Double free coruption
I have a class call grid. The class holds two 2d char arrays for storing a grid... The class has two functions for creating the memory for the grid and releasing the memory for the grid.
Grid.h
private:
char **gridOne;
char **gridTwo;
Grid.cpp
void Grid::allocateGridMem()
{
_gridOne = new char*[gridRowCount()];
_gridTwo = new char*[gridRowCount()];
for(int i =0; i < gridColumnCount(); ++i){
*(_gridOne + i) = new char[gridColumnCount()];
*(_gridTwo + i) = new char[gridColumnCount()];
}
}
void Grid::dealocateGridMem()
{
if(_gridOne != 0)
{
for(int i =0; i < gridRowCount(); ++i){
delete [] *(_gridOne + i);
}
delete [] _gridOne;
_gridOne = 0;
}
if(_gridTwo != 0)
{
for(int i =0; i < gridRowCount(); i++){
delete [] *(_gridTwo + i);
}
delete [] _gridTwo;
_gridTwo = 0;
}
}
The problem is happening in the deallocation of the memory which I receive the following error.
*** glibc detected *** ./a.out: double free or corruption (out): 0x088c9318 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb756c591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xb756dde8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb7570ecd]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb775c741]
/usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0xb775c79d]
./a.out[0x804a7b9]
./a.out[0x8049cb6]
./a.out[0x804b8f3]
./a.out[0x804c06a]
./a.out[0x804b71d]
./a.out[0x80498eb]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7517bd6]
./a.out[0x8049521]
======= Memory map: ========
08048000-0804f000 r-xp 00000000 08:02 920728 /home/a.out
0804f000-08050000 r--p 00006000 08:02 920728 /home/a.out
08050000-08051000 rw-p 00007000 08:02 920728 /home/a.out
088c7000-088e8000 rw-p 00000000 00:00 0 [heap]
b7300000-b7321000 rw-p 00000000 00:00 0
b7321000-b7400000 ---p 00000000 00:00 0
b7500000-b7501000 rw-p 00000000 00:00 0
b7501000-b7654000 r-xp 00000000 08:02 19796293 /lib/tls/i686/cmov/libc-2.11.1.so
b7654000-b7655000 ---p 00153000 08:02 19796293 /lib/tls/i686/cmov/libc-2.11.1.so
b7655000-b7657000 r--p 00153000 08:02 19796293 /lib/tls/i686/cmov/libc-2.11.1.so
b7657000-b7658000 rw-p 00155000 08:02 19796293 /lib/tls/i686/cmov/libc-2.11.1.so
b7658000-b765b000 rw-p 00000000 00:00 0
b765b000-b7678000 r-xp 00000000 08:02 19791955 /lib/libgcc_s.so.1
b7678000-b7679000 r--p 0001c000 08:02 19791955 /lib/libgcc_s.so.1
b7679000-b767a000 rw-p 0001d000 08:02 19791955 /lib/libgcc_s.so.1
b767a000-b767b000 rw-p 00000000 00:00 0
b767b000-b769f000 r-xp 00000000 08:02 19796301 /lib/tls/i686/cmov/libm-2.11.1.so
b769f000-b76a0000 r--p 00023000 08:02 19796301 /lib/tls/i686/cmov/libm-2.11.1.so
b76a0000-b76a1000 rw-p 00024000 08:02 19796301 /lib/tls/i686/cmov/libm-2.11.1.so
b76a1000-b778a000 r-xp 00000000 08:02 28708531 /usr/lib/libstdc++.so.6.0.13
b778a000-b778b000 ---p 000e9000 08:02 28708531 /usr/lib/libstdc++.so.6.0.13
b778b000-b778f000 r--p 000e9000 08:02 28708531 /usr/lib/libstdc++.so.6.0.13
b778f000-b7790000 rw-p 000ed000 08:02 28708531 /usr/lib/libstdc++.so.6.0.13
b7790000-b7797000 rw-p 00000000 00:00 0
b77a5000-b77a8000 rw-p 00000000 00:00 0
b77a8000-b77a9000 r-xp 00000000 00:00 0 [vdso]
b77a9000-b77c4000 r-xp 00000000 08:02 19791897 /l开发者_高级运维ib/ld-2.11.1.so
b77c4000-b77c5000 r--p 0001a000 08:02 19791897 /lib/ld-2.11.1.so
b77c5000-b77c6000 rw-p 0001b000 08:02 19791897 /lib/ld-2.11.1.so
bf83a000
-bf84f000 rw-p 00000000 00:00 0 [stack]
Aborted
I have checked all my pointers that they are not being changed to something else in execution and that every check and balance one can think of is happening rite. I have been pulling my hair out for the last few hours and still nothing.
I am running this with gcc on ubuntu 10 system.
Should also note that I have changed names etc for the purpose of this post and have only included the code I though to be of value.
EDIT:
Fixed the syntax problem however the original code has this I just typed it out to quickly and did not proof read.
Any help is greatly appreciated and worth a gold star in my book. I am very much an advanced users of gdb and have used this with this issue but my thinking that it is a problem maybe in external library. I can not see any issues with the memory and how it is scoped just hoping someone has seen something like this. For all purposes this code is fine.
change
for(int i =0; i < gridColumnCount(); ++i){
_gridOne = new char[gridColumnCount()];
_gridTwo = new char[gridColumnCount()];
}
to
for(int i =0; i < gridRowCount(); ++i){
_gridOne[i] = new char[gridColumnCount()];
_gridTwo[i] = new char[gridColumnCount()];
}
Besides, don't do
*(array + i)
but
array[i]
Probably it should be _gridOne[i]
instead of _gridOne
inside the loop of allocateGridMem
. But please, avoid such low-level operations whenever possible and use a high-level component like boost::numeric::ublas::matrix
instead.
Does that Grid
class of yours have a copy constructor and an assignment operator? Otherwise, if you copy such objects, this error would be what happens.
I suggest you stop doing manual resource management and make Grid
a thin two-dimensional wrapper around a std::vector<char>
which manages memory.
sudo apt-get install valgrind
, run valgrind myprogram
and 99% of memory allocation bugs become obvious.
At least one of the problems is that you are assigning the row (should be _gridOne[i]
) over the top of the array pointer. Compile with -Werror -Wall -W
and many errors like this will become obvious at compile time.
Use the STL and vectors:
class Grid
{
std::vector<std::vector<char> > grid1;
std::vector<std::vector<char> > grid2;
public:
Grid(int col,int row)
: grid1(col, std::vector<char>(row))
, grid2(col, std::vector<char>(row))
{}
};
All done.
If you want to get fancy look at boost Matrix.
精彩评论