为什么 free(pointer) 会出现运行时错误？

Question

我有以下C程序。它要求用户提供坐标数。然后使用 malloc 分配内存，将坐标（整数）存储在分配的内存中，然后释放内存。

#include<stdio.h>
#include<stdlib.h>

int main(int argc, char *argv[]) /* Arguments to main() not necessary but used to keep with convention.*/
{
    int num_of_coordinates;
    printf("How many co-ordinates: ");
    scanf("%d", &num_of_coordinates);

    int *coordinate_array = malloc(num_of_coordinates * 2);
    int i, j;

    /* Below for loop takes the x and y coordinate of all points. */
    /* These coordinates are stored in coordinate_aaray[]. */
    for (i=0; i < num_of_coordinates*2; i++)
    {
            j = (i / 2) + 1 ;
            if (i % 2 != 0)
            {
                    printf("Enter x coordinate of point %d: ",j);
                    scanf("%d",&coordinate_array[i]);
            }
            else
            {
                    printf("Enter y-coordinate of point %d: ",j);
                    scanf("%d",&coordinate_array[i]);
            }
    }

    for (i=0; i < num_of_coordinates*2; i++)
    {
            printf("%d ",coordinate_array[i]);
    }
    printf("\n");

    /* Free the allocated memory. */
    free (coordinate_array);

    return 0;
}

当我运行这些程序时，我没有遇到任何问题，直到 number_of_coordinates 等于或小于 3。

-bash-4.1$ ./a.out
How many co-ordinates: 3
Enter y-coordinate of point 1: 1
Enter x coordinate of point 1: 2
Enter y-coordinate of point 2: 3
Enter x coordinate of point 2: 4
Enter y-coordinate of point 3: 5
Enter x coordinate of point 3: 6
1 2 3 4 5 6
-bash-4.1$

然而，当我给 num_of_coordinates 一个 4 或更大的值时，我得到一个运行时间错误（很可能是因为 free(coordinate_array)）。

-bash-4.1$ ./a.out
How many co-ordinates: 4
Enter y-coordinate of point 1: 1
Enter x coordinate of point 1: 2
Enter y-coordinate of point 2: 3
Enter x coordinate of point 2: 4
Enter y-coordinate of point 3: 5
Enter x coordinate of point 3: 6
Enter y-coordinate of point 4: 7
Enter x coordinate of point 4: 8
1 2 3 4 5 6 7 8
*** glibc detected *** ./a.out: free(): invalid next size (fast):    0x000000000185b010 ***

实际上运行time 错误消息很长，所以我只显示了该错误的第一行。

为什么在这种情况下 num_of_coordinates 大于或等于 4 时会发生此错误？

谢谢。

Answer 1

我犯了一个愚蠢的错误。

我使用以下语句分配的内存量不足。

int *coordinate_array = malloc(num_of_coordinates * 2);

然而，由于每个数字都是一个 int 我不得不使用下面的语句。

int *coordinate_array = malloc(num_of_coordinates * 2 * sizeof(int));

进行此更改后，程序运行时没有运行时错误。

-bash-4.1$ ./a.out
How many co-ordinates: 4
Enter y-coordinate of point 1: 1
Enter x coordinate of point 1: 2
Enter y-coordinate of point 2: 3
Enter x coordinate of point 2: 4
Enter y-coordinate of point 3: 5
Enter x coordinate of point 3: 6
Enter y-coordinate of point 4: 7
Enter x coordinate of point 4: 8
1 2 3 4 5 6 7 8
-bash-4.1$

Answer 2

这条线有很多问题：

int *coordinate_array = malloc(num_of_coordinates * 2);

1) the amount of allocated memory is 1byte * num_of_coordinates * 2
That is not large enough to hold num_of_coordinates*2 integers
use:

int *coordinate_array = malloc(num_of_coordinates * 2 * sizeof int);

2) always check the returned value from malloc (and family) 
   to assure the operation was successful

int *coordinate_array = NULL;

if( NULL == (coordinate_array = malloc(num_of_coordinates * 2 * sizeof int) ) )
{ // then, malloc failed
    perror( "malloc for coordinate array failed" );
    exit( EXIT_FAILURE );
}

// implied else, malloc successful

Answer 3

确保分配所需的确切字节数。作为上面提到的另一个用户，您应该使用：

malloc(num_of_coordinates * sizeof(int) * 2)

此外，为了仔细检查，您记录值以测试您的代码如何。例如，记录 num_of_coordinates 以确保您扫描了正确的值。

要调试，您可以尝试这样的操作：http://dmalloc.com/

为什么 free(pointer) 会出现运行时错误？

why free(pointer) is giving runtime error?

c

malloc

free

runtime-error