Getting Segmentation Fault

2018-06-15 11:14:13

I saw many questions about getting segmentation fault in C program here in SO, and I thought it would be great to have a reference to those here, a question with some cases that are causing segmentation fault. My answer is posted below.

As written in some answers, the behavior is undefined for all cases, though many people meet them as segmentation fault , so this question is about what causes this "symptom".

In the cases below I get segmentation fault when I run the program, could you determine why?

char *str = "foo";
str[0] = 'b';   // << Segfault hre

char str[] = "foo";
char *newStr = malloc(strlen(str));
strcpy(newStr, str);
free(newStr);   // << Segfault here

char *str = malloc(4 * sizeof(char));
str = "foo";
free(str);      // << Segfault here

char *str = malloc(4 * sizeof(char));
strcpy(str, "foo");
free(str);
if (str != NULL)
    free(str);      // << Segfault here

char *str = "something and then foo";
printf("%s", str[19]);    // << Segfault here

typedef struct {
    char *str;
}st;
...
st *s;
s = malloc(sizeof(st));
s->str = malloc(5);
free(s);
free(s->str);    // << Segfault here

All your examples are causing undefined behaviour, which might lead to a crash (or it might not appear to do any harm at all).

You're not allowed to change a string literal. (see eg here)

You forgot to allocate storage for the terminating nul byte, do malloc(strlen(str) + 1);

You're calling free() on a pointer you did not obtain from malloc (or similar functions). As you make the str pointer point to a string literal, you've lost the pointer to the memory allocated with malloc and leak memory here too.

You're calling free() twice on the same pointer, which is undefined behavior.

%s in the printf format string tells printf that the argument is a string (a char * pointing to a sequence of nul terminated characters) You're passing it a char, not a string. If you want to print the suffix of the string use printf("%s", &str[19]);

You're passing in an invalid pointer to free(), you already free'd s , you can't dereference it later when you do s->str . Reverse the order of deallocation: free(s->str); free(s); free(s->str); free(s);

Case 1:
char *str = "foo"; assign the address of a string in the text segment which is read only, and you can't write to it as done in the second line: str[0] = 'b'; . If you want to modify the text, use char str[] = "foo"; which will create an array of chars on the stack and assign its pointer to str.

case 2:
strlen returns the length of the string without the '' chracter at the end, so strlen("foo") = 3 , while strcpy copies the string including the '' character, so it copies more bytes than you allocated.

case 3:
As in case 1, str = "foo"; assigning the address of "foo" to str , this means that you lose the address of the allocated memory and str now contains a pointer to the text segment which you can't free because it's not on the heap, and its a read-only memory.

case 4:
The free function doesn't assign NULL to the pointer received as parameter (since it doesn't have it address, it can't do that). And you are trying to call free on a buffer that was already free d.

case 5:
str[19] is char , not a char pointer, and "%s" expects string, meaning char * . Treated as as an address on many platform, this char is illegal address. printf() doesn't check the arguments received.

case 6:
The usage of s->str after s is free d is wrong. A correct usage will be to first call free(s->str); and then call free(s); . Free the internal allocated memory before free ing its container.

Undefined Behaviour : trying to change a string literal

Undefined Behaviour : writing past the end of the array

Undefined Bahaviour : passing to free() a pointer not obtained through malloc()

Undefined Behaviour : passing to free() an invalid pointer

Undefined Behaviour : incompatabilities between the printf() format specifier and actual argument types

Undefined Behaviour : passing to free() an invalid pointer

Undefined Behaviour can manifest itself by a "segmentation fault", but that is by no means a required outcome. Anything could have happened :)

链接地址: http://www.djcxy.com/p/43890.html

上一篇: 什么会导致C ++中的分段错误？

下一篇: 分割错误