Hit the bug

akur1

Following things has found in MS VC++ 6.0 environment: Here is the code snippet:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define __COUNT 3

void foo( char ** ppStr, char * pVal )
{
    if ( NULL != *ppStr )
    {
        free( *ppStr );
        *ppStr = NULL;
    }
    *ppStr = (char*)malloc(sizeof(char));
    strcpy( *ppStr, pVal );
    return;
}

int main()
{
    char * pVar = NULL;
    char szVal[__COUNT][32] = { "TEST_1", "TEST_2", "TEST_3" };
    for ( int i = 0; i < __COUNT; i++ )
    {
        foo( &pVar, szVal[i] );
        printf( "Pointer holder: 0x%0X, Allocated start address: 0x%0X, Value: %s\n", &pVar, &pVar[0], pVar );
    }
    return 0;
}

Run the code in DEBUG environment and get the following error message Debug Error! Program: E:\RA\MISC\Test_Mem\Debug\Test_Mem.exe DAMAGE: after Normal block (#51) at 0x00430030. (Press Retry to debug the application) Abort Retry _Ignore_ If you select the Ignore option then you will get the following result Pointer holder: 0x12FF7C, Allocated start address: 0x430030, Value: TEST_1 Pointer holder: 0x12FF7C, Allocated start address: 0x430030, Value: TEST_2 Pointer holder: 0x12FF7C, Allocated start address: 0x430030, Value: TEST_3 But in case of RELEASE build no such error appears. This is really unusual. But it is the fact the code has error at malloc statement. The same would occur even if you run the exe from command line. Why the RELEASE build has failed to trace the error... :confused: Well the bug could be easily removed if we modify the malloc part as follows:

*ppStr = (char*)malloc(sizeof(char) * ( strlen( pVal ) + 1 ));

-- modified at 3:10 Thursday 5th October, 2006

Sarath C

One more thing. Never use delete with malloc. use free instead Because the allocation and freeing up strategy may differ. This is not in the case of malloc. You should use the corresponding freeing function which which you are used to allocate the memory.

-Sarath_._ "Great hopes make everything great possible" - Benjamin Franklin

My blog - Sharing My Thoughts, An Article - Understanding Statepattern

Steve S

1. you wouldn't normally mix malloc and delete, since malloc doesn't do any construction on the thing it hands back. You should really be using free unless you are also using new. 2. The bug isn't particularly subtle. You are reimplementing a library function (strdup) and doing it badly. Allocating the wrong size is one of those 'obvious' things, although admittedly it's usually the size off by one type of error. In addition, you aren't even checking that malloc has returned a valid address, which is more subtle (although more common). 3. Why should the release build track the error? This will slow down allocation/deallocation of memory, and why should my application have reduced performance simply because another developer wasn't writing correct code? I'd spot issues like this during testing of the debug version (I'm not arrogant enough to believe I'd not make mistakes, of course), or for harder to spot stuff, use an appropriate tool like BoundsChecker or similar.

Steve S Developer for hire

ricecake

akur1 wrote:

*ppStr = (char*)malloc(sizeof(char) * ( strlen( pVal ) + 1 ));

When you malloc() something, you don't need to multiply by sizeof(char), since sizeof(char) is defined to be exactly 1. Always.

-- Marcus Kwok