c - Malloc、字符串指针和 Valgrind

Question

我的程序是这样的（main.c）：

#include <stdlib.h>
#include <stdio.h>
void main(){
  char *first="hello ";
  char *second="world!";
  char *seq=(char *)malloc((strlen(first)+1)*sizeof(char));
  strcat(strcpy(seq,first),second);
  printf("%s\n",seq);
  free(seq);
}

我使用工具 valgrind 进行调试，它说（$:valgrind --tool=memcheck --leak-check=full --track-origins=yes ./main）：

==5118== Memcheck, a memory error detector.
==5118== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==5118== Using LibVEX rev 1884, a library for dynamic binary translation.
==5118== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==5118== Using valgrind-3.4.1, a dynamic binary instrumentation framework.
==5118== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==5118== For more details, rerun with: -v
==5118== 
==5118== Invalid write of size 1
==5118==    at 0x402575B: strcat (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484EB: main (main.c:7)
==5118==  Address 0x418a02f is 0 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== Invalid write of size 1
==5118==    at 0x4025777: strcat (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484EB: main (main.c:7)
==5118==  Address 0x418a034 is 5 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== Invalid read of size 1
==5118==    at 0x4025963: strlen (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x40A0FA4: puts (in /lib/libc-2.10.1.so)
==5118==    by 0x80484F7: main (main.c:8)
==5118==  Address 0x418a02f is 0 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== Invalid read of size 1
==5118==    at 0x40ACEFE: _IO_default_xsputn (in /lib/libc-2.10.1.so)
==5118==    by 0x40AA3D0: _IO_file_xsputn@@GLIBC_2.1 (in /lib/libc-2.10.1.so)
==5118==    by 0x40A1020: puts (in /lib/libc-2.10.1.so)
==5118==    by 0x80484F7: main (main.c:8)
==5118==  Address 0x418a02f is 0 bytes after a block of size 7 alloc'd
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
hello world!
==5118== 
==5118== ERROR SUMMARY: 17 errors from 4 contexts (suppressed: 13 from 1)
==5118== malloc/free: in use at exit: 7 bytes in 1 blocks.
==5118== malloc/free: 1 allocs, 0 frees, 7 bytes allocated.
==5118== For counts of detected errors, rerun with: -v
==5118== searching for pointers to 1 not-freed blocks.
==5118== checked 47,492 bytes.
==5118== 
==5118== 
==5118== 7 bytes in 1 blocks are definitely lost in loss record 1 of 1
==5118==    at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5118==    by 0x80484C3: main (main.c:6)
==5118== 
==5118== LEAK SUMMARY:
==5118==    definitely lost: 7 bytes in 1 blocks.
==5118==      possibly lost: 0 bytes in 0 blocks.
==5118==    still reachable: 0 bytes in 0 blocks.
==5118==         suppressed: 0 bytes in 0 blocks.

谁能告诉我为什么以及如何解决它。

Answer 1

 char *seq=(char *)malloc((strlen(first)+1)*sizeof(char));

您正在为大小仅为“first”的字符串分配内存。

  strcat(strcpy(seq,first),second);

然后你试着把第一和第二都放进去。那永远行不通。strcat不会创建更多内存，您需要将其包含在malloc.

无需在纯 C 中转换 malloc 的结果。

也没有必要这样做sizeof(char)，因为它保证为 1。有些人喜欢把它放在那里以明确类型以防它发生变化，有些人认为它很混乱。

Answer 2

对应free()的在哪里malloc()？

Answer 3

您只为 seq 中的 first 分配了足够的空间。

Answer 4

seq 只有 (strlen(first)+1)*sizeof(char) 长，不足以容纳连接的字符串 first + second。

Answer 5

我可以看到这条线：

strcat(strcpy(seq,first),second);

没有错误地陷害。原因是，您正在执行 string concatenation ，而您没有提供正确的来源。如果您将上述语法分成两行，它将正常工作。

strcpy(seq,first); strcat(seq,second);

这是因为，当您进行字符串复制时，它会将字符串从“first”复制到“seq”。现在，对于字符串连接，由于它找不到正确的源[记住你没有特别提到源是“seq”]，它给出了一个无效的写入内存泄漏问题。

希望这能澄清你的问题。如果需要任何进一步的信息，请恢复相同。