Re: Oops... strange (to me) segfault problem

From: John Vetterli <jvetterli linux ca>
To: GTK Application Developers' Mailing List <gtk-app-devel-list gnome org>
Subject: Re: Oops... strange (to me) segfault problem
Date: Wed, 4 Aug 2004 02:23:27 -0400 (EDT)

On Wed, 4 Aug 2004, Kraite Redman wrote:

because of  the included code.  The files which originally were
attached can be dl'd here:
  http://www.pizzashack.org/gtktest.tgz


#define BLOCK_SZ 8192
  .
  .
  .
  while ( (status = read(pd[0], (buf + offset), BLOCK_SZ)) ){
    if ( status == -1 ){
      fprintf(stderr, "get_keys(): read from pipe failed\n");
      free(buf);
      return NULL;
    }

    else if ( status == BLOCK_SZ ){
      if ( !(buf = (char *)realloc(buf, offset + BLOCK_SZ)) ){
        fprintf(stderr, "realloc() failed");
        free(buf);
        return NULL;
      }
    }
    offset += status;
  }


It looks like you're corrupting the free store.

I suspect the first call to read() reads less than BLOCK_SZ bytes, in
which case offset gets incremented but the memory block doesn't get
resized, so the next call to read() overwrites the data after the end of
the memory block.  Perhaps if you removed the "if ( status == BLOCK_SZ )"
and resized the memory block unconditionally ???

JV

Follow-Ups:
- Re: Oops... strange (to me) segfault problem
  - From: Derek Martin
- Re: Oops... strange (to me) segfault problem
  - From: Pawel S. Veselov

References:
- Oops... strange (to me) segfault problem
  - From: Kraite Redman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]