Search code examples
carraysstructmalloclibxml2

Dynamically allocate an array of struct containing a dynamically allocated array

I'm trying to read settings values from an XML file and to make things simpler I set up a struct containing every value. One of these is an array of structs. I then initialize the struct as an array.

While running the code I sometimes get a smooth run, sometimes a segfault and sometimes an abort trap (malloc: *** error for object: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Abort trap: 6). I guess this is undefined behaviour.

I might have a hint on why this happens, but I couldn't get any confirmations, though I did heavy research.

In my opinion, this is caused by the allocation of space for the array of struct allocating enough memory to contain a struct with some values plus an empty array of structs. I then allocate memory for the second array of struct, therefore changing the space needed for the first array of structs.

These are the declaration of the structs:

struct Delegate {

  int warnings;

  gchar *name;

};

struct Staff {

  gchar *president;
  gchar *vice;
  gchar *mod;

};

struct Committee {

  int n_delegate;

  gchar *name;
  gchar *topics[2];

  struct Delegate *delegates;
  struct Staff staff;


};

And here is the code I'm trying to run:

static void load_prop() {

  xmlDocPtr doc;
  xmlNodePtr node;
  xmlNodePtr subnode;
  xmlNodePtr subsubnode;
  xmlNodePtr subsubsubnode;
  xmlChar *cnumber;

  doc = xmlParseFile("/Users/username/Documents/Obermun/DebateProgram/res/xml/property.xml");
  node = xmlDocGetRootElement(doc);

  edition = (char *) xmlGetProp(node, (const xmlChar *) "edition");

  int const index = atoi((const char*)(xmlGetProp(node, (const xmlChar *) "committees")));
  committees = (Committee *) malloc(sizeof(Committee)*index);

  subnode = node -> xmlChildrenNode;
  int i = 0;
  int t = 0;
  int d = 0;

  while(subnode != NULL) {

    if(!xmlStrcmp(subnode -> name, (const xmlChar *) "committee")) {

      committees[i].name = (char *) xmlGetProp(subnode, (const xmlChar *) "name");
      committees[i].n_delegate = atoi((const char*) xmlGetProp(subnode, (const xmlChar *) "delegates"));
      committees[i].delegates = (Delegate *) malloc(sizeof(Delegate)*committees[i].n_delegate);

      subsubnode = subnode -> xmlChildrenNode;

      while(subsubnode != NULL) {

        if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "topic")) {

          committees[i].topics[t] = (char *) xmlNodeListGetString(doc, subsubnode -> xmlChildrenNode, 1);
          t++;

        }

        else if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "delegate")) {

          committees[i].delegates[d].warnings = atoi((const char*) xmlGetProp(subsubnode, (const xmlChar *) "warnings"));
          committees[i].delegates[d].name = (char *) xmlNodeListGetString(doc, subsubnode -> xmlChildrenNode, 1);
          d++;

        }

        else if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "staff")) {

          subsubsubnode = subsubnode -> xmlChildrenNode;

          while(subsubsubnode != NULL) {

            if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "president")) {

              committees[i].staff.president = (char *) xmlNodeListGetString(doc, subsubsubnode -> xmlChildrenNode, 1);

            }

            if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "vice")) {

              committees[i].staff.vice = (char *) xmlNodeListGetString(doc, subsubsubnode -> xmlChildrenNode, 1);

            }

            if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "mod")) {

              committees[i].staff.mod = (char *) xmlNodeListGetString(doc, subsubsubnode -> xmlChildrenNode, 1);

            }

            subsubsubnode = subsubsubnode -> next;

          }

        }

        subsubnode = subsubnode -> next;

      }

      i++;

    }

    subnode = subnode -> next;

  }

}

Trying to debug the code with gdb I get this backtrace:

