From: "A. Sinan Unur" Newsgroups: comp.os.msdos.djgpp Subject: Re: problem with malloc and free Date: 14 Dec 2002 16:13:09 GMT Organization: Cornell University Lines: 193 Sender: asu1 AT cornell DOT invalid (on pool-141-149-208-122.syr.east.verizon.net) Message-ID: References: NNTP-Posting-Host: pool-141-149-208-122.syr.east.verizon.net X-Trace: news01.cit.cornell.edu 1039882389 11693 141.149.208.122 (14 Dec 2002 16:13:09 GMT) X-Complaints-To: usenet AT news01 DOT cit DOT cornell DOT edu NNTP-Posting-Date: 14 Dec 2002 16:13:09 GMT User-Agent: Xnews/5.04.25 To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Reply-To: djgpp AT delorie DOT com "Lars O. Hansen" wrote in news:atf1n7$o7e$1 AT news DOT online DOT de: > Still stripped down, but this always crashes when compiled with gcc > -pedantic -Wall is.c -lalleg > #define arraysize 360 > > #define stype int > #define rtype float > #define trigtype float > > #define id 1024 > #define PHI 1.0 > #define statusx 10 > #define statusy 440 > > > stype array_size=arraysize-1; > > rtype *cm; > trigtype *cxphi; > trigtype *sxphi; > rtype *a; > trigtype *b; > rtype *le; > trigtype *an; > stype *ak,*ek; > void init_arrays(void) > { > int i=array_size-1; > > > cm=malloc(3*sizeof(rtype)*array_size); /* ! we allocate #of needed OK, cm has room for 3*array_size rtype elements. > times memory */ cxphi=malloc(4*sizeof(trigtype)*array_size); > ak=malloc(2*sizeof(stype)*array_size); > > a=cm+sizeof(rtype)*array_size; /* then we adjust the pointers ! */ a refers to 4*array_size elements from cm. so you are adjusting pointers to point to never-never land. > do > { > cm[sizeof(rtype)*i]=id; > } > while(i--); at the start of the loop, i is equal to array_size - 1 (which I think is 358). you have allocated room for 3*359 rtype elements in cm. you then go ahead and write to cm[4*358]. that is out of bounds. by the way, your coding style makes it very hard to follow what you are doing. you have #define arraysize 360 then stype array_size = arraysize - 1; in global scope. then, in the function init_arrays, you have int i = array_size - 1; by this time, compounded by a plethora of variable names such as cm, ak, a bzztztztz, my head is spinning. the following does not crash. #include #include #define ARRAYSIZE 360 #define id 1024 #define PHI 1.0 #define statusx 10 #define statusy 440 typedef int stype; typedef float rtype; typedef float trigtype; stype array_size=ARRAYSIZE-1; rtype *cm; rtype *a; rtype *le; trigtype *cxphi; trigtype *sxphi; trigtype *b; trigtype *an; trigtype phi = PHI; stype *ak,*ek; char status_string[]=" "; void setupall(void); void init_arrays(void); void freeall(void); void cls(void); int main() { setupall(); freeall(); return 0; } void cls(void) { /* * ... * status_string[sprintf(status_string+19,"%.1f",phi)+19]=32; * ... * You have, in global scope, * char status_string[]=" "; * So, status_string has room for 2 chars. * Your sprintf above refers to status_string+19 ... hmmmm. */ } void init_arrays(void) { stype i=ARRAYSIZE-1; cm = malloc(3*sizeof(rtype)*array_size); cxphi = malloc(4*sizeof(trigtype)*array_size); ak = malloc(2*sizeof(stype)*array_size); a = cm + array_size; le = a + array_size; sxphi = cxphi + array_size; b = sxphi + array_size; an = b + array_size; ek = ak + array_size; if(cm==NULL||cxphi==NULL||ak==NULL) { printf("nomemstring"); exit(0); } do { cm[i]=id; } while(i--); cls(); } void freeall(void) { if(cm == 0 || cxphi == 0 || ak == 0) { printf("0?"); } free(cm); free(cxphi); free(ak); } void setupall(void) { atexit(freeall); init_arrays(); } -- A. Sinan Unur asu1 AT c-o-r-n-e-l-l DOT edu Remove dashes for address Spam bait: mailto:uce AT ftc DOT gov