我试图释放我为字符串制作的malloc缓冲区,但free()给了我一个错误。 在我看来,指针的值不会改变,两个数组都是malloc&#d; d。那么应该可以释放它们吗? 我无法想到我做错了什么。
以下是代码:
/* dump
* this function dumps the entry array to the command line
* */
void dump(PasswordEntry * entries, int numLines) {
int index = 0;
unsigned char *hexSalt = malloc(SALT_HEX_LENGTH+1), *hexHash = malloc(MAX_HASH_LEN+1); /* pointers for salt and hash, because we need them in hex instead of byte */
while (index < numLines) { /* go through every line */
/* gets us the salt in hex */
toHexBinary(hexSalt, entries[index].salt, SALT_HEX_LENGTH);
/* gets us the hash in hex, with length according to set algorithm */
toHexBinary(hexHash, entries[index].hash, (entries[index].algorithm == HASH_ALG_SHA1)?SHA1_HEX_LENGTH:SHA2_HEX_LENGTH);
/* prints one line to command line */
printf("%s: %s = %s (%s/%s)\n", entries[index].username, hexHash, (entries[index].password == NULL)?"???":entries[index].password, (entries[index].algorithm == HASH_ALG_SHA1)?"SHA1":"SHA2", hexSalt);
index++;
}
/* don't need these anymore, we can free them */
free(hexSalt);
free(hexHash);
}
/* takes a string in binary and returns it in hex (properly escaped) */
unsigned char * toHexBinary(unsigned char * to, unsigned char * from, int length) {
unsigned char c = '0';
int second = 0, first = 0;
if (to == NULL) { /* if to is null, we need to allocate it */
to = malloc(length+1);
}
to[length] = '\0';
while (length-- > 0) { /* go trough the string, starting at tthe end */
length--; /* we always need to read two characters */
c = from[length/2];
second = c % 16;
first = (c - second) / 16;
to[length] = toHex(first);
to[length+1] = toHex(second);
}
return to;
}
/* takes a numeric character and returns it's hex representation */
char toHex(int c) {
if (c < 10) return (char)(NUMBER_BEGIN + c); /* if it is under 10, we get the appropiate digit */
else return (char)(UPPER_BEGIN + (c - 10)); /* if it is over 10, we get the appropiate UPPERCASE character */
}
这是gdb的输出:
Starting program: /crack -b ./hashes.txt 1 2
Breakpoint 1, dump (entries=0x604700, numLines=9) at crack.c:435
435 unsigned char *hexSalt = malloc(SALT_HEX_LENGTH+1), *hexHash = malloc(MAX_HASH_LEN+1); /* pointers for salt and hash, because we need them in hex instead of byte */
(gdb) next
437 while (index < numLines) { /* go through every line */
(gdb) p hexSalt
$1 = (unsigned char *) 0x604390 ""
(gdb) p hexHash
$2 = (unsigned char *) 0x604510 ""
(gdb) continue
Continuing.
Breakpoint 2, dump (entries=0x604700, numLines=9) at crack.c:449
449 free(hexSalt);
(gdb) p hexSalt
$3 = (unsigned char *) 0x604390 "1234567890FEDCBA0000"
(gdb) p hexHash
$4 = (unsigned char *) 0x604510 "05F770BDD6D78ED930A9B6B9A1F22776F13940B908679308C811978CD570E057"
(gdb) next
450 free(hexHash);
(gdb) next
*** Error in `/crack': free(): invalid next size (fast): 0x0000000000604510 ***
Program received signal SIGABRT, Aborted.
0x00007ffff7602267 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:55
55 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
答案 0 :(得分:0)
toHexBinary(hexHash, entries[index].hash, (entries[index].algorithm == HASH_ALG_SHA1)?SHA1_HEX_LENGTH:SHA2_HEX_LENGTH);
您只为MAX_HASH_LEN+1分配hexHash个字节。但是你传递的是SHA1_HEX_LENGTH或SHA2_HEX_LENGTH。
如果这些值中的任何一个值大于MAX_HASH_LEN,则由于函数toHexBinary()访问hexHash[MAX_HASH_LEN]而存在问题。这可能发生了什么。您无法传递大于MAX_HASH_LEN的值。
答案 1 :(得分:0)
我遇到了类似的错误,&#34; free():下一个尺寸无效&#34;和&#34; ../ sysdeps / unix / sysv / linux / raise.c:没有这样的文件或目录。&#34;。
我正在运行一个外设init工作,然后执行ROS init和其他工作
外围init作业运行正常,ROS初始化作业也可以正常工作。但是当它们在一起时,它总是报告这个错误
最后我发现这是一个记忆问题。在malloc()中我错过了sizeof(*),然后malloc内存的大小不正确
只适合在同一条船上的人。