Thread 2 received signal SIGABRT, Aborted.
0x00007fff7353ab66 in ?? () from /usr/lib/system/libsystem_kernel.dylib
(gdb) bt
#0  0x00007fff7353ab66 in ?? () from /usr/lib/system/libsystem_kernel.dylib
#1  0x00007fff73705080 in pthread_kill () from /usr/lib/system/libsystem_pthread.dylib
#2  0x00007fff734961ae in abort () from /usr/lib/system/libsystem_c.dylib
#3  0x0000003000000010 in ?? ()
#4  0x00007ffeffffffdf in ?? ()
#5  0xffffffff0160f658 in ?? ()
#6  0x000000010160f658 in ?? ()
#7  0x00007ffeefbff5f0 in ?? ()
#8  0x00007fff7359fb58 in szone_error () from /usr/lib/system/libsystem_malloc.dylib
Backtrace stopped: frame did not save the PC
Solution

  • As @nwellnhof pointed out in the comments, the problem of this code snippet is that the variables d and t I use to store the delegates and topics values are never reset to 0, so every cycle they grow up, trying to store the values in non-allocated memory space, resulting in an undefined behaviour.

    The correct code is the following:

    static void load_prop() {

  xmlDocPtr doc;
  xmlNodePtr node;
  xmlNodePtr subnode;
  xmlNodePtr subsubnode;
  xmlNodePtr subsubsubnode;
  xmlChar *cnumber;

  doc = xmlParseFile("/Users/username/Documents/Obermun/DebateProgram/res/xml/property.xml");
  node = xmlDocGetRootElement(doc);

  edition = (char *) xmlGetProp(node, (const xmlChar *) "edition");

  int const index = atoi((const char*)(xmlGetProp(node, (const xmlChar *) "committees")));
  committees = (struct Committee *) malloc(sizeof(struct Committee)*index);

  subnode = node -> xmlChildrenNode;
  int i = 0;
  int t = 0;
  int d = 0;

  while(subnode != NULL) {

    if(!xmlStrcmp(subnode -> name, (const xmlChar *) "committee")) {

      committees[i].name = strdup((char *) xmlGetProp(subnode, (const xmlChar *) "name"));
      committees[i].n_delegate = atoi((const char*) xmlGetProp(subnode, (const xmlChar *) "delegates"));
      committees[i].delegates = (struct Delegate *) malloc(sizeof(struct Delegate)*committees[i].n_delegate);

      subsubnode = subnode -> xmlChildrenNode;

      t = 0;
      d = 0;

      while(subsubnode != NULL) {

        if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "topic")) {

          committees[i].topics[t] = strdup((char *) xmlNodeListGetString(doc, subsubnode -> xmlChildrenNode, 1));
          t++;

        }

        else if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "delegate")) {

          committees[i].delegates[d].warnings = atoi((const char*) xmlGetProp(subsubnode, (const xmlChar *) "warnings"));
          committees[i].delegates[d].name = strdup((char *) xmlNodeListGetString(doc, subsubnode -> xmlChildrenNode, 1));
          d++;

        }

        else if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "staff")) {

          subsubsubnode = subsubnode -> xmlChildrenNode;

          while(subsubsubnode != NULL) {

            if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "president")) {

              committees[i].staff.president = strdup((char *) xmlNodeListGetString(doc, subsubsubnode -> xmlChildrenNode, 1));

            }

            if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "vice")) {

              committees[i].staff.vice = strdup((char *) xmlNodeListGetString(doc, subsubsubnode -> xmlChildrenNode, 1));

            }

            if(!xmlStrcmp(subsubnode -> name, (const xmlChar *) "mod")) {

              committees[i].staff.mod = strdup((char *) xmlNodeListGetString(doc, subsubsubnode -> xmlChildrenNode, 1));

            }

            subsubsubnode = subsubsubnode -> next;

          }

        }

        subsubnode = subsubnode -> next;

      }

      i++;

    }

    subnode = subnode -> next;

  }

}

    Notice t and d being set to 0 prior every cycle.