Heap block modified past requested size of 2 Error in C

Question

So the following code is causing an error:

// free pointers created with malloc
for (int i = 0; i < 3; i++) {
    if (rt_offset_rs[i] != NULL ) {
        free(rt_offset_rs[i]); // <== AT THiS LINE
    }

ERROR: Heap block at 0000000000331DD0 modified at 0000000000331DE2 past requested size of 2

I don't understand this error at all. The following is the code where I manipulate the pointer rt_offset_rs:

            char** rt_offset_rs; 
    rt_offset_rs = malloc(3 * sizeof(char*));
    if (rt_offset_rs == NULL ) {
        fprintf(outputFilePointer, "no more memory");
        exit(1);
    }

    for (int i = 0; i < 3; i++) {
        rt_offset_rs[i] = malloc(2 * sizeof(char));
        if (rt_offset_rs[i] == NULL ) {
            fprintf(outputFilePointer, "no more memory");
            exit(1);
        }
    }

Answer 1

I ran into this problem when I do something like following.

#include <malloc.h>
int main()
{
    const char* s = "123";
    void** p = (void**)malloc(1);
    *p = (void*)s;
    free(p);
}

The code invokes the following error in a x64 build:

HEAP[XXX.exe]: Heap block at 000001C207A21D60 modified at 000001C207A21DA5 past requested size of 35

The code invokes the following error in a Win32 build:

HEAP CORRUPTION DETECTED: after Normal block (#93) at 0x00636110. CRT detected that the application wrote to memory after end of heap buffer.

The malloc line is wrong. It should be modified like this:

void** p = (void**)malloc(1*sizeof(void*));

Because the sizeof a pointer is sizeof(void*) bytes, not one byte!

Answer 2

The error is not with the free() call, but somewhere before that, only your system checks for overflows only at some cases, one of them is free, and not in each write to the buffer.

It is not part of your code, but it seems that you allocate two bytes, and writes at least 3 to the buffer ( if it is a string - don't forget null terminator is another byte )