C++

Forum

 
C++ Memory error - free() invalid next size (fast) and thrown an exception SIGABRT

dany2704 (12)
My program mycpp.c throws memory error,i think this error has been raised due to overwrite the object pointer but i couldn't trace out
root cause of the error.I felt that the line "ref3[1]= ref3[0] +reference;" is causing an issue and i commented it so .but it didnt helped me.could you please help me to resolve the error.
mycpp.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
void mycpp::filldata(ptrStructda pStData)
   1871 {
             ..../stmts/..

   1947         String s2("");
   1948         strcat(ref3[0],reference);
   1949         strcat(s2,ref3[0]);
   1950            // ref3[1]= ref3[0] +reference;
   1951             s2.replace_char('-','.');
   1952            // Clean and hold the output value
   1953             temp_Buffer->erase();
   1954         *temp_Buffer = "";
   1955         cout<<"S2:\t"<<s2<<endl;
   1956 //      strcpy(*temp_Buffer,s2);
   1957 }

String.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
String::String()
{
        _text = new char[1024];
}
String::String(char *ch)
{
        if (ch == NULL )
        {
                // if input char* is empty - allocate short buffer
                // and set it to ""
                _text = new char[2];
                strcpy(_text, "");
        }
        else
        {

                _text = new char[strlen(ch) + 1];

                if(_text)
                         strcpy(_text, ch);
                else
                {
                        _text = new char[2];
                        strcpy(_text, "");
                }
        }

}
String::String(int iLen)
{
        _text = new char[iLen+1];
}
String::String(String const & string)//jl202 added const
{
       _text = new char[string.length() + 1];

       strcpy(_text,string);
}
String::~String()
{
        delete[] _text;
}
String &String::operator=(String &ptrStr)
{
       
        delete[] _text;
        _text = new char[ptrStr.length() + 1];
        strcpy(_text, ptrStr);
        return *this;
}
String &String::operator=(char *ch)
{
        delete[] _text;
        _text = new char[strlen(ch) + 1];

        strcpy(_text, ch);
        return *this;
}
void String::erase()
{
        delete[] _text;
        _text = new char[1];
}



String.h

class String
{
        private:
                char *_text;

                friend class String_Iterator;
        public:
                // ctors and dtor
                explicit String ();                     // create String as of 1024 chars
                explicit String (char *);
                explicit String (int );
                String (String const & );               // copy ctor
                ~String();

                /////////////////
                // conversions:
                /////////////////
                //  to C-like type char *
                operator  char *() {return _text;}

                operator const char*()const
                {
                return (const_cast <char *>(_text) );
                }
};

gdb information for observation
1
2
3
4
5
6
7
8
9
10
 
(gdb) bt
#4  0x00000031690758db in free () from /lib64/libc.so.6
#5  0x0000000000402fda in String::~String (this=0x7fffffffd2f0, __in_chrg=<value optimized out>) at String.c:55
#6  0x000000000040d58c in mycpp::filldata (this=0x61f0e0, pStData=0x7fffffffdd50) at mycpp.c:1955
#7  0x000000000041159d in mycpp::base (this=0x61f0e0, pStData=0x7fffffffdd50, account_id=0x6418e0 "0300130",
    page_balance=0x7fffffffdf38, items_on_page=0x7fffffffdf34, txn_per_acc=0x7fffffffdf30, total_cash_bal=0x7fffffffdf28, total_cv_bal=0x7fffffffdf20)
    at mycpp.c:1328
#8  0x0000000000414e77 in mycpp::Proc (this=0x61f0e0) at mycpp.c:899
#9  0x000000000041704e in mycpp::Run (this=0x61f060) at mycpp.c:97
#10 0x0000000000417146 in main (argc=3, argv=0x7fffffffe1f8) at mycpp.c:2264


Thanks for looking into this. Seeking your valuable solution
Last edited on
kbw (9488)
uninitialsed _tex. length is not recorded anywhere
1
2
3
4
 
String::String(int iLen)
{
        _text = new char[iLen+1];
}

uninitialsed _text, len 1 whereas the constructor has len 2
1
2
3
4
5
 
void String::erase()
{
        delete[] _text;
        _text = new char[1];
}

what if ch is null?
1
2
3
4
5
6
7
8
 
String &String::operator=(char *ch)
{
        delete[] _text;
        _text = new char[strlen(ch) + 1];

        strcpy(_text, ch);
        return *this;
}

Do you really need the cast?
1
2
3
4
 
operator const char*()const
{
        return (const_cast <char *>(_text) );
}


But seriously, what do you think this does?
1
2
 
String s2("");
strcat(s2,ref3[0]);
dany2704 (12)
Thank you for looking into this
1.what if ch is null?
I had this question in my mind when the assignment operator overloading function is invoked.i got the error so i commented the piece of code( // ref3[1]= ref3[0] +reference; )
could you please help how to handle this condition?

2.Do you really need the cast?
Its the fix for another issue

3.uninitialsed _text, len 1 whereas the constructor has len 2? and
But seriously, what do you think this does?

_text will always be initialized.Because the object pointer of the class holds a value before it gets erased and then new value will be assigned
I feel that the two lines are not required .If would remove this code then the 
1
2
3
4
5
6
7
 
   1948         strcat(ref3[0],reference);
   1949         // ref3[1]= ref3[0] +reference;
  1951             ref3[0].replace_char('-','.');
   1952            // Clean and hold the output value
   1953             temp_Buffer->erase();
   1954         *temp_Buffer = "";
   1955         cout<<"S2:\t"<<s2<<endl;


4.uninitialsed _tex. length is not recorded anywhere
i couldnt understand the question
kbw (9488)
You've questioned all the points except the one that's causing the crash. The answer to point 5 is it corrupts the heap, causing a crash when you try to use it later on.

1. You have to decide what passing NULL means. It could mean clear(), you have to decide and implement it. You can't ignore it.

2. You shouldn't have a cast there. All your C string interfaces should be const char*, but you keep passing char*. It's an important point. Oh, and _text should remain char*.

3 and 4. _text is always pointing to memory allocated off the heap, but you never really know how much data is allocated because you don't store it. So you don't know how much data can be copied in.
dany2704 (12)
Thanks kbw

1.But seriously, what do you think this does?
I have answered this question in point#3

I feel that the two lines are not required .If i would remove the line then the code will be
modified into ref3[0].replace_char('-','.');
[code]
1948 strcat(ref3[0],reference);
1949 // ref3[1]= ref3[0] +reference;
1951 ref3[0].replace_char('-','.');
1952 // Clean and hold the output value
1953 temp_Buffer->erase();
1954 *temp_Buffer = "";

Topic archived. No new replies allowed.