Invalid write/read of size 1 in valgrind, no answer found

Question

I'm trying to do a prime decomposition of numbers that cannot be representated by classical number types. I read that big number as string and then I divide it by all primes smaller than 10^6 (generated in advance). In process I use dynamic allocation of memory. After completion of my code I checked valgrind output and found a few errors which are seems to be caused by the same thing and I just can't see what is wrong in my code. I did a research and although many people get the same error, solution wasn't applicable to my problem. I will be greatful for every piece of advice because I am just desperate by now.

Here is my code(without functions that are not substantial for my problem):

long* primeArray;
long endDiv = 101;
long r;
long length;
char *division(char dividend[],long divisor){
    char *multiplier = malloc(sizeof(char*)*endDiv);
    long temp=0;
    int i=0;
    int j=0;
    while(dividend[i]){  
         temp = temp*10 + (dividend[i] - 48);
         if(temp<divisor){
             multiplier[j++] = 48;
         }
         else{
             multiplier[j++] = (temp / divisor) + 48;
             temp = temp % divisor;
         }
         i++;
    }
    multiplier[j] = '\0';
    length = j;
    r = temp;
    return multiplier;
}
void doDecomposition(char* divident){
    long* primeDec = (long*)malloc(endDiv* sizeof(long*));
    int counter = 0;
    char * multiplier;  
    for(int i = 0;i<endPrime-1;i++){
            multiplier = division(divident, primeArray[i]);
            if(r == 0){
                free(divident);                 
                divident = multiplier;
                primeDec[counter] = primeArray[i];
                i = -1;
                counter++;
            }else{
                int f = 0;
                for(int a = length-1;a>0;a--){
                    if(multiplier[a] != '0'){
                        f = 1;
                        break;
                    }
                }
                free(multiplier);
                if(f==0){
                    break;
                }
            }   
    }
    printCount(primeDec, counter);
    free(primeDec);
    free(divident);
}
int main(int argc, char *argv[])
{
    char* divident = malloc(endDiv*sizeof(char*));
    genPrime(1000000);
    if(divident == NULL){
        exit(666);
    }
    while(fscanf(stdin, "%s", divident) == 1){  
        if(divident[0] == '0' && divident[1]=='\0'){
            exit(0);
        }
        else if(divident[0] == '1' && divident[1]=='\0'){
            fprintf(stdout, "Prime decomposition of 1 is:\n1\n");
        }
        else{
            checkDivident(divident);
            fprintf(stdout,"Prime decomposition of %s is:\n", divident);
            doDecomposition(divident);
        }   
    }
    free(divident); 
  return 0;
}

And here is my valgrind output:

==17523== Invalid write of size 1
==17523==    at 0x51A0695: _IO_vfscanf (vfscanf.c:1107)
==17523==    by 0x51AE8E8: __isoc99_fscanf (isoc99_fscanf.c:34)
==17523==    by 0x40126F: main (main.c:185)
==17523==  Address 0x550c040 is 0 bytes inside a block of size 808 free'd
==17523==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x401128: doDecomposition (main.c:161)
==17523==    by 0x401252: main (main.c:195)
==17523==  Block was alloc'd at
==17523==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x400C8A: division (main.c:73)
==17523==    by 0x401080: doDecomposition (main.c:145)
==17523==    by 0x401252: main (main.c:195)
==17523== 
==17523== Invalid write of size 1
==17523==    at 0x51A0752: _IO_vfscanf (vfscanf.c:1192)
==17523==    by 0x51AE8E8: __isoc99_fscanf (isoc99_fscanf.c:34)
==17523==    by 0x40126F: main (main.c:185)
==17523==  Address 0x550c041 is 1 bytes inside a block of size 808 free'd
==17523==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x401128: doDecomposition (main.c:161)
==17523==    by 0x401252: main (main.c:195)
==17523==  Block was alloc'd at
==17523==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x400C8A: division (main.c:73)
==17523==    by 0x401080: doDecomposition (main.c:145)
==17523==    by 0x401252: main (main.c:195)
==17523== 
==17523== Invalid read of size 1
==17523==    at 0x4011C4: main (main.c:186)
==17523==  Address 0x550c040 is 0 bytes inside a block of size 808 free'd
==17523==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x401128: doDecomposition (main.c:161)
==17523==    by 0x401252: main (main.c:195)
==17523==  Block was alloc'd at
==17523==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x400C8A: division (main.c:73)
==17523==    by 0x401080: doDecomposition (main.c:145)
==17523==    by 0x401252: main (main.c:195)
==17523== 
==17523== Invalid read of size 1
==17523==    at 0x4011D3: main (main.c:186)
==17523==  Address 0x550c041 is 1 bytes inside a block of size 808 free'd
==17523==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x401128: doDecomposition (main.c:161)
==17523==    by 0x401252: main (main.c:195)
==17523==  Block was alloc'd at
==17523==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523==    by 0x400C8A: division (main.c:73)
==17523==    by 0x401080: doDecomposition (main.c:145)
==17523==    by 0x401252: main (main.c:195)
==17523== 
==17523== 
==17523== HEAP SUMMARY:
==17523==     in use at exit: 627,992 bytes in 1 blocks
==17523==   total heap usage: 1,252,545 allocs, 1,252,544 frees, 1,504,746,312 bytes allocated
==17523== 
==17523== LEAK SUMMARY:
==17523==    definitely lost: 0 bytes in 0 blocks
==17523==    indirectly lost: 0 bytes in 0 blocks
==17523==      possibly lost: 0 bytes in 0 blocks
==17523==    still reachable: 627,992 bytes in 1 blocks
==17523==         suppressed: 0 bytes in 0 blocks
==17523== Reachable blocks (those to which a pointer was found) are not shown.
==17523== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==17523== 
==17523== For counts of detected and suppressed errors, rerun with: -v
==17523== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)

Info for line numbers:

185: while(fscanf(stdin, "%s", divident) == 1){ 
161: free(multiplier);
195: doDecomposition(divident);
73: char *multiplier = malloc(sizeof(char*)*endDiv);
145: multiplier = division(divident, primeArray[i]);

Thanks for everything, I would be happy for even slightest clue!

Answer 1

The problem is you free your divident in your doDecomposition function. So if the condition if(r == 0) is true, in the next loop you do in the main, you try to write in a memory you don't own. Why do you want to free if in your loop, you already free it at the end of your program ?

Another question, why do you do if(divident[0] == '0' && divident[1]=='\0') ? Read the strcmp man, it's more readable, and easy to use ;)

A last thing, when you malloc, I think it's better to make int *i = malloc(sizeof(*i)); than int *i = malloc(sizeof(int*));, because if you want to change the type of i, you'll have to change every allocations with the correct type. It's not a problem when you have a little program, but with a big one it's harder.