Search code examples
c++glibcmemory-corruption

C++ glibc detected corrupted double-linked list error C++

I have the following declaration for a 2D dynamic integer linked list in Population.cpp:

sectionProf = new int*[section_count]; //list of professor for each section declaration

It is defined in Population.h as:

int ** sectionProf; //list of professor for each section

It is then filled from a file as such, again in Population.cpp, later on:

sectionProf[section] = new int[professors + 1];
sectionProf[section][0] = professors;
if (professors > 0) {
    for (int x = 1; x < professors + 1; ++x) {
        sectionProf[section][x] = stoi(tokenizedVersion[x + 1]);
    }
}

Then, in the destructor, I destroy it as follows:

if(sectionProf){
    for(int i = 0; i < section_count; ++i){
        delete [] sectionProf[i];
    }
    delete [] sectionProf;
}

However, upon execution, I keep getting the following error:

* glibc detected * ./research_scheduling_backend: corrupted double-linked list: 0x00000000020b78c0 ***

Here is the gdb backtrace (#17 is referring to the 'delete [] sectionProf' line):

#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:93
#1  0x00007ffff7085f61 in _L_lock_10611 () at malloc.c:5249
#2  0x00007ffff7083c87 in __GI___libc_malloc (bytes=140737341265696) at malloc.c:2921
#3  0x00007ffff7de7900 in _dl_map_object_deps (map=0x7ffff7fdd4e0, preloads=<optimized out>, npreloads=<optimized out>, trace_mode=0, open_mode=-2147483648) at dl-deps.c:517
#4  0x00007ffff7ded8a9 in dl_open_worker (a=0x7fffffffbb00) at dl-open.c:262
#5  0x00007ffff7de9176 in _dl_catch_error (objname=0x7fffffffbb48, errstring=0x7fffffffbb50, mallocedp=0x7fffffffbb5f, operate=0x7ffff7ded700 <dl_open_worker>, args=0x7fffffffbb00) at dl-error.c:178
#6  0x00007ffff7ded31a in _dl_open (file=0x7ffff717a858 "libgcc_s.so.1", mode=-2147483647, caller_dlopen=0x7ffff710bea5, nsid=-2, argc=3, argv=<optimized out>, env=0x7fffffffeac8) at dl-open.c:639
#7  0x00007ffff7131bb2 in do_dlopen (ptr=0x7fffffffbd00) at dl-libc.c:89
#8  0x00007ffff7de9176 in _dl_catch_error (objname=0x7fffffffbd30, errstring=0x7fffffffbd20, mallocedp=0x7fffffffbd3f, operate=0x7ffff7131b70 <do_dlopen>, args=0x7fffffffbd00) at dl-error.c:178
#9  0x00007ffff7131c74 in dlerror_run (args=0x7fffffffbd00, operate=0x7ffff7131b70 <do_dlopen>) at dl-libc.c:48
#10 __GI___libc_dlopen_mode (name=<optimized out>, mode=<optimized out>) at dl-libc.c:165
#11 0x00007ffff710bea5 in init () at ../sysdeps/x86_64/../ia64/backtrace.c:53
#12 0x00007ffff6df1400 in pthread_once () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104
#13 0x00007ffff710bfc4 in __GI___backtrace (array=<optimized out>, size=64) at ../sysdeps/x86_64/../ia64/backtrace.c:104
#14 0x00007ffff707505f in __libc_message (do_abort=2, fmt=0x7ffff717f560 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:180
#15 0x00007ffff707f846 in malloc_printerr (action=3, str=0x7ffff717be4c "corrupted double-linked list", ptr=<optimized out>) at malloc.c:5047
#16 0x00007ffff7080b1b in _int_free (av=0x7ffff73b9720, p=0x627dd0, have_lock=0) at malloc.c:4125
#17 0x0000000000404b7e in Population::~Population (this=0x7fffffffc910, __in_chrg=<optimized out>) at Population.cpp:91
#18 0x0000000000403919 in main (argc=3, argv=0x7fffffffeaa8) at Scheduler.cpp:101

At absolutely no place in the code is the sectionProf array ever modified. It is only used to check values. Can someone please tell me why I might be getting this error? I have looked all over the place about glibc double-linked list errors and I understand that it is because in some way I am corrupting the symbol table(?) somehow...

Solution

  • For anyone who lands on this problem, here is what is wrong in my specific problem. I was reading garbage value for section index that were out of range (section_count) when I was generating the array. That is, in the for loop, 

    sectionProf[section] = new int[professors + 1];
sectionProf[section][0] = professors;
if (professors > 0) {
    for (int x = 1; x < professors + 1; ++x) {
        sectionProf[section][x] = stoi(tokenizedVersion[x + 1]);
    }
}

    my value for section was not in the range of 0 and section_count, the index used in the delete loop. Hence why I was causing the corruption of memory.

    Lesson: Check for PEBKAC errors generated in input files.