shade254 shade254 - 29 days ago 10
Linux Question

Invalid write/read of size 1 in valgrind, no answer found

I'm trying to do a prime decomposition of numbers that cannot be representated by classical number types.
I read that big number as string and then I divide it by all primes smaller than 10^6 (generated in advance). In process I use dynamic allocation of memory. After completion of my code I checked valgrind output and found a few errors which are seems to be caused by the same thing and I just can't see what is wrong in my code. I did a research and although many people get the same error, solution wasn't applicable to my problem.
I will be greatful for every piece of advice because I am just desperate by now.

Here is my code(without functions that are not substantial for my problem):



long* primeArray;
long endDiv = 101;
long r;
long length;
char *division(char dividend[],long divisor){
char *multiplier = malloc(sizeof(char*)*endDiv);
long temp=0;
int i=0;
int j=0;
while(dividend[i]){
temp = temp*10 + (dividend[i] - 48);
if(temp<divisor){
multiplier[j++] = 48;
}
else{
multiplier[j++] = (temp / divisor) + 48;
temp = temp % divisor;
}
i++;
}
multiplier[j] = '\0';
length = j;
r = temp;
return multiplier;
}
void doDecomposition(char* divident){
long* primeDec = (long*)malloc(endDiv* sizeof(long*));
int counter = 0;
char * multiplier;
for(int i = 0;i<endPrime-1;i++){
multiplier = division(divident, primeArray[i]);
if(r == 0){
free(divident);
divident = multiplier;
primeDec[counter] = primeArray[i];
i = -1;
counter++;
}else{
int f = 0;
for(int a = length-1;a>0;a--){
if(multiplier[a] != '0'){
f = 1;
break;
}
}
free(multiplier);
if(f==0){
break;
}
}
}
printCount(primeDec, counter);
free(primeDec);
free(divident);
}
int main(int argc, char *argv[])
{
char* divident = malloc(endDiv*sizeof(char*));
genPrime(1000000);
if(divident == NULL){
exit(666);
}
while(fscanf(stdin, "%s", divident) == 1){
if(divident[0] == '0' && divident[1]=='\0'){
exit(0);
}
else if(divident[0] == '1' && divident[1]=='\0'){
fprintf(stdout, "Prime decomposition of 1 is:\n1\n");
}
else{
checkDivident(divident);
fprintf(stdout,"Prime decomposition of %s is:\n", divident);
doDecomposition(divident);
}
}
free(divident);
return 0;
}


And here is my valgrind output:



==17523== Invalid write of size 1
==17523== at 0x51A0695: _IO_vfscanf (vfscanf.c:1107)
==17523== by 0x51AE8E8: __isoc99_fscanf (isoc99_fscanf.c:34)
==17523== by 0x40126F: main (main.c:185)
==17523== Address 0x550c040 is 0 bytes inside a block of size 808 free'd
==17523== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x401128: doDecomposition (main.c:161)
==17523== by 0x401252: main (main.c:195)
==17523== Block was alloc'd at
==17523== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x400C8A: division (main.c:73)
==17523== by 0x401080: doDecomposition (main.c:145)
==17523== by 0x401252: main (main.c:195)
==17523==
==17523== Invalid write of size 1
==17523== at 0x51A0752: _IO_vfscanf (vfscanf.c:1192)
==17523== by 0x51AE8E8: __isoc99_fscanf (isoc99_fscanf.c:34)
==17523== by 0x40126F: main (main.c:185)
==17523== Address 0x550c041 is 1 bytes inside a block of size 808 free'd
==17523== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x401128: doDecomposition (main.c:161)
==17523== by 0x401252: main (main.c:195)
==17523== Block was alloc'd at
==17523== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x400C8A: division (main.c:73)
==17523== by 0x401080: doDecomposition (main.c:145)
==17523== by 0x401252: main (main.c:195)
==17523==
==17523== Invalid read of size 1
==17523== at 0x4011C4: main (main.c:186)
==17523== Address 0x550c040 is 0 bytes inside a block of size 808 free'd
==17523== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x401128: doDecomposition (main.c:161)
==17523== by 0x401252: main (main.c:195)
==17523== Block was alloc'd at
==17523== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x400C8A: division (main.c:73)
==17523== by 0x401080: doDecomposition (main.c:145)
==17523== by 0x401252: main (main.c:195)
==17523==
==17523== Invalid read of size 1
==17523== at 0x4011D3: main (main.c:186)
==17523== Address 0x550c041 is 1 bytes inside a block of size 808 free'd
==17523== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x401128: doDecomposition (main.c:161)
==17523== by 0x401252: main (main.c:195)
==17523== Block was alloc'd at
==17523== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17523== by 0x400C8A: division (main.c:73)
==17523== by 0x401080: doDecomposition (main.c:145)
==17523== by 0x401252: main (main.c:195)
==17523==
==17523==
==17523== HEAP SUMMARY:
==17523== in use at exit: 627,992 bytes in 1 blocks
==17523== total heap usage: 1,252,545 allocs, 1,252,544 frees, 1,504,746,312 bytes allocated
==17523==
==17523== LEAK SUMMARY:
==17523== definitely lost: 0 bytes in 0 blocks
==17523== indirectly lost: 0 bytes in 0 blocks
==17523== possibly lost: 0 bytes in 0 blocks
==17523== still reachable: 627,992 bytes in 1 blocks
==17523== suppressed: 0 bytes in 0 blocks
==17523== Reachable blocks (those to which a pointer was found) are not shown.
==17523== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==17523==
==17523== For counts of detected and suppressed errors, rerun with: -v
==17523== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)


Info for line numbers:



185: while(fscanf(stdin, "%s", divident) == 1){
161: free(multiplier);
195: doDecomposition(divident);
73: char *multiplier = malloc(sizeof(char*)*endDiv);
145: multiplier = division(divident, primeArray[i]);


Thanks for everything, I would be happy for even slightest clue!

Answer

The problem is you free your divident in your doDecomposition function. So if the condition if(r == 0) is true, in the next loop you do in the main, you try to write in a memory you don't own. Why do you want to free if in your loop, you already free it at the end of your program ?

Another question, why do you do if(divident[0] == '0' && divident[1]=='\0') ? Read the strcmp man, it's more readable, and easy to use ;)

A last thing, when you malloc, I think it's better to make int *i = malloc(sizeof(*i)); than int *i = malloc(sizeof(int*));, because if you want to change the type of i, you'll have to change every allocations with the correct type. It's not a problem when you have a little program, but with a big one it's harder.

Comments