EXC_BAD_ACCESS While calling malloc function
I have the following function but sometimes it fails on the malloc function call and I don't know the reason,I thought that it may be due to lack of heap size but I have monitored the heap and I understood that I have enough space available for memory allocation when malloc fails ,can any one suggest anything to me
char *substr(const char *pstr, int start, int numchars)
{
char *pnew;
pnew=malloc(numchars+1); //this line fails
if (pnew==0)
{
free(pnew);
pnew=malloc(numchars+1);
}
strncpy(pnew, pstr + start, numchars);
pnew[numchars] = '\0';
return pnew;
}
int32 SendData(char * dataBuffer, int CommandType) { struct sockaddr_in remoteServerAddr; int tcpSocket; int errorCode; int counter; int PacketsToSend; int32 ret; char msgbuf[16]; char *packet; 开发者_高级运维 char * cmdIRes; char RecPacket[BUF_SIZE]; div_t divresult;
counter = 0;
/* Specify struct sock address */
memset(&remoteServerAddr, 0, sizeof(remoteServerAddr));
remoteServerAddr.sin_len = sizeof(remoteServerAddr);
remoteServerAddr.sin_family = AF_INET;
remoteServerAddr.sin_port = htons(11000); // Net byte order required
remoteServerAddr.sin_addr.s_addr = inet_addr("10.252.85.26");
/* Create an TCP socket */
tcpSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (tcpSocket != -1)
{
/* Connect to server */
errorCode = connect(tcpSocket, (struct sockaddr*) &remoteServerAddr,
sizeof(remoteServerAddr));
if (errorCode == -1)
{
/* Connection failed */
errorCode = socketerror();
sprintf(msgbuf, "Error %d", errorCode);
displayMsg("connect:", "Failed!!!", msgbuf, NULL, 0x0100FFFF);
}
else
{
/* Send packets */
divresult=div(sizeof(dataBuffer), BUF_SIZE);
PacketsToSend=divresult.quot;
if (divresult.rem>0)
{
PacketsToSend=PacketsToSend+1;
}
while (counter < PacketsToSend)
{
packet= substr(dataBuffer, counter*BUF_SIZE, BUF_SIZE);
errorCode = send(tcpSocket, packet,strlen(packet) , 0);
if (errorCode == -1)
{
errorCode = socketerror();
sprintf(msgbuf, "Error %d", errorCode);
displayMsg("send:", "Failed!!!", msgbuf, NULL, 0x0100FFFF);
break;
}
counter++;
}
memset(RecPacket, 0, BUF_SIZE);
errorCode = recv(tcpSocket, RecPacket, BUF_SIZE,0);
if (errorCode == -1)
{
errorCode = socketerror();
}
switch (CommandType)
{
case CommandType_SendOneTrans:
case CommandType_SendOfflineData:
cmdIRes=substr(RecPacket, 14, 10);
ret= atoi(cmdIRes);
break;
case CommandType_TransConfirm:
cmdIRes=substr(RecPacket, 11, 2);
if (strcmp(cmdIRes, "ok")==0)
{
ret= 1;
}
else
{
ret= 0;
}
break;
case CommandType_VoucherList:
SaveVoucherList(RecPacket);
ret= 1;
break;
case CommandType_Identify:
cmdIRes= substr(RecPacket, 7, 2);
if (strcmp(cmdIRes, "ok")==0)
{
ret=1;
}
else
{
ret= 0;
}
break;
default:
break;
}
}
/* Close the socket */
close(tcpSocket);
free(RecPacket);
free(cmdIRes);
free(packet);
free(msgbuf);
return ret;
}
else
{
errorCode = socketerror();
sprintf(msgbuf, "Error %d", errorCode);
displayMsg("socket:", "Failed!!!", msgbuf, NULL, 0x0100FFFF);
}
return (errorCode);
}
uint32 SendOneTrans(fin trans) { int retVal=0; int ret=0; int retValCon=0; char msg[100]; char * voucherId; char * Amount; char * TerminalNo; char * isOnline; char * ReturnedId; TerminalNo=malloc(12); voucherId=malloc(4); Amount=malloc(7); isOnline=malloc(1); ReturnedId=malloc(3);
memset(TerminalNo, 0, sizeof(TerminalNo));
strcpy(TerminalNo, (char *)getTerminalNo());
memset(msg, 0, sizeof(msg));
if (trans.success==0)
{
memset(msg, 0, sizeof(msg));
memset(voucherId, 0, sizeof(voucherId));
sprintf(voucherId, "%d", trans.voucherId);
memset(Amount, 0, sizeof(Amount));
sprintf(Amount, "%d", trans.Amount);
memset(isOnline, 0, sizeof(isOnline));
sprintf(isOnline, "%d", trans.isOnline);
strcpy(msg, "<Req_fin>");
strcat(msg, TerminalNo);
strcat(msg, ",");
