Error message: *** glibc detected *** ./cube: double free or corruption (!prev): 0x0a4c4420 ***
In the following code I am getting an error:
333 glGenBuffers(surftotal, uiVBO);
334 {
335 for(surfnum=0; surfnum<surftotal; ++surfnum)
336 {
337 glBindBuffer(GL_ARRAY_BUFFER, uiVBO[surfnum]);
338 size_t buf_size = 9*sizeof(GLfloat)*triNum[surfnum];
339 GLfloat* const pData = (GLfloat*)malloc(buf_size);
340 for(i=0; i<triNum[surfnum]; ++i)
341 printf("%d...",triNum[surfnum]);
342 {
343 memcpy(pData+i*9, triArray[surfnum][i].pt1, 3*sizeof(GLfloat));
344 memcpy(pData+i*9+3, triArray[surfnum][i].pt2, 3*sizeof(GLfloat));
345 memcpy(pData+i*9+6, triArray[surfnum][i].pt3, 3*sizeof(GLfloat));
346 }
347 glBufferData(GL_ARRAY_BUFFER, buf_size, pData, GL_STATIC_DRAW);
348 free(pData);
349 }
350 glBindBuffer(GL_ARRAY_BUFFER, 0);
351 glEnableVertexAttribArray(VERTEX_ARRAY);
352 for(surfnum=0; surfnum<surftotal; ++surfnum)
353 {
354 glBindBuffer(GL_ARRAY_BUFFER, uiVBO[surfnum]);
355 glVertexAttribPointer(VERTEX_ARRAY, 3, GL_FLOAT, GL_FALSE, 0, 0);
356 glDrawArrays(GL_TRIANGLES, 0, 3*triNum[surfnum]);
357 if (!TestEGLError("glDrawArrays"))
358 {
359 goto cleanup;
360 }
361 }
362 glBindBuffer(GL_ARRAY_BUFFER, 0);
363 eglSwapBuffers(eglDisplay, eglSurface);
364
365 if (!TestEGLError("eglSwapBuffers"))
366 {
367 goto cleanup;
368 }
369
370 int i32NumMessages = XPending( x11Display );
371 for( int i = 0; i < i32NumMessages; i++ )
372 {
373 XEvent event;
374 XNextEvent( x11Display, &event );
375 }
376 }
377 glDeleteBuffers(surftotal,uiVBO);
And the error is the following:
* glibc detected ./cube: free(): invalid pointer: 0x090c53a0 *开发者_运维技巧*
printf
is getting the error, and it writes 7 7 7 7 7 7 7 1 aborted
and then this error.
When I try to print there I get this error. I try to use valgrind
and its output is:
==8922== Memcheck, a memory error detector
==8922== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==8922== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==8922== Command: ./cube
==8922==
libEGL warning: use software fallback
==8922== Invalid write of size 1
==8922== at 0x4027418: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A48F: main (Hello.cpp:343)
==8922== Address 0x9391567 is 11 bytes after a block of size 252 alloc'd
==8922== at 0x4025BD3: malloc (vg_replace_malloc.c:236)
==8922== by 0x804A3EC: main (Hello.cpp:339)
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027420: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A48F: main (Hello.cpp:343)
==8922== Address 0x9391566 is 10 bytes after a block of size 252 alloc'd
==8922== at 0x4025BD3: malloc (vg_replace_malloc.c:236)
==8922== by 0x804A3EC: main (Hello.cpp:339)
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027429: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A48F: main (Hello.cpp:343)
==8922== Address 0x9391565 is 9 bytes after a block of size 252 alloc'd
==8922== at 0x4025BD3: malloc (vg_replace_malloc.c:236)
==8922== by 0x804A3EC: main (Hello.cpp:339)
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027432: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A48F: main (Hello.cpp:343)
==8922== Address 0x9391564 is 8 bytes after a block of size 252 alloc'd
==8922== at 0x4025BD3: malloc (vg_replace_malloc.c:236)
==8922== by 0x804A3EC: main (Hello.cpp:339)
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027418: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A4E3: main (Hello.cpp:344)
==8922== Address 0x9391573 is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027420: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A4E3: main (Hello.cpp:344)
==8922== Address 0x9391572 is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027429: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A4E3: main (Hello.cpp:344)
==8922== Address 0x9391571 is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027432: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A4E3: main (Hello.cpp:344)
==8922== Address 0x9391570 is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027418: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A539: main (Hello.cpp:345)
==8922== Address 0x939157f is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027420: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A539: main (Hello.cpp:345)
==8922== Address 0x939157e is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027429: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A539: main (Hello.cpp:345)
==8922== Address 0x939157d is not stack'd, malloc'd or (recently) free'd
==8922==
==8922== Invalid write of size 1
==8922== at 0x4027432: memcpy (mc_replace_strmem.c:497)
==8922== by 0x804A539: main (Hello.cpp:345)
==8922== Address 0x939157c is not stack'd, malloc'd or (recently) free'd
==8922==
--8922-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--8922-- si_code=1; Faulting address: 0xC8B91574; sp: 0x62a5ce00
valgrind: the 'impossible' happened:
Killed by fatal signal
==8922== at 0x38031511: unlinkBlock (m_mallocfree.c:245)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==8922== at 0x4024F12: calloc (vg_replace_malloc.c:467)
==8922== by 0x48D068A: softpipe_resource_create (sp_texture.c:114)
==8922== by 0x4A50D96: st_bufferobj_data (u_inlines.h:180)
==8922== by 0x4A1BB4E: _mesa_BufferDataARB (bufferobj.c:1177)
==8922== by 0x49BFFD7: _es_BufferData (api_exec_es2.c:391)
==8922== by 0x804A561: main (Hello.cpp:347)
But I was unable to understand it. Can you tell me where the error is? If I use
export MALLOC_CHECK_=0
this gives a segmentation fault.
(I have edited the question)
for(i=0; i<triNum[surfnum]; ++i)
printf("%d...",triNum[surfnum]);
{
memcpy(pData+i*9, triArray[surfnum][i].pt1, 3*sizeof(GLfloat));
memcpy(pData+i*9+3, triArray[surfnum][i].pt2, 3*sizeof(GLfloat));
memcpy(pData+i*9+6, triArray[surfnum][i].pt3, 3*sizeof(GLfloat));
}
You have a problem with the brace placement here. Only the printf
is inside the loop, and as a result, the memcpy
lines will only be run once, with a value of i
that is too large.
This will overwrite memory outside the bounds of your buffer, which causes the memory corruption error you see.
精彩评论