在malloc上的Valgrind内存泄漏

时间:2014-06-03 16:20:44

标签: c valgrind

我正在一个C项目中工作,我创建了以下哈希表实现:

typedef struct hash_record 
{
    char* key;
    char* value;
    struct hash_record* next;
}hash_record;

typedef struct hash_bucket
{
    char* key;
    hash_record* head_record;
}hash_bucket;

typedef struct hash_table 
{
    int bucket_num;
    hash_bucket** hash_entry;
}hash_table;

int hash_init(hash_table** h_table, int bucket_num)
{
    int i;
    (*h_table) = malloc(sizeof(char)*sizeof(hash_table));

    assert((*h_table) != NULL);
    (*h_table)->hash_entry = malloc(sizeof(hash_bucket*) * bucket_num);
    assert((*h_table)->hash_entry != NULL);
    (*h_table)->bucket_num = bucket_num;
    for(i = 0; i < bucket_num; i++)
    {
        (*h_table)->hash_entry[i] = malloc(sizeof(hash_bucket));
        (*h_table)->hash_entry[i]->head_record = NULL;
        (*h_table)->hash_entry[i]->key = NULL;
    }
    return 0;
}

int hash_destroy(hash_table** h_table)
{
    int i;
    hash_record* tmp_rec, *tmp_rec_2;

    if((*h_table) == NULL)
    {
        return 0;
    }
    for(i = 0; i < (*h_table)->bucket_num; i++)
    {
        assert((*h_table)->hash_entry[i] != NULL);
        tmp_rec = (*h_table)->hash_entry[i]->head_record;
        while(tmp_rec != NULL)
        {
            assert((tmp_rec != NULL) && (tmp_rec->value != NULL));
            tmp_rec_2 = tmp_rec;
            tmp_rec = tmp_rec->next;
            if(tmp_rec_2->value != NULL && strlen(tmp_rec_2->value) > 0 && 
                tmp_rec_2->key != NULL && strlen(tmp_rec_2->key) > 0)
            {
                free(tmp_rec_2->value);
                free(tmp_rec_2->key);
            }
            free(tmp_rec_2);
        }
        assert((*h_table)->hash_entry[i] != NULL);
        free((*h_table)->hash_entry[i]);
    }
    free((*h_table)->hash_entry);
    free((*h_table));
    return 0;
}

void hash_put_value(hash_table** h_table, char* key, char* value)
{
    hash_record* tmp_rec, *tmp_rec2;

    assert((*h_table) != NULL);
    assert((*h_table)->bucket_num > 0);
    assert((*h_table)->hash_entry != 0);
    assert(key !=  NULL && strlen((char*) key) > 0);
    assert(value != NULL);
    assert(strlen(value) > 0);

    unsigned int bucket_no = FNVHash (key, strlen(key));
    bucket_no = bucket_no % (*h_table)->bucket_num;

    assert((*h_table)->hash_entry[bucket_no] != NULL);

    tmp_rec = malloc(sizeof(hash_record));
    tmp_rec->key = malloc(sizeof(char)*(1 + strlen(key)));
    strcpy(tmp_rec->key, key);
    tmp_rec->value = malloc(sizeof(char)*(1 + strlen(value)));
    strcpy(tmp_rec->value, value);
    tmp_rec->next = NULL;

    if( (*h_table)->hash_entry[bucket_no]->head_record == NULL )
    {
        (*h_table)->hash_entry[bucket_no]->head_record = tmp_rec;
    }
    else
    {
        tmp_rec->next = (*h_table)->hash_entry[bucket_no]->head_record->next;
        (*h_table)->hash_entry[bucket_no]->head_record = tmp_rec;
    }
}

