Databases
StackOverflow2013
Postsdbo
PO*** glibc detected *** free(): invalid next size (fast) -- should work?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO*** glibc detected *** free(): invalid next size (fast) -- should work?
    text
    copied!<p>I'm working on an existing c project (spglib on sourceforge), and I'm running into the following problem after cleaning up some array initializations:</p> <p><strong>* glibc detected *</strong> tests/spglibtest: free(): invalid next size (fast): 0x08ab46e0 ***</p> <p>The backtrace is:</p> <pre><code>#0 0xb7fe1424 in __kernel_vsyscall () #1 0xb5cfdd61 in raise () from /lib/libc.so.6 #2 0xb5cff5ee in abort () from /lib/libc.so.6 #3 0xb5d397ed in ?? () from /lib/libc.so.6 #4 0xb5d3f7b1 in ?? () from /lib/libc.so.6 #5 0xb5d4052b in ?? () from /lib/libc.so.6 #6 0xb5d441cd in free () from /lib/libc.so.6 #7 0xb6681484 in sym_get_multiplicity (cell=0xbfffe1f0, symprec=0.050000000000000003) at /git/xtalopt-public/src/spglib/symmetry.c:168 #8 0xb6680550 in spg_find_primitive (lattice=0xbfffe2a8, position=0x813c6f0, types=0x813c700, num_atom=2, symprec=0.050000000000000003) at /git/xtalopt-public/src/spglib/spglib.c:253 </code></pre> <p>The error is in the "free(trans)" line below:</p> <pre><code>int sym_get_multiplicity(const Cell *cell, const double symprec) { int i, rc; double **trans; trans = (double**)malloc(cell-&gt;size * sizeof(double*)); for (i = 0; i &lt; cell-&gt;size; i++) { trans[i] = (double*)malloc(3 * sizeof(double)); } rc = get_translation(&amp;trans[0][0], identity, cell, symprec); for (i = 0; i &lt; cell-&gt;size; i++) { free(trans[i]); } free(trans); return rc; } </code></pre> <p>get_translation assigns values to trans like so:</p> <pre><code>static int get_translation(double trans[][3], const int rot[3][3], const Cell *cell, const double symprec) { ... for (j = 0; j &lt; 3; j++) { trans[num_trans][j] = someDouble; } ... } </code></pre> <p>Valgrind is showing the following when writing to the array in get_translation:</p> <pre><code>==17929== Invalid write of size 8 ==17929== at 0x56BE8A7: get_translation (symmetry.c:285) ==17929== by 0x56BE44B: sym_get_multiplicity (symmetry.c:163) ... ==17929== Address 0x9cb5868 is 0 bytes after a block of size 8 alloc'd ==17929== at 0x4024918: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==17929== by 0x56BE3F7: sym_get_multiplicity (symmetry.c:158) .... </code></pre> <p>This suggests to me that it's trying to write past the end of the allocated memory for trans, but it's writing to trans[0][0], and trans is of dimension [2][3]. This should work, AFAIK, can anyone see something that I'm missing?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload