2

The following deleteNode function when I run the program gets these: * glibc detected free(): invalid next size (normal): 0x000000000103dd90 **

Even i make the ' free(here); ' a comment,i get the above message. I dont think that the other 'free' calls provokes a problem like that. But I cant see why this would be wrong. :/

struct List *deleteNode(int Code,int i,char* Number)
    {
        struct List *here;
        here=Head;

        for (here; here!=Tail; here=here->next)
        {       
            if ( (here->number==Number) && (here->code==Code) )//found node on the List
            {
                if (here->previous==Head)        //delete from beginning
                {           
                    Head=here->next;
                    here->next->previous=Head;
                }
                else if (here->next==Tail) //delete from the end
                {
                    here->previous->next=Tail;
                    Tail=here->previous;
                }
                else  //delete from the middle of the list
                {   
                    here->previous->next=here->next;
                    here->next->previous=here->previous;
                }
                break;
            }
        }

        free (here);

    }

EDIT: if i used and understand valgring well then the problem is on my main function. i have also there some 'free' but i changed deleteNode before this message so i thought that the problem was on the deleteNode function.

Now,there is no free() invalid next size.... but unfortunately this: glibc detected * : double free or corruption (out): 0x00007fff1aae9ae0 * :(

A part of the main:

FILE *File;
    if ( ( File=fopen("File.txt","r")) !=NULL )
    {                               
        int li = 0;    
        char *lin = (char *) malloc(MAX_LINE * sizeof(char));


        while(fgets(lin, MAX_LINE, eventFile) != NULL)
        {
            token = linetok(lin, " ");

            if(token != NULL)
            {

                int i,code,nodeID;
            char *number;
            char *event;

                for(i = 0; token[i] != NULL; i += 1)
                {
            code=atoi(token[0]);
            strcpy(event,token[1]);
            nodeID=atoi(token[2]);
            strcpy(number,token[3]) ;

            int i;
            if (!strcmp(event,"add"))
            {       
                add_to_List(code,i,number);
            }
            else if(!strcmp(event,"delete"))
            {       
                             deleteNode(eventNo,i,number);
                    }
            free(event);
            free(phoneNumber);  
        }
                free(token);
            }
            else 
            {
                printf("Error reading line %s\n", lin);
                exit(1);   
            }
        }
    } 
    else 
    {
        printf("Error opening file with the events.\nEXIT!");
        exit(0);
    }

debugging it...

multiple definition of main' pro:(.text+0xce0): first defined here /usr/lib/gcc/x86_64-linux-gnu/4.4.1/crtend.o:(.dtors+0x0): multiple definition ofDTOR_END' pro:(.dtors+0x8): first defined here /usr/bin/ld: warning: Cannot create .eh_frame_hdr section, --eh-frame-hdr ignored. /usr/bin/ld: error in pro1(.eh_frame); no .eh_frame_hdr table will be created. collect2: ld returned 1 exit status

FILIaS
  • 495
  • 4
  • 13
  • 26
  • Try running with valgrind. Valgrind catches many errors concerning memory. – Fabian Oct 31 '10 at 15:00
  • hm with valgring i get this: warning: Cannot create .eh_frame_hdr section, --eh-frame-hdr ignored. /usr/bin/ld: error in deleteNode.c(.eh_frame); no .eh_frame_hdr table will be created. collect2: ld returned 1 exit status – FILIaS Oct 31 '10 at 15:08
  • One problem I see is that the variables number and event are uninitialized when used in the strcpy()'s. strcpy() does not allocate memory. You should probably use strdup() which does allocate memory. – Fabian Oct 31 '10 at 19:43
  • Possible duplicate of [How to track down a "double free or corruption" error](https://stackoverflow.com/questions/2902064/how-to-track-down-a-double-free-or-corruption-error) – Raedwald Dec 06 '18 at 13:54

2 Answers2

5

"Invalid next size" means that glibc has detected corruption in your memory arena.

You have overwritten valuable accounting information that's stored in between your allocated blocks.

With each block that malloc gives you, there is some accounting information stored close by. When you overwrite this information by, for example, writing 128 characters to a 20-character buffer, glibc may detect this the next time you try to free (or possibly allocate) some memory.

You need to find the root cause of this problem - it's not the free itself, that's just where the problem is being detected. Somewhere, some of your code is trashing memory and a memory analysis tool like valgrind will be invaluable here.

paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953
2

If the node is not found in the list, you will free the Tail node at the end of the function, without updating Tail to point to anything valid again.

Further using the list and the now deallocated Tail can easily result in memory corruption that might later be detected by glibc with a message like the one you got.

Also note that in (here->number==Number) you are comparing two pointers, not the values those pointers point to. I'm not sure if that's what you want.

sth
  • 222,467
  • 53
  • 283
  • 367
  • thnx sth! i understand what u say...i commented the 'free' but problems still remains :( what do u mean with your last comment? what should i do? – FILIaS Oct 31 '10 at 15:20
  • @FILIaS: You commented out `free()` and still you get an error message from `free()`? The last comment means that if you compare two pointer variables with `==` you are comparing the memory addresses stored in these pointer variables, not the values stored in the memory at these addresses. So you compare the addresses themselves. If you want to compare strings you should probably use the `strcmp()` function. – sth Oct 31 '10 at 15:29
  • oh yes my fault. but even now,i still get this message! :( – FILIaS Oct 31 '10 at 15:50