使用上述实现的客户端代码如下:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>

#include "hash_table.h"

int main(int argc, char** argv)
{
    int call_type;
    int done;
    hash_table* h_table;
    hash_init(&h_table, 67);
    char* sample_key;
    int i;
    hash_record* h_table_iterator;
    unsigned int bucket_iterator;
    for(i = 0; i < 1000; i++)
    {
        sample_key = malloc(sizeof(char)*(1 + strlen("key_XXXXXXX")));
        sprintf(sample_key, "key_%d", i);
        hash_put_value(&h_table, sample_key, sample_key);
        free(sample_key);
    }

    hash_destroy(&h_table);
    return 0;
}

当我用Valgrind执行我的代码时,我得到以下内容:

db2inst1@bear:~/Documents/bigintegration/Recode-UDF$ valgrind --tool=memcheck --leak-   check=yes --show-reachable=yes --num-callers=20 ./hash_test
==3031== Memcheck, a memory error detector
==3031== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==3031== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==3031== Command: ./hash_test
==3031== 
==3031== 
==3031== HEAP SUMMARY:
==3031==     in use at exit: 37,100 bytes in 2,799 blocks
==3031==   total heap usage: 4,069 allocs, 1,270 frees, 53,404 bytes allocated
==3031== 
==3031== 7,354 bytes in 933 blocks are indirectly lost in loss record 1 of 3
==3031==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3031==    by 0x40173C: hash_put_value (in /home/db2inst1/Documents/bigintegration/Recode-UDF/hash_test)
==3031==    by 0x40091D: main (in /home/db2inst1/Documents/bigintegration/Recode-UDF/hash_test)
==3031== 
==3031== 7,354 bytes in 933 blocks are indirectly lost in loss record 2 of 3
==3031==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3031==    by 0x40178F: hash_put_value (in /home/db2inst1/Documents/bigintegration/Recode-UDF/hash_test)
==3031==    by 0x40091D: main (in /home/db2inst1/Documents/bigintegration/Recode-UDF/hash_test)
==3031== 
==3031== 37,100 (22,392 direct, 14,708 indirect) bytes in 933 blocks are definitely lost in loss record 3 of 3
==3031==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64- linux.so)
==3031==    by 0x401705: hash_put_value (in /home/db2inst1/Documents/bigintegration/Recode-UDF/hash_test)
==3031==    by 0x40091D: main (in /home/db2inst1/Documents/bigintegration/Recode-UDF/hash_test)
==3031== 
==3031== LEAK SUMMARY:
==3031==    definitely lost: 22,392 bytes in 933 blocks
==3031==    indirectly lost: 14,708 bytes in 1,866 blocks
==3031==      possibly lost: 0 bytes in 0 blocks
==3031==    still reachable: 0 bytes in 0 blocks
==3031==         suppressed: 0 bytes in 0 blocks
==3031== 
==3031== For counts of detected and suppressed errors, rerun with: -v
==3031== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

我不明白Valgrind捕获的内存泄漏的原因是什么。我真的很担心这件事,因为我通常会分配这样的记忆,我相信自从Valgrind抱怨之后,我一定是做错了。

我浏览了有关此事的其他帖子,但我没有找到与我的代码类似的内容。关于我做错了什么的任何想法,建议和指示?

谢谢你, 尼克

1 个答案:

答案 0 :(得分:5)

hash_put_value

tmp_rec->next = (*h_table)->hash_entry[bucket_no]->head_record->next;

应该是

tmp_rec->next = (*h_table)->hash_entry[bucket_no]->head_record;

您当前的代码泄漏了现有的head_record

如果您想简化代码,现在可以缩短

tmp_rec->next = NULL;
if( (*h_table)->hash_entry[bucket_no]->head_record == NULL )
{
    (*h_table)->hash_entry[bucket_no]->head_record = tmp_rec;
}
else
{
    tmp_rec->next = (*h_table)->hash_entry[bucket_no]->head_record;
    (*h_table)->hash_entry[bucket_no]->head_record = tmp_rec;
}

tmp_rec->next = (*h_table)->hash_entry[bucket_no]->head_record;
(*h_table)->hash_entry[bucket_no]->head_record = tmp_rec;

您的代码中还有另一个潜在的泄漏。 hash_init会为零长度键或值创建一个条目,但hash_destroy会跳过释放它们。在NULL指针或(已分配)空字符串上调用free是安全的,所以

if(tmp_rec_2->value != NULL && strlen(tmp_rec_2->value) > 0 && 
    tmp_rec_2->key != NULL && strlen(tmp_rec_2->key) > 0)
{
    free(tmp_rec_2->value);
    free(tmp_rec_2->key);
}

应该是

free(tmp_rec_2->value);
free(tmp_rec_2->key);