Memory Corruption on using cin >>

Question

I am getting a strange memory corruption when running my code. It occurs from the "cin" in the following block. Funny thing is, the for-loop runs the first time. The momory corruption occurs on the second iteration (when i = 1).

case 3:
            {
                // for(int i = 0; i < MAX_PLAYERS; i++)
                for(int i = 0; i < 5; i++)
                {
                    mavlink_param_value_t packet_vel, packet_pwr;   
                    float vel_factor;
                    float power_factor;

                    strcpy(packet_vel.param_id, "GAME_VEL_FACTOR");
                    strcpy(packet_pwr.param_id, "GAME_PWR_FACTOR");

                    printf("Current index %d\n", i);
                    // cout << "\n" << "Enter Game Velocity Factor:";
                    // cin >> packet_vel.param_value;
                    cout << "\n" << "Enter Game Power Factor:";
                    cin >> power_factor;

                    printf("Assigning local variable to struct member\n");
                    packet_pwr.param_value = power_factor;

                    printf("Packing current message\n");
                    mavlink_msg_param_value_pack((uint8_t)i,
                                                 1,
                                                 &messages[i],
                                                 packet_vel.param_id, 
                                                 packet_vel.param_value, 
                                                 packet_vel.param_type,
                                                 1,
                                                 1);
                }

                *cont_mode = true;
                break;

The following is error:

Enter message for player 0
Current index 0

Enter Game Power Factor:1
Assigning local variable to struct member
Packing current message
Current index 1

Enter Game Power Factor:2
*** Error in `./send_mavlink_msgs': malloc(): memory corruption (fast): 0x0000000000ccf050 ***
Aborted (core dumped)

Thank you!

Update:

Here is how I am creating "messages"

    mavlink_message_t *messages = (mavlink_message_t *)malloc(num_of_robots*sizeof(mavlink_global_position_int_t));

It's definition is found here

Answer 1

mavlink_message_t *messages = (mavlink_message_t *)
   malloc(num_of_robots*sizeof(mavlink_global_position_int_t));

This should probably be:

mavlink_message_t *messages = (mavlink_message_t *)
   malloc(num_of_robots*sizeof(mavlink_message_t));

Using the wrong sizeof parameter will allocate the wrong amount of space. This is a serious problem if mavlink_global_position_int_t is smaller than mavlink_message_t (which, from my cursory googling, appears to be the case).

---

Also, I'm not familiar with whatever "mavlink" is, but judging from here:

typedef struct __mavlink_param_value_t
{
 int8_t param_id[15]; ///< Onboard parameter id
 float param_value; ///< Onboard parameter value
 uint16_t param_count; ///< Total number of onboard parameters
 uint16_t param_index; ///< Index of this onboard parameter
} mavlink_param_value_t;

param_id is a 15-byte array. "GAME_VEL_FACTOR" and "GAME_PWR_FACTOR" are both 16-byte strings if you count the '\0' terminators at the ends.