当循环在 C 中重复超过 127 次时发生内存泄漏
Memory Leak when loop repeats more than 127 times in C
我的代码有一个奇怪的问题,只有当对无符号字符的 for 循环超过值 127 时才会发生内存泄漏。以下是可能相关的函数:
int main()
{
size_t len = strlen("1b37373331363f78151b7f2b783431333d78397828372d363c78373e783a393b3736") / 2;
char *bytes = hex_to_bytes("1b37373331363f78151b7f2b783431333d78397828372d363c78373e783a393b3736"), *xor_output;
xor_output = xor_against_key(find_single_xor_key(bytes, len), bytes, len);
free(bytes);
puts(xor_output);
free(xor_output);
return 0;
}
char hex_to_dec(char hex)
{
if (hex >= 'a')
return hex - 'a' + 10;
return hex - '0';
}
char *hex_to_bytes(char *hex)
{
char *bytes, *p;
bytes = malloc(strlen(hex) / 2);
p = bytes;
while (*hex) {
*p = hex_to_dec(*hex++) * 16;
*p++ += hex_to_dec(*hex++);
}
return bytes;
}
char *xor_against_key (unsigned char key, const char *str, size_t size)
{
int i = 0;
char *xored = malloc(size + 1);
for (; i < size; i++)
xored[i] = str[i] ^ key;
xored[i] = 0;
return xored;
}
double calculate_frequency_score(size_t *frequencies, size_t size)
{
double score = 0;
double expected_fractions[] = {0.08167, 0.01492, 0.02782, 0.04253, 0.12702, 0.02228, 0.02015,
0.06094, 0.06966, 0.00153, 0.00772, 0.04025, 0.02406, 0.06749,
0.07507, 0.01929, 0.00095, 0.05987, 0.06327, 0.09056, 0.02758,
0.00978, 0.02360, 0.00150, 0.01974, 0.00074};
for (int i = 0; i < 26; i++)
score += sqrt(expected_fractions[i] * frequencies[i] * size);
return score;
}
size_t *letter_frequencies(char *str)
{
size_t *frequencies = malloc(sizeof(size_t) * 26); // 26 letters
for (int i = 0; i < 26; i++)
frequencies[i] = 0;
while (*str) {
if (!isascii((unsigned char)*str))
return NULL;
if (isalpha(*str))
frequencies[tolower(*str) - 'a']++;
str++;
}
return frequencies;
}
char find_single_xor_key(char *str, size_t size)
{
double best_score = DBL_MIN;
unsigned char best_char;
for (unsigned char c = 0; c < 255; c++) {
char *xored;
size_t *frequencies;
double score = 0;
//leaks for some reason when c >= 128
xored = xor_against_key(c, str, size);
frequencies = letter_frequencies(xored);
if (frequencies != NULL && strlen(xored) == size && (score = calculate_frequency_score(frequencies, size)) > best_score) {
best_score = score;
best_char = c;
}
free(frequencies);
free(xored);
}
return best_char;
}
此代码确实按预期工作,但是当我对它进行 运行 valgrind 时(我使用 -g 和 -lm 标志在 clang 上编译它),它告诉我内存泄漏发生在find_single_xor_key 函数。这是带有 --leak-check=full:
的 valgrind 结果
==1769== Memcheck, a memory error detector
==1769== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1769== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==1769== Command: ./a.out
==1769==
Cooking MC's like a pound of bacon
==1769==
==1769== HEAP SUMMARY:
==1769== in use at exit: 26,416 bytes in 127 blocks
==1769== total heap usage: 513 allocs, 386 frees, 63,058 bytes allocated
==1769==
==1769== 26,416 bytes in 127 blocks are definitely lost in loss record 1 of 1
==1769== at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
==1769== by 0x1090AA: letter_frequencies (set1.c:163)
==1769== by 0x108B37: find_single_xor_key (set1.c:220)
==1769== by 0x108963: main (set1.c:37)
==1769==
==1769== LEAK SUMMARY:
==1769== definitely lost: 26,416 bytes in 127 blocks
==1769== indirectly lost: 0 bytes in 0 blocks
==1769== possibly lost: 0 bytes in 0 blocks
==1769== still reachable: 0 bytes in 0 blocks
==1769== suppressed: 0 bytes in 0 blocks
==1769==
==1769== For counts of detected and suppressed errors, rerun with: -v
==1769== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
经过一些调试,我发现当我将for循环(find_single_xor_key函数中的那个)中的c的最大值减少到128时,并没有内存泄漏。对于每次循环重复,当 c 大于或等于 128 时,根据 valgrind 发生 1 块内存泄漏。
我也试过看看当循环只有运行s for 55时是否发生内存泄漏(随意选择,重点是看看当它运行s小于时会发生什么128 次重复),而 c 从值 200 ([200, 254]) 开始,并且根据 valgrind 在 55 个块中存在内存泄漏。
我不知道为什么会这样,有人知道吗?
