Home/ Questions/Q 7971261
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T07:35:48+00:00

I’m having some trouble with a malloc call. The thing is that this call

  • 0

I’m having some trouble with a malloc call. The thing is that this call is on a function that I call twice on my program. The second malloc of the function crashes only on the second time that I call this function. I tried swapping the order of some of then and even delleting one.. In the first case, the second malloc (originally the first) was crashed, and in the second case, it crashed a realloc that appears later in the same function. Also, I tried calling my function one time before the second and kept crashing on the (new) second call. Can anyone help me? Here is my code: 

int main(int argv, char *argc[]){
    fsys = malloc(sizeof(struct ext2system)); // Global pointer var

    getsysdata();

    list_dir(fsys->root);
//  list_dir(fsys->root); // IF THIS LINE IS UNCOMMENTED, 
                          // THE PROGRAM CRASHES ON THIS CALL
                          // IF NOT, IT CRASHES ON data = get_cont(fsys->root); 

    pdir dir = malloc(sizeof(struct s_direct));
    int* data;
    int offs, i;


    data = get_cont(fsys->root);  
    offs = 0;
    for (i = 0; i < fsys->root->i_links_count + 2; ++i) {
        offs += readdirent(getblock(data[0])+offs, dir);
        printf("%.*s\n", dir->name_len, dir->name);
        if(dir->file_type==1) printf("%s\n", data);
    }

    unmap(fsys->diskmap);
    return 0;
}

void list_dir(pinode inod){
    // Lists a directory contents
    pdir dir = malloc(sizeof(struct s_direct));
    int* data;
    int offs, i;

    data = get_cont(inod);
    offs = 0;
    for (i = 0; i < inod->i_links_count + 2; ++i) {
        offs += readdirent(getblock(data[0])+offs, dir);
        printf("%.*s\n", dir->name_len, dir->name);
    }

}

int *get_cont(pinode inod){
    // Recupera contenido de los blocks de datos de un inodo
    int *cont=NULL; 
    int *idx=NULL;
    int i=0;
    int *block;

    cont = malloc(sizeof(int));
    idx  = malloc(sizeof(int)); // HERE IS WHERE THE PROGRAM CRASHES
                                // EVEN IF MALLOCS ARE SWAPPED

    while(i < inod->i_blocks && i<13) {
        // Recupera los 12 primeros bloques directamente
            realloc(cont, i*sizeof(int)); // CRASHED HERE WHEN
                                          // I DELETED ONE MALLOC

            cont[i]=inod->i_block[i];
            i++;
    }

    if(i < inod->i_blocks){
        *idx=13;
        block=(int*)getblock(inod->i_block[*idx]);
        fetchcont(block, idx, cont, inod->i_blocks, 0);
    }
    if(i < inod->i_blocks){
        block=(int*)getblock(inod->i_block[*idx]);
        fetchcont(block, idx, cont, inod->i_blocks, 1);
    }
    if(i < inod->i_blocks){
        block=(int*)getblock(inod->i_block[*idx]);
        fetchcont(block, idx, cont, inod->i_blocks, 2);
    }

    return cont;

}

Thanks in advice!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This part is definitely a problem (shortened snippet):

    int i = 0;

cont = malloc(sizeof(int)); 

while(i < inod->i_blocks && i<13) {

        realloc(cont, i*sizeof(int));

    The first time through, i will be zero at the time of the realloc call. The malloc() man page says:

    realloc() changes the size of the memory block pointed to by ptr to size bytes. The contents will be unchanged to the minimum of the old and new sizes; newly allocated memory will be uninitialized. If ptr is NULL, then the call is equivalent to malloc(size), for all values of size; if size is equal to zero, and ptr is not NULL, then the call
    is equivalent to free(ptr).     Unless ptr is NULL, it must have been returned by an earlier call to malloc(), calloc() or realloc(). If the area pointed to was moved, a free(ptr) is done.

    Since you then go:

    cont[i]=inod->i_block[i];

    You’ll be writing to memory that you’ve just freed (Or, when i is non-zero, you’ll be writing just past the memory you’ve allocated). This could be anything – you could be overwriting the internal structures of malloc(), which could cause a crash later on some invocation of malloc or free.

    Also, after the realloc(cont, 0), cont will no longer be a pointer returned by malloc() (since it’s as if you’d written free(cont);), and it also won’t be null. This will almost certainly crash when i is 1.

    You probably meant:

            realloc(cont, (i+1)*sizeof(int));

    instead.

    • 0