freeing malloced memory bug free

Question

I'm a self enthusiast CS learner. (please take my comments as a geek's query for further clarification he needed)

I was writing a simple c script to get a better understanding on dynamically allocated memory (aside from queue and stack). To do so I've created a simple "malloced" pointer to the "n int type heap memory."

int *array;
    int size = 10;
    //point to a chunk of 10 (m)allocated memory in heap (?) am I right ? 
    array = (int *) malloc(sizeof(int) * size);

Now I have done some operation on them. for example

//passing array as reference (?)

void handy_array(int *pointer, int size) {

    /*operation on the (m)allocated array of given size created in heap*/

    for(int i = 0; i < size; i++) {
        pointer[i] = i-10 ;
    }
    return;
}

So far so good, now we can use this array[size] like a char string[n] = "a string." But when freeing the memory using this method

void free_array(int *array, int size) {

    for(int i= 0; i < size; i++){
        //free the ith assigned address and its value in heap memory
        free(&array[i]);

    }
    return;
}

Now, I'm getting this interesting error message-

    *** Error in `./main': free(): invalid pointer: 0x0973d00c ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x67377)[0xb75f6377]
/lib/i386-linux-gnu/libc.so.6(+0x6d2f7)[0xb75fc2f7]
/lib/i386-linux-gnu/libc.so.6(+0x6dbb1)[0xb75fcbb1]
./main[0x8048590]
./main[0x80484c8]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf7)[0xb75a7637]
./main[0x8048391]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:01 22937845   /directory/to/the/script
08049000-0804a000 r--p 00000000 08:01 22937845   /directory/to/the/script
0804a000-0804b000 rw-p 00001000 08:01 22937845   /directory/to/the/script
0973d000-0975e000 rw-p 00000000 00:00 0          [heap]
b7400000-b7421000 rw-p 00000000 00:00 0 
b7421000-b7500000 ---p 00000000 00:00 0 
b7559000-b7575000 r-xp 00000000 08:01 13239646   /lib/i386-linux-gnu/libgcc_s.so.1
b7575000-b7576000 rw-p 0001b000 08:01 13239646   /lib/i386-linux-gnu/libgcc_s.so.1
b758f000-b773e000 r-xp 00000000 08:01 13239459   /lib/i386-linux-gnu/libc-2.23.so
b773e000-b773f000 ---p 001af000 08:01 13239459   /lib/i386-linux-gnu/libc-2.23.so
b773f000-b7741000 r--p 001af000 08:01 13239459   /lib/i386-linux-gnu/libc-2.23.so
b7741000-b7742000 rw-p 001b1000 08:01 13239459   /lib/i386-linux-gnu/libc-2.23.so
b7742000-b7745000 rw-p 00000000 00:00 0 
b775d000-b7760000 rw-p 00000000 00:00 0 
b7760000-b7762000 r--p 00000000 00:00 0          [vvar]
b7762000-b7763000 r-xp 00000000 00:00 0          [vdso]
b7763000-b7785000 r-xp 00000000 08:01 13239455   /lib/i386-linux-gnu/ld-2.23.so
b7785000-b7786000 rw-p 00000000 00:00 0 
b7786000-b7787000 r--p 00022000 08:01 13239455   /lib/i386-linux-gnu/ld-2.23.so
b7787000-b7788000 rw-p 00023000 08:01 13239455   /lib/i386-linux-gnu/ld-2.23.so
bf7eb000-bf80c000 rw-p 00000000 00:00 0          [stack]
Aborted (core dumped)

My precise questions are:
0. which is the practical practice to allocate memory chunk- either from global or local scope, or initiating them from main method and work on local methods that I'm doing here.
1. What is the exact method to free memory in the aforementioned scenario ?
and
(optional; and if you think irrelevant please ignore)
2. I want some hints to understand the interesting error message like backtrace and memory map
Thanks in advance

Answer 1

Firstly, you need not cast the return value of malloc() in the following statement:

array = (int *) malloc(sizeof(int) * size);
//instead use:
array = malloc(sizeof(*array) * size); 
//this is fine and here `*array` instead of `int` to denote the type

Here's why: https://stackoverflow.com/a/605858/5281962

---

coming to your problem, you need to free your malloced pointer only once but instead you are doing it more than once by using a free() in a for loop in your free_array() function

for(int i= 0; i < size; i++){
    //free the ith assigned address and its value in heap memory
    free(&array[i]);
}

instead of the loop just do:

free(array); //done!