问题现象描述:
使用 fopen, popen 时:received signal SIGSEGV, Segmentation fault。内部可能调用了 malloc
使用 fopen 时:(fopen Segmentation fault)
Thread 1 "./***_app" received signal SIGSEGV, Segmentation fault. _int_malloc (av=av@entry=0x7ffff71a0b20 <main_arena>, bytes=bytes@entry=552) at malloc.c:3516 3516 malloc.c: No such file or directory. (gdb) bt #0 _int_malloc (av=av@entry=0x7ffff71a0b20 <main_arena>, bytes=bytes@entry=552) at malloc.c:3516 #1 0x00007ffff6e60184 in __GI___libc_malloc (bytes=552) at malloc.c:2913 #2 0x00007ffff6e49cdd in __fopen_internal (filename=0x6990f0 "./conf/moniter.conf", mode=0x467374 "r", is32=1) at iofopen.c:69
- memory corruption:
*** Error in `./***_app': malloc(): memory corruption: >0x0000000001bac6c0 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f4c4e6be7e5] /lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7f4c4e6c913e] /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7f4c4e6cb184] /lib/x86_64-linux-gnu/libc.so.6(+0x6dcdd)[0x7f4c4e6b4cdd] ./***_app[0x4269d3] ./***_app[0x428e79] ./***_app[0x42c386] /lib/x86_64-linux-gnu/libc.so.6(+0x354b0)[0x7f4c4e67c4b0] /lib/x86_64-linux-gnu/libc.so.6(nanosleep+0x2d)[0x7f4c4e71330d] /lib/x86_64-linux-gnu/libc.so.6(sleep+0x2a)[0x7f4c4e71325a] ./***_app[0x406106] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f4c4e667830] ./***_app[0x4056c9] ======= Memory map: ======== 00400000-00497000 r-xp 00000000 08:02 37464 /root/working/.../.../.../.../***_app 00697000-00698000 r--p 00097000 08:02 37464 /root/working/.../.../.../.../***_app 00698000-00699000 rw-p 00098000 08:02 37464 /root/working/.../.../.../.../***_app 00699000-0069a000 rw-p 00000000 00:00 0 01b7a000-01bec000 rw-p 00000000 00:00 0 [heap]
- 问题复现的位置可能会发生变动。但都涉及到了内存分配,如 fopen,
popen 的内部实现调用了内存分配函数。
调试分析:
- 检查 fopen 的文件路径是否存在,文件若存在,检查文件的权限,参考【1】,已排除该可能。
- 检查内存误操作:
§ 内存重复释放,出现double free时,通常是由于这种情况所致。 § 内存泄露,分配的内存忘了释放。 § 内存越界使用,使用了不该使用的内存。 § 使用了无效指针。 § 空指针,对一个空指针进行操作。
- 像是 fopen,popen 或者是其他内部含有 malloc 等内存分配函数的函数,导致 Segmentation fault,或者是 malloc memory corruption,一般问题都不在 fopen ,和 popen 本身。而在与在他们之前(时间或空间)的操作,对内存作了以上5种误操作中的一种。导致破坏了堆中的内存分配信息数据,特别是动态分配的内存块的内存信息 数据,因为操作系统在分配和释放内存块时需要访问该数据。这里请重点参看:【6】 其作者的分析可谓十分到位,一针见血,看了犹如醍醐灌顶。
问题原因:
多线程中某一动态分配的对象同时被两个线程使用,管理线程释放对象
时,理应判断该对象是否在而另一工作线程中有效。而我却在管理线程
中,把对该对象的释放操作,放在了判断语句的外面,导致执行了删除
正在使用的对象的操作,gdb调试中,在delete的位置挂住。
解决方案:
参考文章:
[0]. https://blog.csdn.net/slvher/article/details/9144161
[1]. https://www.cnblogs.com/YuNanlong/p/8896429.html
[2]. http://www.lazylab.org/204/linux/glibc-detected-malloc-memory-corruption-0x0916c100-error/
[3]. https://blog.csdn.net/tommy_lgj/article/details/2790452
[4]. https://blog.csdn.net/icycode/article/details/49645725
[5]. https://blog.csdn.net/XuLujunCSDN/article/details/71191550
[6]. https://blog.csdn.net/wangyunqian6/article/details/48931835
[7]. https://blog.csdn.net/miss_acha/article/details/19839715
[8]. https://www.oschina.net/translate/valgrind-is-not-a-leak-checker
[9]. https://blog.csdn.net/weiyuefei/article/details/52374285
参考样张
【2】:
***glibc detected*** malloc(): memory corruption: 0x0916c100 *** error
Memory corruption error comes when you are doing something on memory which is not available.
Like Writing,Reading and freeing.
Some common examples are
○ Reading/writing to memory out of the bounds of a dynamically allocated array
○ Attempting to write a memory which was never allocated
○ Attempting to free a memory already freed
○ Writing to a freed memory
○ Writing to an unallocated memory
Fix:
○ Check the above common mistakes
○ Check all malloc() expressions in your code
○ Check if data is copied to an allocated memory whose allocated length is less than data(ex. in memcpy() statements)
○ This error usually comes while allocating memory to arrays like
pointer = (char *) malloc(strlen(Array_B));
the above statement overflows by 1 byte. You should use-
pointer = (char *) malloc(strlen(Array_B)+1);
to avoid any memory corruptions.
