我一直收到这个错误:
*** glibc detected *** /s/httpget: double free or corruption (fasttop): 0x00000000005352a0 ***
我真的没有看到,我有两次免费.所以我猜它是因为腐败...我在附加的代码中做了一些评论,所以请看看那里,更好地理解问题.
Here backtrace: #5 0x0000000000401077 in processXML ( start=0x506010 "\n\n\n
\n\n
这里的代码:
void processXML(char *start, char *stop, GTree* t) { if (start == NULL)return; start = strstr(start,START); char * cp = start ; char * tmpP; gpointer* key; ticP tP; size_t symlen=0; while (cp < stop) { //here the first occurance of the var, which causes the problem char * triP; cp = (strchr( cp, '"'))+1; tmpP = strchr( cp, '"'); if ( tmpP != NULL ) { symlen = (tmpP - cp) ; printf("mallocated %zu\n", symlen) ; //EDIT triP = malloc(symlen+1); memcpy (triP, tmpP - (symlen) , symlen); triP [symlen] = '\0'; printf(">>VAL %s<<\n", triP); cp = strstr( cp, STARTP); if (cp == NULL){ return;} } if (triP != NULL && (key = g_tree_lookup (t, triP))== NULL ) { printf("I N S E R T E D \n"); tP = malloc(sizeof(tic)); g_tree_insert(t, triP, tP); } //here I try to free it but only if some bytes were allocated... if (symlen >0)free (triP);怎么了?
肯定是腐败,是的.这个:
triP = malloc(symlen); memcpy (triP, tmpP - (symlen) , symlen); triP [symlen] = '\0';
用最后一行闯入未分配的空间.如果分配symlen
字节,则有效索引从0到(并包括)symlen - 1
,但索引symlen
超出分配的空间1个字节.繁荣.
像往常一样,要构建一个包含n
实际可见字符的字符串,您需要n + 1
字符的空间值,以包含终止符.