Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

understanding double free errors

Posted on 2012-03-13
3
Medium Priority
?
473 Views
Last Modified: 2012-03-19
Hi Experts,

I am trying to understand how to analyze a double free error. I have the following simple code.  When it crashed, I collected the core dump.

#include <stdio.h>
#include <stdlib.h>


void doubleFree()
{
	char *p = (char *)malloc(1);
	free(p);

	free(p);
}


int main(int argc, char **argv)
{

	doubleFree();

	return 0;
}

Open in new window


When I loaded the core dump into GDB, I have the followings.  I am wondering why gdb was not able to find symbols for frame 2 and 3.  

(gdb) bt
#0  0x0103c75c in SyncCtl () from libc.so.3
#1  0x0102cc58 in rename (old=<optimized out>, new=0xff604 "
    at /builds/Trunk-Worldbuild/latest/svn/lib/c/ansi/rename
#2  0x4143535e in ?? ()
#3  0x4143535e in ?? ()
Backtrace stopped: previous frame identical to this frame (c
(gdb) info registers
r0             0x0      0
r1             0x11be09f        18604191
r2             0x1      1
r3             0x6      6
r4             0x0      0
r5             0x0      0
r6             0x107f53c        17298748
r7             0x1077d80        17268096
r8             0x10778c4        17266884
r9             0x103120 1061152
r10            0x430    1072
r11            0xff604  1046020
r12            0x1a     26
sp             0xff544  0xff544
lr             0x102cc58        16960600
pc             0x103c75c        0x103c75c <SyncCtl+8>
cpsr           0x60000010       1610612752
(gdb) info sharedlibrary
From        To          Syms Read   Shared Object Library
                        No          libmq.so.1
                        No          libnspinoverride.so
                        No          libmmapoverride.so
                        No          libbps.so.1
0x01000000  0x01080330  Yes         libc.so.3
                        No          libscreen.so.1
0x7800a000  0x7800f0f0  Yes         libpps.so.1
0x78050000  0x78076d1c  Yes         libm.so.2
0
Comment
Question by:ambuli
  • 2
3 Comments
 
LVL 35

Accepted Solution

by:
Duncan Roe earned 2000 total points
ID: 37718908
You would do much better to gdb your little program, and analyse the backtrace &c. when it gets the signal.
The output you posted does not look like your program at all. Supposing your program is called myprog and it dumps the file core (use ls -ltr to verify this - it may dump core.pid), then you need to either
gdb myprog core

Open in new window

or
gdb myprog
core core

Open in new window

Actually, looking again at the output you posted, I really think you must have happened on a really old core file. I don't remember libc.so.3 but I still have libc.so.4 (last updated 1995). libc.so.6 has been current since before the turn of the century.
Have another go and see how you get on - Good Luck!
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 37718919
I think modern libc recognises double-free and raises a signal. Older libc would simply trash the storage arena, but you wouldn't get a signal until (could be much) later in the program when another malloc() trips up on the mess.
0
 
LVL 7

Expert Comment

by:tampnic
ID: 37718929
Easiest way to avoid double-free problems is to assign any pointer to NULL just after the allocation is free'd - freeing a NULL pointer is a no-op and shouldn't cause an error when the second attempt is made.

This leaves you with the scenario where you still have a logical error in the code, as you would usually be expecting the pointer to be pointing to something when you free it, but at least it won't terminate the program unexpectedly. I usually wrap a free call inside a null check anyway.

Something like:

void doubleFree()
{
	char *p = (char *)malloc(1);
	/* more code */
	free(p);
	p = NULL;
	/* more code */
	if ( p != NULL ) {
		free(p);
	} else {
		logmessage("Attempt to free a null pointer in doubleFree etc etc");
	}
}

Open in new window


Cheers,
  Chris
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Article by: evilrix
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question