在 C 中一定大小的 malloc 后堆已损坏

Heap has been corrupted after a certain size malloc In C

我试图用 C 语言编写一个非常简单的压缩器,但我 运行 在我的代码中遇到错误“堆已损坏”。我调查了一下,错误似乎是因为这一行:

ptr = (char*)malloc(count * sizeof(char));

当我将大小从计数更改为 1000 时它起作用了,我尝试调试并查看某处是否存在差异但我找不到它,我知道可能存在某种溢出但我不明白为什么和解决办法是什么而不是写一个大数字来修复它

这是我现在的代码:

#include <stdio.h>
#include <stdlib.h>

errno_t err;
int count =0;

struct node {
    int data;
    struct node* left;
    struct node* right;
};

struct node* newNode(int data) {
        struct node* node = (struct node*)malloc(sizeof(struct node));

        node->data = data;

        node->left = NULL;
        node->right = NULL;
        return (node);
    };

int* frequency(char* str) {

    FILE* fptr;
    err = fopen_s(&fptr, str, "r");
    if (err != 0)
    {
        printf("The file wasn't opened\n");
        exit(0);
    }

    int* ptr;
    ptr = (int*)malloc(95 * sizeof(int));

    if (ptr == NULL) {
        printf("Error! memory not allocated.");
        exit(0);
    }

    for (int i = 0; i < 95; i++) {
        *(ptr + i) = 0;
    }
    char ch;
    int index;

    while ((ch = fgetc(fptr)) != EOF) {
        index = (int)ch - 32;
        (*(ptr+index))++;
    }

    err = fclose(fptr);
    if (err != 0)
    {
        printf("The file wasn't closed\n");
        exit(0);
    }

    for (int i = 0; i < 95; i++) {
        printf("%d ", *(ptr+i));
    }
    return ptr;
}

void* letFrequency(int* occLet) {
    for (int i = 0; i < 95; i++) // counts how many actually occur 
    {
        if (*(occLet+i) > 0)
        {
            count++;
        }
    }

    int* ptr;
    ptr = (char*)malloc(count * sizeof(char));
    if (ptr == NULL) {
        printf("Error! memory not allocated.");
        exit(0);
    }

    int max = 0;
    int placement = 0;

    for (int j = 0; j < count; j++) {
        for (int i = 0; i < 95; i++) {
            if (*(occLet+i) >= max)
            {
                max = *(occLet+i);
                placement = i;
            }
        }
        *(ptr+j) = (char)(placement + 32);
        printf("%c", *(ptr +j));
        *(occLet+placement) = 0;
        max = 1;
    }
    return ptr;
}

void binaryMap(char* letFrq) {
    struct node* rootzero = newNode(1);
    struct node* rootone = newNode(0);

    int leaveszero = 0;
    int leavesone = 0;

    if (count % 2 == 0) {
        leavesone = count / 2;
        leaveszero = count / 2;
    }
    else
    {
        leavesone = count / 2;
        leaveszero = count / 2 + 1;
        printf("%d", leaveszero);
    }

}


int main() {
    char str[70];
    printf("Enter the name of the text file you want to compress: ");
    scanf_s("%s", str, sizeof(str));
    int* ptrFr;
    char* ptrLetFr;
    ptrFr = frequency(str);
    ptrLetFr = letFrequency(ptrFr);
    free(ptrFr);
    binaryMap(ptrLetFr);
}

线条;

    int* ptr;
    ptr = (char*)malloc( count * sizeof(char));

显然是错误的。如果您想要 count 个整数,那么 sizeof(char) 将分配一个太小的块。我建议 习惯:

  • 不要投射 void* - 只需分配它。
  • 使用sizeof 指向的对象,而不是显式类型。
  • 不要留下不必要的悬挂指针。

为此:

    int* ptr = malloc(count * sizeof(*ptr) ) ;

或者如果它_intended char* 那么:

    char* ptr = malloc(count * sizeof(*ptr) ) ;

请注意变化是多么微小 - 您不必在三个不同的地方进行更正。