strcat(msg, voucherId);
strcat(msg, ",");
strcat(msg, trans.cardNo);
strcat(msg, ",");
strcat(msg, Amount);
strcat(msg, ",");
strcat(msg, trans.dateOf);
strcat(msg, ",");
strcat(msg, trans.TimeOf);
strcat(msg, ",1");
strcat(msg, "<EOF>");
retVal= SendData(msg, CommandType_SendOneTrans);
if (retVal>=1)
{
sprintf(ReturnedId, "%i", retVal);
memset(msg, 0, sizeof(msg));
strcpy(msg, "<Req_fin_c>");
strcat(msg, TerminalNo);
strcat(msg, ",");
strcat(msg, ReturnedId);
strcat(msg, "<EOF>");
trans.success=1;
retValCon= SendData(msg, CommandType_TransConfirm);
if (retValCon!=0)
{
trans.success=1;
ret=1;
}
}
free(msg);
free(TerminalNo);
free(Amount);
free(voucherId);
return ret;
//free(ReturnedId);
}
}
I'm no Apple dev, but I've never seen EXC_BAD_ACCESS on malloc so I had to Google it. This entry from the Apple technical FAQ looks relevant:
This kind of problem is usually the result of over-releasing an object. It can be very confusing, since the failure tends to occur well after the mistake is made. The crash can also occur while the program is deep in framework code, often with none of your own code visible in the stack.
Your problem is deeper: EXC_BAD_ACCESS basically means that you are over-freeing zones of memory. In a debugger, you'd see something like this
*** malloc[705]: error for object 0×8c5b00: Incorrect checksum for freed object - object was probably modified after being freed; break at func_name.
What's your platform? Is Guard Malloc available to you? If not, here's what you can do, besides scrutinizing your source code, of course:
Write a wrapper for malloc() which will allocate a single vm page for every request and place the requested buffer at its end. That way, reads or writes past it will cause a bus error. Also, when memory is free()'d, deallocate your vm page(s), so that whenever you read or write to a free()'d are you get an immediate bus error. It's going to take a loooong time, so be prepared!
char *substr(const char *pstr, int start, int numchars)
{
char *pnew;
pnew=malloc(numchars+1); //this line fails
the following makes no sense, what is it you are trying to do? if malloc failed why try again and above all why free? You should exit instead and return null
if (pnew==0)
{
free(pnew);
pnew=malloc(numchars+1);
}
I think the error is somewhere else, maybe you should check the in-parameters, make sure pstr is not NULL and numchars > 0
You probably corrupted your malloc heap somewhere earlier in the code but the problem does not show up until you call malloc or free - you should run the code under valgrind or similar to narrow down the root cause.
This mite help clear things:
You will get EXC_BAD_ACCESS in 3 cases:
1. An object is not initialized
2. An object is already released
3. Something else that is not very likely to happen
So please evaluate the state of other variables in the function or you can paste the calling function here to get better solutions.
EDIT: code continued after getting information from the comments.
NULL check avoided intentionally.
char a[][100] = {"<Req_fin>1","<Req_fin>1","<Req_fin>1<EOF>","<Req_fin>1<EOF>","<Req_fin>1","<Req_fin>1<EOF>","<Req_fin>1<EOF>","<Req_fin>1<EOF>","<Req_fin>1","<Req_fin>1<EOF>"};
char *b= "<EOF>";
char *substr(char *buff,int start,int bytes)
{
char *ptr;
ptr = malloc(bytes+1);
strncpy(ptr,buff+start,bytes);
ptr[bytes]='\0';
return ptr;
}
int main()
{
char buff[100];
int i;
char *ptr;
strcpy(buff,"Abcdef");
for(i=0;i<10;i++)
{
ptr = substr(buff,0,512);
printf("String is %s \n",ptr);
memset(buff,0,sizeof(buff));
strcpy(buff,a[i]);
strcat(buff,b);
free(ptr);
}
return 0;
}
The above code works fine. So please use this as reference if you cant paste your function here. I can't just guess the error.
加载中,请稍侯......
精彩评论