files
        while(tk!=NULL){
            tk = strtok_r(NULL,",", &save_ptr);
            Data->TSSet[id].values[i] = strtof(trim(tk),NULL);
            i++;
            if(strlen(save_ptr) == 0)
                break;
        }
        Data->TSSet[id].predlbl = -100;
        Data->TSSet[id].conf = 0.0;
        Data->TSSet[id].entropy = 0.0;
        Data->TSSet[id].length = i;
        id++;
    }
    if(fp == NULL)
        printf("NULL!!!!!!!!!!!!!!!!!!!!!\n");
    fclose(fp);
    Data->num_item = id;
    Data->length = i;
    Data->num_class = num_class;
}

void ResetData(DATA *data){
    int i;
    free(data->tsname);
    for(i=0;i<data->num_item;i++){
    // error here
        free(data->TSSet[i].values);
        free(data->TSSet[i].knn);
    }
    free(data->TSSet);
    data->num_item = 0;
    data->num_class = 0;
    free(data->ls_class);
    data->length = 0;
    return;
}
pfc
  • 1,831
  • 4
  • 27
  • 50
  • what's the type of data? – bottaio Mar 27 '16 at 12:30
  • It's a struct, typedef struct { char *tsname; TSItem *TSSet; int num_item; int num_class; int *ls_class; int length; }DATA; – pfc Mar 27 '16 at 12:32
  • edit post and paste it there please – bottaio Mar 27 '16 at 12:32
  • 1
    Just because the data you print seems correct doesn't mean the pointer is actually valid. Without a [Minimal, Complete, and Verifiable Example](http://stackoverflow.com/help/mcve) it's impossible to say what's wrong. – Some programmer dude Mar 27 '16 at 12:33
  • By the way, in C you [don't have to cast the result of `malloc`](http://stackoverflow.com/questions/605845/do-i-cast-the-result-of-malloc). In fact if you forget to include `` it might actually be dangerous. – Some programmer dude Mar 27 '16 at 12:53
  • Thank you all. But I do include the – pfc Mar 27 '16 at 12:59
  • In fact, I test my code in 40 csv files (they are different from each othter). I only meet this error on 1 csv file... – pfc Mar 27 '16 at 13:01
  • Then check that file to see how it differs from the others. Is there a line containing more elements than you allocate for example? You could also use a memory debugger such as [Valgrind](http://valgrind.org/) to help you. – Some programmer dude Mar 27 '16 at 13:05

1 Answers1

0

The first thing that jumps off the page for me is the lack of a bounds check on your outer while loop. I would verify id is not getting too big... at the minimum:

 while(fgets(line, sizeof(line), fp)) { 
   assert( id < MAXC  );  /* (recommend a more "noisy" error message) */
   ...
 }

If id ever gets too big you start entering the realm of undefined behaviors.

Each area malloc() returns has an internal "header" associated with it, giving at the minimum the bytes of memory free is to release. If you walk over this all sorts of strange things can occur, especially on free() calls.

Gilbert
  • 3,740
  • 17
  • 19