由于不正确的重新分配,我是否遇到了分段错误?

Am I getting a segmentation fault due to an incorrect realloc?

struct model
{
    char *cam;
    int *to_location, *go_location;
    int to_count, go_count;
    int length, size;
};

struct model *
initialize(int l)
{
    struct model *c;
    c = (struct model *)malloc(sizeof(struct model));
    assert(c != NULL);
    c->length = l;
    c->size = 2 * l;
    c->cam = (char *)malloc(2 * l * sizeof(char));
    assert(c->cam != NULL);
    c->to_location = (int *)malloc(l * sizeof(int));
    assert(c->to_location != NULL);
    c->go_location = (int *)malloc(l * sizeof(int));
    assert(c->go_location != NULL);
    return c;
}

void 
shuffle(struct model *current, struct model *future, int to, int g)
{
    int i1, k, d1;
    char init[100000];
    current->to_count = 0;
    current->go_count = 0;
    for (i1 = 0; i1 < g; i1++)
    {
        init[i1] = 'G';
    }
    for (i1 = g; i1 < g + to; i1++)
    {
        init[i1] = 'T';
    }
    for (i1 = g + to; i1 < current->length; i1++)
    {
        init[i1] = '.';
    }
    for(i1 = 0; i1 < future->length; i1++)
    {
        d1 = rand() % current->length;
        current->cam[i1] = init[d1];
        if (current->cam[i1] == 'T')
        {
            current->to_location[current->to_count] = i1;
            current->to_count = current->to_count + 1;
        }
        if (current->cam[i1] == 'G')
        {
            current->go_location[current->go_count] = i1;
            current->go_count = current->go_count + 1;
        }
        for (k = d1; k < current->length; k++)
        {
            init[k] = init[k + 1];
        }
        current->length = current->length - 1;
    }
    current->length = future->length;
}

void 
display(struct model *current)
{
    int i;
    printf("\n<");
    current->to_count = 0;
    current->go_count = 0;
    for(i = 0; i < current->length; i++) 
    {
        if (current->cam[i] == 'T')
        {
            current->to_location[current->to_count] = i;
            current->to_count = current->to_count + 1;
        }
        else if (current->cam[i] == 'G')
        {
            current->go_location[current->go_count] = i;
            current->go_count = current->go_count + 1;
        }
        printf("%c", current->cam[i]);
    }
    printf(">\n");
    printf("\nThe total number of to's are %d, and the total number of gos      are %d. The length is %d\n", current->to_count, current->go_count, current->length);
}

void 
insert(struct model *current, struct model *future)
{
    int j, k;
    k = rand() % (current->length + 1);
    current->length = current->length + 1;
    for (j = current->length; j > k; j--)
    {
        future->cam[j] = future->cam[j - 1];
    }
    future->cam[k] = 'T';
    future->size = 2 * current->length;
    future->cam = (char *)realloc(future->cam, future->size * sizeof(char));
    assert(future->cam != NULL);
    current->size = 2 * current->length;
    current->cam = (char *)realloc(current->cam, current->size * sizeof(char));
    assert(current->cam != NULL);
}

int 
main()
{
    int l, to, go, i, k1, k2, j;
    l = 100; //l,go,to are positive
    go = 20;
    to = 20; //go+to cannot be greater than l
    struct model *current = initialize(l), *future = initialize(l);
    shuffle(current, future, to, go);
    display(current);
    for (i = 0; i < 500; i++)
    {
        for (j = 0; j < current->length; j++)
        {
            future->cam[j] = current->cam[j];
        }
        insert(current, future);
        for (j = 0; j < current->length; j++)
        {
            current->cam[j] = future->cam[j];
        }
        display(current);
    }
    return 0;
}

我无法找出分段错误的原因。我检查了我是否正确地实现了 realloc,但据我所知,那里可能没有错误。分段错误发生在 current->length 达到 281 之后,因此重新分配可能会一直发生到那里,因为初始大小为 200,但为什么在那之后停止?

initialize()你:

c->cam = (char *)malloc(2 * l * sizeof(char));
assert(c->cam != NULL);
c->to_location = (int *)malloc(l * sizeof(int));
assert(c->to_location != NULL);
c->go_location = (int *)malloc(l * sizeof(int));
assert(c->go_location != NULL);

然后在 insert() 你:

current->length = current->length + 1;
....
future->size = 2 * current->length;
future->cam = (char *)realloc(future->cam, future->size * sizeof(char));
assert(future->cam != NULL);
current->size = 2 * current->length;
current->cam = (char *)realloc(current->cam, current->size * sizeof(char));

然后在 display() 你:

current->to_count = 0;
current->go_count = 0;
for(i = 0; i < current->length; i++)
...
        current->to_location[current->to_count] = i;
        current->to_count = current->to_count + 1;
...
        current->go_location[current->go_count] = i;
        current->go_count = current->go_count + 1;

类似的事情也发生在shuffle()

所以你写到 to_location 从 0 到 current->length 并且 current->length 由于 insert() 而继续变大,但是 to_location 不会变大随着 current->length 的增加,你写到 to_location 数组的末尾并破坏一些重要的东西 - 最终杀死程序。