谢谢。
此函数存在明显的内存泄漏:
size_t *letter_frequencies(char *str) {
size_t *frequencies = malloc(sizeof(size_t) * 26); // 26 letters
for (int i = 0; i < 26; i++)
frequencies[i] = 0;
while (*str) {
if (!isascii((unsigned char)*str))
return NULL; //<------ frequencies was not freed
if (isalpha(*str))
frequencies[tolower(*str) - 'a']++;
str++;
}
return frequencies;
}
您可以通过这种方式轻松解决问题:
size_t *letter_frequencies(const char *str) {
size_t *frequencies = calloc(sizeof(*frequencies) * 26, 0); // 26 letters
while (*str) {
if (!isascii((unsigned char)*str)) {
free(frequencies);
return NULL;
}
if (isalpha((unsigned char)*str)) {
frequencies[tolower((unsigned char)*str) - 'a']++;
}
str++;
}
return frequencies;
}
还要注意以下几点:
- xor 键
c 应该 运行 从 0 到 255 包含 ,或者更好的是 CHAR_MIN 到 CHAR_MAX 包括在内。
- 您应该包括
<stdio.h>、<stdlib.h> 和 <string.h>
- 您应该在调用函数之前声明或定义它们
我的代码有一个奇怪的问题,只有当对无符号字符的 for 循环超过值 127 时才会发生内存泄漏。以下是可能相关的函数:
int main()
{
size_t len = strlen("1b37373331363f78151b7f2b783431333d78397828372d363c78373e783a393b3736") / 2;
char *bytes = hex_to_bytes("1b37373331363f78151b7f2b783431333d78397828372d363c78373e783a393b3736"), *xor_output;
xor_output = xor_against_key(find_single_xor_key(bytes, len), bytes, len);
free(bytes);
puts(xor_output);
free(xor_output);
return 0;
}
char hex_to_dec(char hex)
{
if (hex >= 'a')
return hex - 'a' + 10;
return hex - '0';
}
char *hex_to_bytes(char *hex)
{
char *bytes, *p;
bytes = malloc(strlen(hex) / 2);
p = bytes;
while (*hex) {
*p = hex_to_dec(*hex++) * 16;
*p++ += hex_to_dec(*hex++);
}
return bytes;
}
char *xor_against_key (unsigned char key, const char *str, size_t size)
{
int i = 0;
char *xored = malloc(size + 1);
for (; i < size; i++)
xored[i] = str[i] ^ key;
xored[i] = 0;
return xored;
}
double calculate_frequency_score(size_t *frequencies, size_t size)
{
double score = 0;
double expected_fractions[] = {0.08167, 0.01492, 0.02782, 0.04253, 0.12702, 0.02228, 0.02015,
0.06094, 0.06966, 0.00153, 0.00772, 0.04025, 0.02406, 0.06749,
0.07507, 0.01929, 0.00095, 0.05987, 0.06327, 0.09056, 0.02758,
0.00978, 0.02360, 0.00150, 0.01974, 0.00074};
for (int i = 0; i < 26; i++)
score += sqrt(expected_fractions[i] * frequencies[i] * size);
return score;
}
size_t *letter_frequencies(char *str)
{
size_t *frequencies = malloc(sizeof(size_t) * 26); // 26 letters
for (int i = 0; i < 26; i++)
frequencies[i] = 0;
while (*str) {
if (!isascii((unsigned char)*str))
return NULL;
if (isalpha(*str))
frequencies[tolower(*str) - 'a']++;
str++;
}
return frequencies;
}
char find_single_xor_key(char *str, size_t size)
{
double best_score = DBL_MIN;
unsigned char best_char;
for (unsigned char c = 0; c < 255; c++) {
char *xored;
size_t *frequencies;
