Segmentation fault while testing with google test

Question

I am passing a compound structure pointer to a function after doing all the memory initializations in a test fixture. But as soon as the function gets called the sizeof that struct changes. Have tried setting watchpoints and everything. don't the what's the issue. Need help. This is the code for the test.

sizeof(*ueCb) changes just after calling the function cwRrcSendMibCfgReq. The function is copying some parameters from ueCb. ueCb has multiple structures inside of it. Accessing ueCb->currContestCellForSel in the function throws a segmentation fault even though I have explicitly allocated memory here. I have checked that the allocation occurs. I check sizeof(*ueCb) in gdb keeping the mentioned fucntion as a breakpoint. The header files are the same. Also ueId remains intact while calling the function. CW_ALLOC is an internal macro which allocates memory. it's working fine I have checked that.

Can't share the whole code because it's part of IP. This code is related to 5G protocol stack.My job is to do unit testing and the entire team isn't able to figure out where the problem is.

TEST(testMib1, test)
{

    CwRrcUeCb* ueCb;
    CW_ALLOC(CW_REG,CW_POOL,&ueCb, sizeof(CwRrcUeCb));
    memset(ueCb, 0, sizeof(CwRrcUeCb));
    ueCb->currContestCellForSel = (CwRrcCellCb *) 
    malloc(sizeof(CwRrcCellCb));
    ueCb->currContestCellForSel->phyCellId = 5;
    ueCb->ueId = 5;
    S16 ret = ROK;

    ret = cwRrcSendMibCfgReq(ueCb); // sizeof *ueCb changes after this statement
    free(ueCb->currContestCellForSel);        
    CW_FREE(CW_REG, CW_POOL, ueCb, sizeof (CwRrcUeCb));

    // have changed the order just to get to the main point
    EXPECT_EQ(ROK, ret);
    printf(" Event 9 Done\n\n\n");
}

The backtrace is as follows:

(gdb) backtrace
#0  0x000000000053a673 in cwRrcSendMibCfgReq (rrcUeCb=0x7ffff5d45320) at ../src/5gnrueapp/cw_rrc_fsm.c:2745
#1  0x000000000061dd59 in testMib1_test_Test::TestBody (this=0xa73500) at ../unittest/test_Event9Mib1.cc:79
#2  0x00007ffff71847a3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing:
:Test::*)(), char const*) () from /lib64/libgtest.so.0
#3  0x00007ffff717ab27 in testing::Test::Run() () from /lib64/libgtest.so.0
#4  0x00007ffff717abce in testing::TestInfo::Run() () from /lib64/libgtest.so.0
#5  0x00007ffff717acd5 in testing::TestCase::Run() () from /lib64/libgtest.so.0
#6  0x00007ffff717e018 in testing::internal::UnitTestImpl::RunAllTests() () from /lib64/libgtest.so.0
#7  0x00007ffff717e2a7 in testing::UnitTest::Run() () from /lib64/libgtest.so.0
#8  0x000000000061e156 in main (argc=1, argv=0x7fffffffe1d8) at ../unittest/test_main.cc:38

the function which I'm testing

S16 cwRrcSendMibCfgReq(CwRrcUeCb * rrcUeCb)
{
   CtzMibConfigRequest *mibConfig = NULLP;

   CW_ALLOC(CW_REG, CW_POOL, &mibConfig, sizeof (CtzMibConfigRequest));

   if(NULL == mibConfig)
   {
      RLOG1(L_FATAL,"Memory Allocation Failed while sending Mib config req ueId:%d",rrcUeCb->ueId);
      RETVALUE(RFAILED);
   }

   mibConfig->pres.pres = 1;
   mibConfig->systemFrameNumber       = rrcUeCb->cwMibInfo.systemFrameNumber;
   mibConfig->subCarrierSpacingCommon = rrcUeCb->cwMibInfo.subCarrierSpacingCommon;
   mibConfig->ssb_SubcarrierOffset    = rrcUeCb->cwMibInfo.ssb_SubcarrierOffset;
   mibConfig->dmrs_TypeAPosition      = rrcUeCb->cwMibInfo.dmrs_TypeAPosition;
   mibConfig->pdcch_ConfigSIB1.controlResourceSetZero =
      rrcUeCb->cwMibInfo.pdcch_ConfigSIB1.controlResourceSetZero;
   mibConfig->pdcch_ConfigSIB1.searchSpaceZero        = rrcUeCb->cwMibInfo.pdcch_ConfigSIB1.searchSpaceZero;

   mibConfig->ueId                    =  rrcUeCb->ueId;
   mibConfig->cellId                  =  rrcUeCb->currContestCellForSel->phyCellId;
   RLOG0(L_DEBUG,"[CFGREQ] [SRC:RRC    ==>> DST:CL(PHY)]   : CTZ_CPHY_MIB_CFG_REQ");
   printf("\n[SRC:RRC    ==>> DST:CL(PHY)]   : CTZ_CPHY_MIB_CFG_REQ\n");
   CwLiCtzCfgReq(&cwCb.ctzSapCbLst[0]->pst,CTZ_CPHY_MIB_CFG_REQ, mibConfig);

   RETVALUE(ROK);
}

Answer 1

Try to swap the order of these lines:

    CW_FREE(CW_REG, CW_POOL, ueCb, sizeof (CwRrcUeCb));
    free(ueCb->currContestCellForSel);

It seems like you first free ueCb with CW_FREE, and then you access a member pointer of ueCb with ueCb->currContestCellForSel, which might cause the segfault.