当我尝试运行我的程序时,我收到了这个警告和一些奇怪的错误。
rmi_pdu在以下结构中包含我要访问的可变大小的数组。
struct rmi_message_s { /* Queue element containing Rmi message */
struct rmi_message_s *hnext;
struct rmi_message_s *hprev;
uint16_t gen_counter; /* Generation counter */
time_value send_time;
uint8_t retry_count;
TAILQ_ENTRY(rmi_message_s) rmi_message_next;
rmi_message_pdu rmi_pdu; /* contains a variable sized array */
};
typedef struct {
uint16_t zero;
uint16_t type;
uint8_t version;
uint8_t len;
uint8_t protocol;
uint16_t edge_port;
uint16_t core_port;
uint32_t connexus_id;
pi_ipv4_addr_t edge_addr;
pi_ipv4_addr_t core_addr;
uint16_t gen_count; /* Integer to identify a stale packet */
uint8_t payload[];
} rmi_message_pdu;
问题是当我试图释放我动态分配的内存时。内容在那里,但free()API 正在abort()运行。这就是核心的样子
in raise () from /lib64/libc.so.6
in abort () from /lib64/libc.so.6
in __libc_message () from /lib64/libc.so.6
in _int_free () from /lib64/libc.so.6
in free () from /lib64/libc.so.6
in free (p=0x2aaabc000fa0) at mallocdbg.cc:188
in rmi_hash_cleanup (rmi_msg=0x2aaabc000fa0) at tcpsvc_rmi.c:126
in rmi_process_response (response_packet=0x27422e00) at tcpsvc_rmi.c:239
in rmi_message_handle (pkt=0x27422e00 "", cnt=28) at tcpsvc_base.c:154
in udpif_worker (arg=0x2b01f7014340) at rumpnet_virtif/if_udp_netbsd_guest.c:573
in threadbouncer (arg=0x2b01f7016428) at rumpkern/emul.c:428
in clone () from /lib64/libc.so.6
这就是分配的样子。想要使用 rmi 的调用者会将大小作为参数传递。
struct rmi_message_s *rmi_msg;
rmi_msg = (struct rmi_message_s *) malloc (sizeof(struct rmi_message_s *) + len * sizeof(uint8_t));
len作为参数传递。