double score = 0;
//leaks for some reason when c >= 128
xored = xor_against_key(c, str, size);
frequencies = letter_frequencies(xored);
if (frequencies != NULL && strlen(xored) == size && (score = calculate_frequency_score(frequencies, size)) > best_score) {
best_score = score;
best_char = c;
}
free(frequencies);
free(xored);
}
return best_char;
}
此代码确实按预期工作,但是当我对它进行 运行 valgrind 时(我使用 -g 和 -lm 标志在 clang 上编译它),它告诉我内存泄漏发生在find_single_xor_key 函数。这是带有 --leak-check=full:
的 valgrind 结果==1769== Memcheck, a memory error detector
==1769== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1769== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==1769== Command: ./a.out
==1769==
Cooking MC's like a pound of bacon
==1769==
==1769== HEAP SUMMARY:
==1769== in use at exit: 26,416 bytes in 127 blocks
==1769== total heap usage: 513 allocs, 386 frees, 63,058 bytes allocated
==1769==
==1769== 26,416 bytes in 127 blocks are definitely lost in loss record 1 of 1
==1769== at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
==1769== by 0x1090AA: letter_frequencies (set1.c:163)
==1769== by 0x108B37: find_single_xor_key (set1.c:220)
==1769== by 0x108963: main (set1.c:37)
==1769==
==1769== LEAK SUMMARY:
==1769== definitely lost: 26,416 bytes in 127 blocks
==1769== indirectly lost: 0 bytes in 0 blocks
==1769== possibly lost: 0 bytes in 0 blocks
==1769== still reachable: 0 bytes in 0 blocks
==1769== suppressed: 0 bytes in 0 blocks
==1769==
==1769== For counts of detected and suppressed errors, rerun with: -v
==1769== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
经过一些调试,我发现当我将for循环(find_single_xor_key函数中的那个)中的c的最大值减少到128时,并没有内存泄漏。对于每次循环重复,当 c 大于或等于 128 时,根据 valgrind 发生 1 块内存泄漏。
我也试过看看当循环只有运行s for 55时是否发生内存泄漏(随意选择,重点是看看当它运行s小于时会发生什么128 次重复),而 c 从值 200 ([200, 254]) 开始,并且根据 valgrind 在 55 个块中存在内存泄漏。
我不知道为什么会这样,有人知道吗?
谢谢。
此函数存在明显的内存泄漏:
size_t *letter_frequencies(char *str) {
size_t *frequencies = malloc(sizeof(size_t) * 26); // 26 letters
for (int i = 0; i < 26; i++)
frequencies[i] = 0;
while (*str) {
if (!isascii((unsigned char)*str))
return NULL; //<------ frequencies was not freed
if (isalpha(*str))
frequencies[tolower(*str) - 'a']++;
str++;
}
return frequencies;
}
您可以通过这种方式轻松解决问题:
size_t *letter_frequencies(const char *str) {
size_t *frequencies = calloc(sizeof(*frequencies) * 26, 0); // 26 letters
while (*str) {
if (!isascii((unsigned char)*str)) {
free(frequencies);
return NULL;
}
if (isalpha((unsigned char)*str)) {
frequencies[tolower((unsigned char)*str) - 'a']++;
}
str++;
}
return frequencies;
}
还要注意以下几点:
- xor 键
c应该 运行 从0到255包含 ,或者更好的是CHAR_MIN到CHAR_MAX包括在内。 - 您应该包括
<stdio.h>、<stdlib.h>和<string.h> - 您应该在调用函数之前声明或定义它们