从结构内部的指针数组访问指针会导致分段错误

时间:2017-09-12 11:17:03

标签: c list pointers memory-management segmentation-fault

我在尝试从item_t中的**addr变量访问cart_t指针的成员时遇到了困难。 cart_t的定义如下:

typedef struct cart_struct {
    item_t **addr;
    int ptr;
    float total;
} cart_t;

我已使用以下代码初始化并向**addr添加项目:

cart_t *cart_append_item(cart_t *cart, item_t *item) {
    if (cart == NULL || item == NULL)
        return NULL;

    item_t **new = (item_t**) malloc(sizeof(item_t*) * (cart->ptr + 1));

    if (new == NULL) {
        return NULL;
    }

    int i;
    for (i=0; i<cart->ptr; i++) {
        new[i] = cart->addr[i];
    }

    new[i+1] = item;

    if (cart->addr != NULL) {
        free(cart->addr);
    }

    cart->addr = new;

    cart->ptr += 1;
    printf("price %f, quantity %d, total %f\n", new[cart->ptr]->price, new[cart->ptr]->quantity, new[cart->ptr]->price * new[cart->ptr]->quantity); // this works.
    //printf("total_prev %f\n", cart->total);
    cart->total += item->price * item->quantity;
    //printf("total %f\n", cart->total);

    return cart;
}

正如您在上面的代码中看到的那样,调试printf实际上是有效的。但是当我稍后尝试在cart.addr[n]上执行此操作时,会导致分段错误:

// cart_t canteen_cart
// item_t *item_current
...
if (cart_append_item(&canteen_cart, item_current) == NULL) {
    // error. clean up
}
...
printf("[TEST] price %f, quantity %d, total %f\n", canteen_cart.addr[canteen_cart.ptr-1]->price, canteen_cart.addr[canteen_cart.ptr-1]->quantity, canteen_cart.addr[canteen_cart.ptr-1]->price * canteen_cart.addr[canteen_cart.ptr-1]->quantity); // segmentation fault
...

谢谢!

int main()

的摘录
int main() {
    cart_t canteen_cart;
    canteen_cart.addr = NULL;
    canteen_cart.ptr = 0;
    canteen_cart.total = 0.0f;

    item_t *item_current = NULL;

    ...
    a hundred of lines later of user input thingy
    ...

    if (state == STATE_CHECKOUT) {
        printf("[TEST] %d\n", canteen_cart.addr == NULL); // returns 0
        printf("[TEST] %d\n", canteen_cart.ptr > 0); // returns 1, there are some items in the array
        printf("price %f, quantity %d, total %f\n", canteen_cart.addr[canteen_cart.ptr-1]->price, canteen_cart.addr[canteen_cart.ptr-1]->quantity, canteen_cart.addr[canteen_cart.ptr-1]->price * canteen_cart.addr[canteen_cart.ptr-1]->quantity);
    print_view_checkout(&canteen_cart); // SEGMENTATION FAULT HERE
    }

    cart_free_items(&canteen_cart); // free cart and all the members within it.

    return 0;

}

1 个答案:

答案 0 :(得分:0)

现在,当我们看到您如何初始化canteen_cart时,请从cart_append_item函数中获取单个行:

new[i+1] = item;

在第一次调用cart_append_item函数时,cart->ptr(确实命名错误)的值为0。这意味着循环不会迭代,i的值将为零。这意味着您实际上正在执行new[1] = item,其中new仅为索引为0的单个元素提供空间。这种写作超出限制当然会导致undefined behavior,使整个程序格式错误并且无效。而且容易崩溃。

您也会继续为每次cart_append_item的连续呼叫写出界限。

简单的解决方案?请改用new[cart->ptr] = item

然后关于我的realloc评论,如果使用realloc,您可以使功能变得更短更简单:

cart_t *cart_append_item(cart_t *cart, item_t *item) {
    if (cart == NULL || item == NULL)
        return NULL;

    item_t **new_items = realloc(cart->addr, sizeof *cart->addr * cart->ptr + 1);
    if (new_items == NULL) {
        return NULL;
    }

    cart->addr = new_items;

    // Add the new item
    cart->addr[cart->ptr++] = item;

    cart->total += item->price * item->quantity;

    return cart;
}