malloc 对象上的免费抛出错误

Free throws error on malloc'd object

我正在尝试释放为字符串创建的 malloc 缓冲区,但 free() 给我一个错误。 如我所见,指针的值没有改变,并且两个数组都是 malloc 的。所以应该有可能释放他们? 我想不出我做错了什么。

代码如下:

/* dump
 * this function dumps the entry array to the command line
 * */
void dump(PasswordEntry * entries, int numLines) {
    int index = 0;
    unsigned char *hexSalt = malloc(SALT_HEX_LENGTH+1), *hexHash = malloc(MAX_HASH_LEN+1);  /* pointers for salt and hash, because we need them in hex instead of byte */

    while (index < numLines) {  /* go through every line */
        /* gets us the salt in hex */
        toHexBinary(hexSalt, entries[index].salt, SALT_HEX_LENGTH);
        /* gets us the hash in hex, with length according to set algorithm */
        toHexBinary(hexHash, entries[index].hash, (entries[index].algorithm == HASH_ALG_SHA1)?SHA1_HEX_LENGTH:SHA2_HEX_LENGTH);

        /* prints one line to command line */
        printf("%s: %s = %s (%s/%s)\n", entries[index].username, hexHash, (entries[index].password == NULL)?"???":entries[index].password, (entries[index].algorithm == HASH_ALG_SHA1)?"SHA1":"SHA2", hexSalt);
        index++;
    }

    /* don't need these anymore, we can free them */
    free(hexSalt);
    free(hexHash);
}

/* takes a string in binary and returns it in hex (properly escaped) */
unsigned char * toHexBinary(unsigned char * to, unsigned char * from, int length) {
    unsigned char c = '0';
    int second = 0, first = 0;
    if (to == NULL) {   /* if to is null, we need to allocate it */
        to = malloc(length+1);
    }

    to[length] = '[=10=]';
    while (length-- > 0) {  /* go trough the string, starting at tthe end */
        length--;   /* we always need to read two characters */
        c = from[length/2]; 
        second = c % 16;
        first = (c - second) / 16;
        to[length] = toHex(first);
        to[length+1] = toHex(second);
    }

    return to;
}

/* takes a numeric character and returns it's hex representation */
char toHex(int c) {
    if (c < 10) return (char)(NUMBER_BEGIN + c);    /* if it is under 10, we get the appropiate digit */
    else return (char)(UPPER_BEGIN + (c - 10)); /* if it is over 10, we get the appropiate UPPERCASE character */
}

这是 gdb 的输出:

Starting program: /crack -b ./hashes.txt 1 2

Breakpoint 1, dump (entries=0x604700, numLines=9) at crack.c:435
435     unsigned char *hexSalt = malloc(SALT_HEX_LENGTH+1), *hexHash = malloc(MAX_HASH_LEN+1);  /* pointers for salt and hash, because we need them in hex instead of byte */
(gdb) next
437     while (index < numLines) {  /* go through every line */
(gdb) p hexSalt
 = (unsigned char *) 0x604390 ""
(gdb) p hexHash
 = (unsigned char *) 0x604510 ""
(gdb) continue
Continuing.

Breakpoint 2, dump (entries=0x604700, numLines=9) at crack.c:449
449     free(hexSalt);
(gdb) p hexSalt
 = (unsigned char *) 0x604390 "1234567890FEDCBA0000"
(gdb) p hexHash
 = (unsigned char *) 0x604510 "05F770BDD6D78ED930A9B6B9A1F22776F13940B908679308C811978CD570E057"
(gdb) next
450     free(hexHash);
(gdb) next
*** Error in `/crack': free(): invalid next size (fast): 0x0000000000604510 ***

Program received signal SIGABRT, Aborted.
0x00007ffff7602267 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:55
55  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
toHexBinary(hexHash, entries[index].hash, (entries[index].algorithm == HASH_ALG_SHA1)?SHA1_HEX_LENGTH:SHA2_HEX_LENGTH);

您只为 hexHash 分配了 MAX_HASH_LEN+1 个字节。但是您传递的是 SHA1_HEX_LENGTHSHA2_HEX_LENGTH

如果这些值中的任何一个大于 MAX_HASH_LEN,您就会遇到问题,因为函数 toHexBinary() 访问 hexHash[MAX_HASH_LEN]。这可能就是发生的事情。您不能传递大于 MAX_HASH_LEN.

的值

我遇到了类似的错误,"free(): invalid next size " 和“../sysdeps/unix/sysv/linux/raise.c: 没有那个文件或目录。”。
我是 运行 外围初始化工作,然后做 ROS 初始化和其他一些工作。
外设初始化作业运行良好,ROS 初始化作业也运行良好。但是一起做的时候总是报这个错
最后我发现这是一个内存问题。在 malloc() 中我在 sizeof() 中错过了一个 * 那么 malloc 内存的大小不正确。
只为同舟共济的人。