访问结构成员时 valgrind 出现无效 read/write 错误
Invalid read/write errors by valgrind when accessing struct members
我试图在 C 中实现链表纯粹是为了练习。我有这样定义的结构:
typedef struct node {
int data;
struct node* next;
}
node;
typedef struct list {
size_t size;
node* head;
}
list;
现在,valgrind 抱怨的功能是这些:
创建()
list* create() {
// alocate memory for a new list
list* list = malloc(sizeof(list));
if (list != NULL) {
list->head = NULL; // this is line 65
list->size = 0;
}
// return pointer to the allocated memory
return list;
}
插入()
void insert(int data, list* list) {
if (list == NULL)
return;
// allocate memory for new node
node* newNode = malloc(sizeof(node));
// check if allocation was successful
if (newNode == NULL)
return;
// initialize new node's data
newNode->data = data;
// make newNode the head of the list
newNode->next = list->head; // this is line 88
list->head = newNode;
// increment size
(list->size)++;
}
销毁()
void destroy(list* list) {
if (list == NULL)
return;
node* current = list->head; // this is line 154
while (current != NULL) {
node* temp = current;
current = current->next;
free(temp);
}
free(list);
}
main()如下:
int main(void) {
list* list = create();
insert(1, list);
destroy(list);
return 0;
}
这就是 valgrind 的输出:
==10601== 1 errors in context 1 of 4:
==10601== Invalid read of size 8
==10601== at 0x400A33: destroy (slist.c:154)
==10601== by 0x400AAE: main (slist.c:167)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601==
==10601== 1 errors in context 2 of 4:
==10601== Invalid write of size 8
==10601== at 0x400866: insert (slist.c:89)
==10601== by 0x400AA5: main (slist.c:166)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601==
==10601== 1 errors in context 3 of 4:
==10601== Invalid read of size 8
==10601== at 0x400852: insert (slist.c:88)
==10601== by 0x400AA5: main (slist.c:166)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601==
==10601== 1 errors in context 4 of 4:
==10601== Invalid write of size 8
==10601== at 0x4007DA: create (slist.c:65)
==10601== by 0x400A93: main (slist.c:165)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
如果我对输出的理解正确,问题似乎出在 struct list 成员变量的访问上。但是,我不明白为什么访问这些变量是个问题。 malloc(sizeof(list))应该为两个成员分配足够的内存,那么问题出在哪里?
list* list = malloc(sizeof(list));
糟糕! sizeof 中的 list 是您声明的指针,而不是类型。所以你只 malloc-ed 足够的内存用于一个指针,而不是你想要的结构。
避免用变量名遮盖类型名。或者,如果必须,请使用
list* list = malloc(sizeof(struct list));
问题出在这里:
list* list = malloc(sizeof(list));
您有一个 list 的类型定义和一个名为 list 的变量。 sizeof 运算符取的是变量的大小,而不是类型。
作为规则,不要将变量命名为与类型相同的名称:
list* create() {
// alocate memory for a new list
list* mylist = malloc(sizeof(list));
if (mylist != NULL) {
mylist ->head = NULL;
mylist ->size = 0;
}
// return pointer to the allocated memory
return mylist ;
}
and
明确指出了问题
提供不同的解决方案:使用 sizeof() 时,使用取消引用变量的大小而不是类型的大小。
// some_type *ptr = malloc(sizeof (some_type));
some_type *ptr = malloc(sizeof *ptr);
即使使用阴影类型 list 和变量 list,这也有效
list* create() {
list* list;
printf("%zu\n", sizeof(list)); // compiles but the needed code
printf("%zu\n", sizeof list); // compiles but the needed code
printf("%zu\n", sizeof *list); // good
// allocate memory for a new list
list = malloc(sizeof *list);
...
打印
4
4
8
我试图在 C 中实现链表纯粹是为了练习。我有这样定义的结构:
typedef struct node {
int data;
struct node* next;
}
node;
typedef struct list {
size_t size;
node* head;
}
list;
现在,valgrind 抱怨的功能是这些:
创建()
list* create() {
// alocate memory for a new list
list* list = malloc(sizeof(list));
if (list != NULL) {
list->head = NULL; // this is line 65
list->size = 0;
}
// return pointer to the allocated memory
return list;
}
插入()
void insert(int data, list* list) {
if (list == NULL)
return;
// allocate memory for new node
node* newNode = malloc(sizeof(node));
// check if allocation was successful
if (newNode == NULL)
return;
// initialize new node's data
newNode->data = data;
// make newNode the head of the list
newNode->next = list->head; // this is line 88
list->head = newNode;
// increment size
(list->size)++;
}
销毁()
void destroy(list* list) {
if (list == NULL)
return;
node* current = list->head; // this is line 154
while (current != NULL) {
node* temp = current;
current = current->next;
free(temp);
}
free(list);
}
main()如下:
int main(void) {
list* list = create();
insert(1, list);
destroy(list);
return 0;
}
这就是 valgrind 的输出:
==10601== 1 errors in context 1 of 4:
==10601== Invalid read of size 8
==10601== at 0x400A33: destroy (slist.c:154)
==10601== by 0x400AAE: main (slist.c:167)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601==
==10601== 1 errors in context 2 of 4:
==10601== Invalid write of size 8
==10601== at 0x400866: insert (slist.c:89)
==10601== by 0x400AA5: main (slist.c:166)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601==
==10601== 1 errors in context 3 of 4:
==10601== Invalid read of size 8
==10601== at 0x400852: insert (slist.c:88)
==10601== by 0x400AA5: main (slist.c:166)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601==
==10601== 1 errors in context 4 of 4:
==10601== Invalid write of size 8
==10601== at 0x4007DA: create (slist.c:65)
==10601== by 0x400A93: main (slist.c:165)
==10601== Address 0x51fc048 is 0 bytes after a block of size 8 alloc'd
==10601== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10601== by 0x4007C3: create (slist.c:62)
==10601== by 0x400A93: main (slist.c:165)
==10601==
==10601== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
如果我对输出的理解正确,问题似乎出在 struct list 成员变量的访问上。但是,我不明白为什么访问这些变量是个问题。 malloc(sizeof(list))应该为两个成员分配足够的内存,那么问题出在哪里?
list* list = malloc(sizeof(list));
糟糕! sizeof 中的 list 是您声明的指针,而不是类型。所以你只 malloc-ed 足够的内存用于一个指针,而不是你想要的结构。
避免用变量名遮盖类型名。或者,如果必须,请使用
list* list = malloc(sizeof(struct list));
问题出在这里:
list* list = malloc(sizeof(list));
您有一个 list 的类型定义和一个名为 list 的变量。 sizeof 运算符取的是变量的大小,而不是类型。
作为规则,不要将变量命名为与类型相同的名称:
list* create() {
// alocate memory for a new list
list* mylist = malloc(sizeof(list));
if (mylist != NULL) {
mylist ->head = NULL;
mylist ->size = 0;
}
// return pointer to the allocated memory
return mylist ;
}
提供不同的解决方案:使用 sizeof() 时,使用取消引用变量的大小而不是类型的大小。
// some_type *ptr = malloc(sizeof (some_type));
some_type *ptr = malloc(sizeof *ptr);
即使使用阴影类型 list 和变量 list,这也有效
list* create() {
list* list;
printf("%zu\n", sizeof(list)); // compiles but the needed code
printf("%zu\n", sizeof list); // compiles but the needed code
printf("%zu\n", sizeof *list); // good
// allocate memory for a new list
list = malloc(sizeof *list);
...
打印
4
4
8