Malloc，字符串指针和Valgrind

Question

我的程序是这样的（ main.c ）：

#include <stdlib.h>
#include <stdio.h>
void main(){
  char *first="hello ";
  char *second="world!";
  char *seq=(char *)malloc((strlen(first)+1)*sizeof(char));
  strcat(strcpy(seq,first),second);
  printf("%s\n",seq);
  free(seq);
}

我用valgrind工具调试，它说（$：valgrind --tool = memcheck --leak-check = full --track-originins = yes ./main）：

==5118== Memcheck, a memory error detector.
==5118== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==5118== Using LibVEX rev 1884, a library for dynamic binary translation.
==5118== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==5118== Using valgrind-3.4.1, a dynamic binary instrumentation framework.
==5118== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==5118== For more details, rerun with: -v
==5118== 
==5118== Invalid write of size 1
==5118==    at 0x402575B: strcat (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484EB: main (main.c:7)
==5118==  Address 0x418a02f is 0 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== Invalid write of size 1
==5118==    at 0x4025777: strcat (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484EB: main (main.c:7)
==5118==  Address 0x418a034 is 5 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== Invalid read of size 1
==5118==    at 0x4025963: strlen (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x40A0FA4: puts (in /lib/libc-2.10.1.so)
==5118==    by 0x80484F7: main (main.c:8)
==5118==  Address 0x418a02f is 0 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== Invalid read of size 1
==5118==    at 0x40ACEFE: _IO_default_xsputn (in /lib/libc-2.10.1.so)
==5118==    by 0x40AA3D0: _IO_file_xsputn@@GLIBC_2.1 (in /lib/libc-2.10.1.so)
==5118==    by 0x40A1020: puts (in /lib/libc-2.10.1.so)
==5118==    by 0x80484F7: main (main.c:8)
==5118==  Address 0x418a02f is 0 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
hello world!
==5118== 
==5118== ERROR SUMMARY: 17 errors from 4 contexts (suppressed: 13 from 1)
==5118== malloc/free: in use at exit: 7 bytes in 1 blocks.
==5118== malloc/free: 1 allocs, 0 frees, 7 bytes allocated.
==5118== For counts of detected errors, rerun with: -v
==5118== searching for pointers to 1 not-freed blocks.
==5118== checked 47,492 bytes.
==5118== 
==5118== 
==5118== 7 bytes in 1 blocks are definitely lost in loss record 1 of 1
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== LEAK SUMMARY:
==5118==    definitely lost: 7 bytes in 1 blocks.
==5118==      possibly lost: 0 bytes in 0 blocks.
==5118==    still reachable: 0 bytes in 0 blocks.
==5118==         suppressed: 0 bytes in 0 blocks.

谁能告诉我为什么以及如何解决它。

Answer 1

 char *seq=(char *)malloc((strlen(first)+1)*sizeof(char));

您正在为大小仅为'first'的字符串分配内存。

  strcat(strcpy(seq,first),second);

然后你尝试将第一个和第二个都装进去。那永远不会奏效。 strcat不会创建更多内存，您需要将其包含在malloc。

中

There is no need to cast the result of malloc in pure C.

也没有必要做sizeof(char)，因为保证是1.有些人喜欢在那里有关于类型的说明，如果它改变，有些人认为它是混乱的。

Answer 2

free()的对应malloc()在哪里？

Answer 3

你只是在seq。

中为第一个分配足够的空间

Answer 4

seq只是（strlen（第一个）+1）* sizeof（char）long，不足以保持连接字符串第一个+第二个。

Answer 5

我可以看到这一行：

strcat的（的strcpy（SEQ，第一），第二）;

没有错误的框架。原因是，您正在进行字符串连接，而您没有提供正确的来源。如果将上述语法分成2行，它将正常工作。

的strcpy（SEQ，第一）; 的strcat（SEQ，秒）;

这是因为，当您进行字符串复制时，它会将字符串从“first”复制到“seq”。现在，对于字符串连接，因为它找不到合适的源[记住你没有特别提到源是“seq”]，它给出了无效的写内存泄漏问题。

希望这能澄清你的问题。如果需要任何进一步的信息，请恢复相同的信息。