.
.
.
.
.
LZ today when writing a Socket program using malloc (3) on the heap dynamically allocated a structure of the space, after the use of the free (3) function to release space when the report invalid next size Such an error, after two hours debugging, and finally found out because of careless cross-border caused.
LZ reduces this error to one of the simplest models to publish:
1#include <stdio.h>2#include <stdlib.h>3#include <string.h>4 5 intMain (void)6 {7 Char*p =NULL;8 9 //request 8 bytes of memory in the heap spaceTenp =malloc(8); One A //actual use of more than 8 bytes -strncpy (P,"ABCD", -); - //can print normally theprintf"p =%s\n", p); - - //invalid next size error when releasing memory - Free(p); + - return 0; +}
Compile run:
GCC Free free >$./free = ABCDEFGHIJKLMN* * * * * GLIBCDetected * * *./free 0x00000000020c3010 * * *... Here is a slightly n-row ...
Printing is unaffected, but in fact the strncpy (3) has crossed the border, so what happens is normal.
In addition to the above chestnut, use strcpy (3) instead of strncpy (2) will not error, but once the characters to be copied more than 8 bytes, can still raise an error.
So we must pay attention to the length when using memory, must not cross the border.
C language * * * * * GLIBC detected * * * FREE (): Invalid next size (FAST): 0x0000000000be1010 * * *