cdynamic-memory-allocationrealloc

realloc() : invalid next size Aborted (core dumped)

I'm Tryng to write a code that have to expand the memory of a malloc array of 1 for some cicles of a loop (i need to store the zeros of a function). but after compiling this error occurs:

realloc(): invalid next size
Aborted (core dumped)

have someone an idea of the reasons of this error?

here's the the code:

#include <stdio.h>
#include <stdlib.h>
#include <math.h>

#define ARGMAX 5
#define ARGUMENTS_ERROR -3
#define REALLOC_FAILURE -2

typedef struct{
  double x;
  double y;
}point;



point Func(point p,double dt);
double Tzero(double x1,double x2,double dt,int i);

//START
int main(int argc,char* argv[]){

  int n,i,nzeri=0;
  point p,pp;
  double *tzeri, *temp;
  tzeri=(double *)malloc(0*sizeof(double));
  pp.x=atof(argv[1]);
  pp.y=atof(argv[2]);
  double dt=atof(argv[3]);
  double tmax=atof(argv[4]);

  n=(int)tmax/dt;
  for(i=0;i<n;i++){
    p=Func(pp,dt);
    printf("%lf %lf\n",dt*(i+1),p.x);
    if(pp.x*p.x<=0.){
      nzeri++;
      temp=(double *)realloc(tzeri,nzeri*sizeof(double));
      if(temp==NULL){
    printf("--------ERROR-------\nrealloc failed\n");
    exit(REALLOC_FAILURE);
      }
      tzeri[nzeri-1]=Tzero(pp.x,p.x,dt,i);
      printf("----------\n%d %lf\n----------\n",nzeri,tzeri[nzeri-1]);
    }
    
    pp.x=p.x;
    pp.y=p.y;
  }
  
}//END


point Func(point p,double dt){
  point p2;
  p2.x=p.x-0.1;
  if(p2.x<-3)p2.x=3.;
  return p2;
}


double Tzero(double x1,double x2,double dt,int i){
  double d,t;
  d=x1*dt/(x1-x2);
  t=dt*i+d;
  return t;
}

I expect the size of tzeri to grow by one 'cell' (one sizeof(double)) in a way like nzeri, but it seems to work just until the fifth reallocation, so it can't be a syntax error.

hope for news soon, thanks

----UPDATES----

i build the program with the debugging parameters -g -fsanitize=address and i got this:

==6465==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000010 at pc 0x55fe8cdcc642 bp 0x7fff53fd3280 sp 0x7fff53fd3270                   
WRITE of size 8 at 0x602000000010 thread T0                                  
    #0 0x55fe8cdcc641 in main /home/gerry/Desktop/FisComp/2088811/error.c:42
    #1 0x7ff3aaa29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #2 0x7ff3aaa29e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #3 0x55fe8cdcc244 in _start (/home/gerry/Desktop/FisComp/2088811/a.x+0x1244)

0x602000000011 is located 0 bytes to the right of 1-byte region [0x602000000010,0x602000000011)                                                           
freed by thread T0 here:                                                     
    #0 0x7ff3aaeb4c38 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x55fe8cdcc5a6 in main /home/gerry/Desktop/FisComp/2088811/error.c:37
    #2 0x7ff3aaa29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

previously allocated by thread T0 here:
    #0 0x7ff3aaeb4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55fe8cdcc3b6 in main /home/gerry/Desktop/FisComp/2088811/error.c:25
    #2 0x7ff3aaa29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free /home/gerry/Desktop/FisComp/2088811/error.c:42 in main
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa[fd]fa fa fa 00 fa fa fa fa fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==6465==ABORTING

Someone can find the error?

Solution

  • Your code never assigns a new value to tzeri. It first sets tzeri with tzeri=(double *)malloc(0*sizeof(double));. Later, it allocates new space with temp=(double *)realloc(tzeri,nzeri*sizeof(double));, but it never assigns that value to tzeri. After checking that temp is not null, you need tzeri = temp;.