Flatbuffer Union的使用导致双重释放或损坏错误

时间:2017-11-24 13:53:15

标签: c++ delete-operator memory-corruption flatbuffers double-free

我在程序执行结束时遇到以下错误:

  

*`./bin/test':双重免费或损坏(外出)错误:0x00007ffd34dab0d0 *   中止

我目前正在使用Flatbuffer for C ++测试基于对象的API(--gen-object-api)。我的主文件看起来像这样:

int main(int argc, char* argv[]) {

    flatbuffers::FlatBufferBuilder builder;
    auto dataTest = event::ByteBufferT();
    dataTest.Bytes.push_back(1);
    dataTest.Bytes.push_back(2);

    event::EventDataUnion unionD;
    unionD.type = event::EventData_ByteBuffer;
    unionD.value = &dataTest;

    auto eventOffset = event::CreateEvent(builder,
                       builder.CreateString("byteDataEvent"), 10,
                       event::EventData_ByteBuffer, unionD.Pack(builder));

    builder.Finish(eventOffset);

    auto eventOutput = event::GetEvent(builder.GetBufferPointer());
    auto vec(eventOutput->data_as_ByteBuffer()->Bytes());

    for (auto it = vec->begin(); it != vec->end(); ++it) {
        std::cout << "ByteData: " << int(*it) << std::endl;
    }

    return 0;
}

我知道错误发生在哪里,但我不知道如何避免它。 valgrind-output看起来像这样:

==6242== Invalid free() / delete / delete[] / realloc()
==6242==    at 0x4C2A360: operator delete(void*) (vg_replace_malloc.c:507)
==6242==    by 0x4031C3: event::EventDataUnion::Reset() (event_generated.h:725)
==6242==    by 0x4028F5: event::EventDataUnion::~EventDataUnion() (event_generated.h:78)
==6242==    by 0x401320: main (main.cpp:118)
==6242==  Address 0xfff0000d0 is on thread 1's stack
==6242==  in frame #3, created by main (main.cpp:8)
==6242== 
==6242== Invalid free() / delete / delete[] / realloc()
==6242==    at 0x4C2A360: operator delete(void*) (vg_replace_malloc.c:507)
==6242==    by 0x406373: __gnu_cxx::new_allocator<signed char>::deallocate(signed char*, unsigned long) (new_allocator.h:110)
==6242==    by 0x405FC6: std::allocator_traits<std::allocator<signed char> >::deallocate(std::allocator<signed char>&, signed char*, unsigned long) (alloc_traits.h:383)
==6242==    by 0x40585D: std::_Vector_base<signed char, std::allocator<signed char> >::_M_deallocate(signed char*, unsigned long) (stl_vector.h:178)
==6242==    by 0x404DA4: std::_Vector_base<signed char, std::allocator<signed char> >::~_Vector_base() (stl_vector.h:160)
==6242==    by 0x403C5E: std::vector<signed char, std::allocator<signed char> >::~vector() (stl_vector.h:425)
==6242==    by 0x403109: event::ByteBufferT::~ByteBufferT() (event_generated.h:260)
==6242==    by 0x40132C: main (main.cpp:114)
==6242==  Address 0x5a021d0 is 0 bytes inside a block of size 2 free'd
==6242==    at 0x4C2A360: operator delete(void*) (vg_replace_malloc.c:507)
==6242==    by 0x406373: __gnu_cxx::new_allocator<signed char>::deallocate(signed char*, unsigned long) (new_allocator.h:110)
==6242==    by 0x405FC6: std::allocator_traits<std::allocator<signed char> >::deallocate(std::allocator<signed char>&, signed char*, unsigned long) (alloc_traits.h:383)
==6242==    by 0x40585D: std::_Vector_base<signed char, std::allocator<signed char> >::_M_deallocate(signed char*, unsigned long) (stl_vector.h:178)
==6242==    by 0x404DA4: std::_Vector_base<signed char, std::allocator<signed char> >::~_Vector_base() (stl_vector.h:160)
==6242==    by 0x403C5E: std::vector<signed char, std::allocator<signed char> >::~vector() (stl_vector.h:425)
==6242==    by 0x403109: event::ByteBufferT::~ByteBufferT() (event_generated.h:260)
==6242==    by 0x4031BB: event::EventDataUnion::Reset() (event_generated.h:725)
==6242==    by 0x4028F5: event::EventDataUnion::~EventDataUnion() (event_generated.h:78)
==6242==    by 0x401320: main (main.cpp:118)
==6242== 
==6242== 
==6242== HEAP SUMMARY:
==6242==     in use at exit: 0 bytes in 0 blocks
==6242==   total heap usage: 5 allocs, 7 frees, 1,219 bytes allocated
==6242== 
==6242== All heap blocks were freed -- no leaks are possible
==6242== 
==6242== For counts of detected and suppressed errors, rerun with: -v
==6242== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 1)

我的flatbuffer文件(event.fbs)如下所示:

// event.fbs   
namespace event;

table TableData {
    param1:string;
    param2:uint;
}

table ByteBuffer {
    Bytes:[byte];
}

struct StructData {
    x:float;
    y:float;
}

union EventData {
    TableData,
    StructData,
    ByteBuffer,
    String:string,
}

table Event {
  name:string (key);
  timestamp:ulong = -1;
  data:EventData;
}

root_type Event;

我的输出正确,错误除外:

 ByteData: 1
 ByteData: 2
 *** Error in `./bin/test': double free or corruption (out): 0x00007ffd34dab0d0 ***
Aborted

更新

如果没有对象API,它会是这样吗?:

flatbuffers::FlatBufferBuilder builder;
signed char inv_data[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
auto byteBuffer = event::CreateByteBuffer(builder, builder.CreateVector(inv_data, 10));
auto event = event::CreateEvent(builder, builder.CreateString("byteDataEvent"), 10, event::EventData_ByteBuffer, byteBuffer.Union());
builder.Finish(event);

然后我会通过建造者?

1 个答案:

答案 0 :(得分:1)

错误可能在这里:

unionD.value = &dataTest;

union对象期望拥有它指向的值,并在最后删除它。但它也被删除为局部变量。

您正在混合使用两个API,即对象API(适用于ByteBufferEventData)和标准API(适用于Event)。这很好,但可能不是你想要的(前者用于方便/存储,后者用于速度)。对象API通常是拥有其子项的自包含对象树。

相关问题
最新问题