munmap_chunk(): invalid pointer

Question

I've spotted the error in my program and decided to write a simple one, which would help me understand what's going on. Here it is :

#include <stdio.h>
#include <stdlib.h>

char * first()
{
    char * word = malloc(sizeof(char) * 10);
    word[0] = 'a';
    word[1] = 'b';
    word[2] = '\0';
    return word;
}

char * second ()
{
    char * word = malloc(sizeof(char) * 10);
    word = "ab";
    return word;
}

int main ()
{
    char * out = first();
    printf("%s", out);
    free(out);
    out = second();
    printf("%s", out);
    free(out);
    return 0;
}

The first() function is working properly, but the second() (exactly the free(out) ) genarates error:

Error in `./a.out': munmap_chunk(): invalid pointer: 0x0000000000400714 *** ababAborted (core dumped)

I don't understand why the first function is correct, but the second isn't. Could anyone explain why?

Answer 1

In function char * second

 char * word = malloc(sizeof(char) * 10);
 word = "ab";

The second statement word = "ab"; changes word to point away from the allocated memory.You are not copying the string "ab" to the area of heap allocated by malloc.

And to free a memory that is not allocated by malloc or similar functions crashes your program.

Attempting to free an invalid pointer (a pointer to a memory block that was not allocated by calloc, malloc, or realloc) may affect subsequent allocation requests and cause errors.

You should use here strcpy as also suggested by others.

Answer 2

In the function second(), the assignment word = "ab"; assigns a new pointer to word, overwriting the pointer obtained through malloc(). When you call free() on the pointer later on, the program crashes because you pass a pointer to free() that has not been obtained through malloc().

Assigning string literals does not have the effect of copying their content as you might have thought. To copy the content of a string literal, use strcpy():

strcpy(word, "ab");