0

I wrote an "Anti Virus" (not a real one - just to learn) which uses the heap and sometimes when it needs to use the heap it's break with the message on the topic then it gives me the message: "Debug Assertion Failed" and: "expression: _crtisvalidheappointer(puserdata)" and i realy don't know why... In the code it's happen in the function run when the while loop is on his 5th iteration in this line:

if (!(results = (char**)realloc(results, sizeof(results) + sizeof(char*))))

The function:

void run(char* dir_path, char* virus_path, char mode)
{
    DIR* dir = NULL;
    FILE* virus = NULL;
    struct dirent* cur_file;  // cur_file is a pointer for struct dirent which represnts the file we are checking now (current file)
    char** results = NULL;  // resullts will be an array of strings to write in the log
    int results_len = 0, i = 0;
    char* file_path = NULL;

    //checks the arguments:
    if (!(dir = opendir(dir_path)))  // argv[1] should be the directory
    {
        printf("The path that given as the first argument doesn't point to a directory / ");
        printf("an error has occurred while opening the directory\n");
        return -1;
    }
    if (!(virus = fopen(virus_path, "rb")))
    {
        printf("The path that given as the second argument doesn't point to a file / ");
        printf("an error has occurred while opening the file\n");
        closedir(dir);
        return -1;
    }

    //running on the file in the directory:
    while (cur_file = readdir(dir))  // at the end of the directory readdir() will return NULL
    {
        if (!(strcmp(cur_file->d_name, ".")))  // at the first time wer'e reading from a directory the value of d_name will be "."
        {
            continue;
        }
        if (!(strcmp(cur_file->d_name, ".."))) //at the second time wer'e reading from a directory the value of d_name will be ".."
        {
            continue;
        }

        if (!(file_path = (char*)malloc(strlen(dir_path) + cur_file->d_namlen + 2))) //1 for \ between dir_path and d_name and 1 for the NULL
        {
            closedir(dir);
            fclose(virus);
            return -1;
        }
        strcpy(file_path, dir_path);
        strcat(file_path, "\\");
        strcat(file_path, cur_file->d_name);
        if (!(results)) // if results == NULL -> if didn't allocated memory for results already
        {
            if (!(results = (char**)malloc(sizeof(char*))))
            {
                printf("Problem with malloc\n");
                free(file_path);
                closedir(dir);
                fclose(virus);
                return -1;
            }
        }
        else
        {
            if (!(results = (char**)realloc(results, sizeof(results) + sizeof(char*))))
            {
                printf("Problem with realloc\n");
                for (i = 0; i < results_len; i++)
                {
                    free(results[i]);
                }
                free(file_path);
                free(results);
                closedir(dir);
                fclose(virus);
                return -1;
            }
        }    
        results[results_len] = check_file(file_path, virus, mode);
        if(results[results_len] == -1) // results_len will be updated later (just malloced)
        {
            for (i = 0; i < results_len; i++)
            {
                free(results[i]);
            }
            free(file_path);
            free(results);
            closedir(dir);
            fclose(virus);
            return -1;
        }
        results_len++;
        free(file_path);
    }
    fclose(virus);
    closedir(dir);
    write_to_log(dir_path, virus_path, mode, results, results_len);
}

and the function check_file returns a char* (string) which malloced in check_file and will be free in other function.

Does someone knows the reason? Thank You

saar
  • 25
  • 4
  • 4
    sizeof does not do what you think it does (it does not tell you the size in memory of a string). You probably want strlen. – Max May 31 '16 at 21:09
  • Oh I'm so stupid, Thank you! you very helped me and now the program is better and doing almost all but there is a little bug already (triggered a breakpoint) and now its on the realloc line: if (!(results = (char**)realloc(results, sizeof(results) + sizeof(char*)))) – saar May 31 '16 at 22:40
  • you really need to improve your error handling instead of having all that code duplication - makes the code hard to follow – M.M Jun 01 '16 at 01:07
  • Just ignore it when you see return -1 – saar Jun 01 '16 at 13:43
  • But do you know what's my problem now? – saar Jun 01 '16 at 13:44
  • [Don't cast the result of `malloc` in C](http://stackoverflow.com/q/605845/995714) – phuclv Jun 01 '16 at 14:19
  • Why not? And I don't think that that's my problem (because it works in other codes) – saar Jun 01 '16 at 17:21

1 Answers1

1

This line:

        if (!(results = (char**)realloc(results, sizeof(results) + sizeof(char*))))

Is not increasing the size of results (and therefore you are stomping over the end of it as result_len increases). You probably want to use (result_len + 1)*sizeof(char*), since you are already storing the number of strings in results.

MSN
  • 53,214
  • 7
  • 75
  • 105