为什么free(指针)给出运行时错误?

时间:2015-02-19 23:43:55

标签: c malloc runtime-error free

我有以下C程序。它询问用户的坐标数量。然后使用malloc分配内存,将坐标(整数)存储在已分配的内存中,然后释放内存。

#include<stdio.h>
#include<stdlib.h>

int main(int argc, char *argv[]) /* Arguments to main() not necessary but used to keep with convention.*/
{
    int num_of_coordinates;
    printf("How many co-ordinates: ");
    scanf("%d", &num_of_coordinates);

    int *coordinate_array = malloc(num_of_coordinates * 2);
    int i, j;

    /* Below for loop takes the x and y coordinate of all points. */
    /* These coordinates are stored in coordinate_aaray[]. */
    for (i=0; i < num_of_coordinates*2; i++)
    {
            j = (i / 2) + 1 ;
            if (i % 2 != 0)
            {
                    printf("Enter x coordinate of point %d: ",j);
                    scanf("%d",&coordinate_array[i]);
            }
            else
            {
                    printf("Enter y-coordinate of point %d: ",j);
                    scanf("%d",&coordinate_array[i]);
            }
    }

    for (i=0; i < num_of_coordinates*2; i++)
    {
            printf("%d ",coordinate_array[i]);
    }
    printf("\n");

    /* Free the allocated memory. */
    free (coordinate_array);

    return 0;
}

当我运行这些程序时,在number_of_coordinates等于或小于3之前我没有遇到任何问题。

-bash-4.1$ ./a.out
How many co-ordinates: 3
Enter y-coordinate of point 1: 1
Enter x coordinate of point 1: 2
Enter y-coordinate of point 2: 3
Enter x coordinate of point 2: 4
Enter y-coordinate of point 3: 5
Enter x coordinate of point 3: 6
1 2 3 4 5 6
-bash-4.1$

但是当我给num_of_coordinates一个4或更多的值时,我得到一个运行时错误(很可能是因为free(coordinate_array))。

-bash-4.1$ ./a.out
How many co-ordinates: 4
Enter y-coordinate of point 1: 1
Enter x coordinate of point 1: 2
Enter y-coordinate of point 2: 3
Enter x coordinate of point 2: 4
Enter y-coordinate of point 3: 5
Enter x coordinate of point 3: 6
Enter y-coordinate of point 4: 7
Enter x coordinate of point 4: 8
1 2 3 4 5 6 7 8
*** glibc detected *** ./a.out: free(): invalid next size (fast):    0x000000000185b010 ***

实际上运行时错误消息很长,所以我只是显示了该错误的第一行。

为什么在num_of_coordinates大于或等于4的情况下会发生此错误?

感谢。

3 个答案:

答案 0 :(得分:1)

我犯了一个愚蠢的错误。

我使用以下声明分配了不足的内存量。

int *coordinate_array = malloc(num_of_coordinates * 2);

但是,由于每个数字都是int,我必须使用以下声明。

int *coordinate_array = malloc(num_of_coordinates * 2 * sizeof(int));

进行此更改后,程序无需运行时错误。

-bash-4.1$ ./a.out
How many co-ordinates: 4
Enter y-coordinate of point 1: 1
Enter x coordinate of point 1: 2
Enter y-coordinate of point 2: 3
Enter x coordinate of point 2: 4
Enter y-coordinate of point 3: 5
Enter x coordinate of point 3: 6
Enter y-coordinate of point 4: 7
Enter x coordinate of point 4: 8
1 2 3 4 5 6 7 8
-bash-4.1$

答案 1 :(得分:1)

这一行存在许多问题:

int *coordinate_array = malloc(num_of_coordinates * 2);

1) the amount of allocated memory is 1byte * num_of_coordinates * 2
That is not large enough to hold num_of_coordinates*2 integers
use:

int *coordinate_array = malloc(num_of_coordinates * 2 * sizeof int);

2) always check the returned value from malloc (and family) 
   to assure the operation was successful

int *coordinate_array = NULL;

if( NULL == (coordinate_array = malloc(num_of_coordinates * 2 * sizeof int) ) )
{ // then, malloc failed
    perror( "malloc for coordinate array failed" );
    exit( EXIT_FAILURE );
}

// implied else, malloc successful

答案 2 :(得分:0)

确保分配所需的确切字节数。正如上面提到的另一个用户,你应该使用:

malloc(num_of_coordinates * sizeof(int)* 2)

另外,只需要仔细检查一下,如何记录值以测试代码。例如,记录num_of_coordinates以确保您扫描了正确的值。

要进行调试,您可以尝试以下方法:http://dmalloc.com/