Segmentation fault when free

Giorgos Keramidas keramida at ceid.upatras.gr
Sat Sep 20 08:21:52 UTC 2008


On Sat, 20 Sep 2008 00:31:41 -0700 (PDT), Unga <unga888 at yahoo.com> wrote:
> --- On Sat, 9/20/08, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
>> You are probably calling free() multiple times for the same buffer.
>>
>> Try tracing the malloc and free calls, using the information from
>> this message:
>>
>> http://lists.freebsd.org/pipermail/freebsd-questions/2008-July/179480.html
>
> Hi Giorgos, thank you very much for your reply.

You are welcome :)

> ktrace.out shows:
> malloc_init()
> 0x8103400 = malloc(1024)
> malloc_init()
> malloc_init()
> 0x810b0b0 = malloc(400)
> :
> so many malloc
> :
> so many free
> :
> malloc/free combinations
> :
> free(0xbfbfc9c9)
>
> 1. This clearly shows my program is trying to free a memory that has
> not been allocated. How it could have happened?

Aha.  This looks remarkably like an address in the runtime stack.  It
usually happens when you have a function that returns the address of a
'local' variable, instead of a newly allocated heap area, i.e.:

    char *
    function(void)
    {
        char buffer[100];

        return buf;
    }

> 2. Is it correct to have many malloc_init()?

Yes, that's ok.  If your program is threaded, FreeBSD's pthread
implementation calls malloc(3) and malloc_init() takes special care of
initializing the internal malloc state only one time.



More information about the freebsd-questions mailing list