Reputation: 115
Double free after setting pointer to NULL
Note: this may appear as a duplicate to a prior question I had asked. I have taken the comments on that question to produce a more concise and runnable version.
I have patched the memory leaks as pointed out in a prior post. Now, I am receiving a double free error. I have commented where I believe the double free error is occurring - within the power_arr() function. I have posted another question, operating the trim() function utilizing the same pattern, without receiving an error. I am trying to understand the exact cause of the double free error, as the management of the pointer tmp within power_arr() appears sound.
The exact error message is as follows:
*** Error in `./a.out': double free or corruption (fasttop): 0x00000000017a5fc0 ***
Aborted
The purpose of the code is to handle large integers as an array of integers. More specifically, to handle integers in the range of 2^1000.
Side note, the function pad() and the enum SIDE. Given the array int n[] = { 1, 2 };. Calling pad() with SIDE set to LOW, i.e. 0, and a new_length of 5, the array returned is as follows; { 0, 0, 0, 1, 2 }. If the SIDE were set to HIGH, the result would be { 1, 2, 0, 0, 0 }.
#include <stdlib.h>
#include <stdio.h>
#define MAX(a, b) (a > b) ? a : b
#define MIN(a, b) (a < b) ? a : b
enum SIDE { LOW, HIGH };
int *pad(int *n, int nlength, int new_length, enum SIDE side);
int *sum(int *n, int nlength, int *m, int mlength, int *sum_length);
int *power_arr(int *n, int nlength, int exp, int *res_length);
int *trim(int *n, int nlength, int *res_length);
void copy(int *to, int *from, int length);
int main(void)
{
int b[] = { 2 };
int r, i;
int *rlength, *res;
r = 0;
rlength = &r;
res = power_arr(b, 1, 4, rlength);
printf("Length = %d\n", *rlength);
for (i = 0; i < *rlength; i++)
{
printf("i = %d\n", res[i]);
}
free(res);
exit(0);
}
int *pad(int *n, int nlength, int new_length, enum SIDE side)
{
int i, j;
int *padded;
if (nlength < 1 || new_length <= nlength)
{
return NULL;
}
padded = calloc(new_length, sizeof(int));
if (!padded)
{
return NULL;
}
if (side == LOW)
{
j = new_length - 1;
for (i = (nlength - 1); i >= 0; i--)
{
padded[j--] = n[i];
}
}
else
{
j = 0;
for (i = 0; i < nlength; i++)
{
padded[j++] = n[i];
}
}
return padded;
}
int *trim(int *n, int nlength, int *res_length)
{
int i, j;
int *res;
for (i = 0; i < nlength; i++)
{
if (n[i] > 0)
{
break;
}
}
*res_length = (nlength - i);
res = malloc(sizeof(int) * (*res_length));
if (!res)
{
return NULL;
}
j = 0;
while (i < nlength)
{
res[j++] = n[i++];
}
return res;
}
int *sum(int *n, int nlength, int *m, int mlength, int *sum_length)
{
int i, tmp, carry, padded;
int *result, *trimmed, *op1, *op2;
enum SIDE side = LOW;
if (nlength == mlength)
{
op1 = n;
op2 = m;
}
else if (nlength > mlength)
{
op1 = n;
op2 = pad(m, mlength, nlength, side);
padded = 1;
}
else
{
op1 = m;
op2 = pad(n, nlength, mlength, side);
padded = 1;
}
result = malloc(sizeof(int) * (MAX(nlength, mlength) + 1));
if (!op1 || !op2 || !result)
{
if (padded)
{
free(op2);
}
free(result);
return NULL;
}
carry = 0;
for (i = (MAX(nlength, mlength)) - 1; i >= 0; i--)
{
tmp = op1[i] + op2[i] + carry;
if (carry > 0)
{
carry = 0;
}
if (tmp >= 10)
{
carry = tmp / 10;
tmp = tmp % 10;
}
result[i + 1] = tmp;
}
if (padded)
{
free(op2);
}
if (carry > 0)
{
result[0] = carry--;
}
*sum_length = (MAX(nlength, mlength)) + 1;
trimmed = trim(result, *sum_length, sum_length);
free(result);
return trimmed;
}
void copy(int *to, int *from, int length)
{
int i;
for (i = 0; i < length; i++)
{
to[i] = from[i];
}
}
int *power_arr(int *n, int nlength, int exp, int *res_length)
{
int *tmp, *rt, *bufp;
int bufp_length, i, dbg_i;
rt = malloc(sizeof(int) * 1000);
bufp = malloc(sizeof(int) * 1000);
if (!rt || !bufp)
{
free(rt);
free(bufp);
return NULL;
}
copy(rt, n, nlength);
copy(bufp, n, nlength);
*res_length = bufp_length = nlength;
while (--exp > 0)
{
for (i = *n - 1; i > 0; i--)
{
tmp = sum(rt, *res_length, bufp, bufp_length, res_length);
if (!tmp)
{
printf("tmp was null\n");
exit(-1);
}
copy(rt, tmp, *res_length);
if (tmp)
{
free(tmp); // double-free error occurs here, on subsequent iterations
tmp = NULL;
}
}
copy(bufp, rt, *res_length);
bufp_length = *res_length;
}
free(bufp);
return rt;
}
Note, I would have deleted the original question that this one evolved from, but I feel this is a branch off from my "Malloc returning same value - no double free error" question. As subsequent debugging in that question lead to this one.
Upvotes: 0
Views: 343
Answers (1)
Reputation: 115
padded was undefined in sum(). By initializing padded to zero, the free() logic executes correctly.
Upvotes: 2
Related Questions
- C Keep Getting Double Free, despite trying to free in same form as allocation
- Setting variable to NULL after free
- Why is my pointer not null after free?
- Setting pointer to NULL after free in quirky data structures (C)
- Strange double free behavior
- Freeing a pointer to a 'double' value
- free up memory on a double pointer
- Free double pointer using a function
- freeing an double pointer
- How to free double pointers after usage in c?