Skip navigation.
Home
The QNX Community Portal

View topic - io_write() crashes when freeing memory..

io_write() crashes when freeing memory..

Discussion about the general applications that run on QNX6

io_write() crashes when freeing memory..

Postby newbie_learner » Thu Jul 04, 2013 5:46 pm

Hi,

I got this code from the internet with some minor modification from my side. Not exactly sure why the code is crashing when I try to free the memory. Would appreciate if anybody has any clue on this.

Thanks for your time

=========================================================================================================

int io_write (resmgr_context_t *ctp, io_write_t *msg, RESMGR_OCB_T *ocb)
{
int status;
unsigned int addr = 0, para2 = 0;
char *inputBufPtr = NULL;
ReturnStatus_E status_e = Success;
char outputBuffer[100] = {0};
SplitStringArray paramArray;
int bufLen = 0;

if ((status = iofunc_write_verify(ctp, msg, ocb, NULL)) != EOK)
return (status);

if ((msg->i.xtype & _IO_XTYPE_MASK) != _IO_XTYPE_NONE)
return(ENOSYS);

_IO_SET_WRITE_NBYTES (ctp, msg->i.nbytes);

//bufLen = sizeof(msg->i.nbytes) + 1;

inputBufPtr = (char *)malloc(msg->i.nbytes + 1);
if (inputBufPtr == NULL)
return(ENOMEM);


/* Here we print the data. This is a good example for the case
* where you actually would like to do something with the data.
*/
/* First check if our message buffer was large enough
* to receive the whole write at once. If yes, print data.*/


if( (msg->i.nbytes <= ctp->info.msglen - ctp->offset - sizeof(msg->i)) &&
(ctp->info.msglen < ctp->msg_max_size)) { // space for NUL byte

inputBufPtr = (char *)(msg+1);

printf("\r\nReceived %d bytes = '%s'\n", msg -> i.nbytes, inputBufPtr); // If I take out this section of code (if statement) … then the program doesn’t crash..Not sure why ???

}
else {

/* If we did not receive the whole message because the
* client wanted to send more than we could receive, we
* allocate memory for all the data and use resmgr_msgread()
* to read all the data at once. Although we did not receive
* the data completely first, because our buffer was not big
* enough, the data is still fully available on the client
* side, because its write() call blocks until we return
* from this callback! */

resmgr_msgread( ctp, inputBufPtr, msg->i.nbytes, sizeof(msg->i));
}


inputBufPtr[msg->i.nbytes] = '\0';

printf("\r\nReceived %d bytes = '%s'\n", msg -> i.nbytes, inputBufPtr);

// Split parameters into separate strings
splitString(inputBufPtr, paramArray);
convertHexStringToInteger(&addr, paramArray[1]);
convertHexStringToInteger(&para2, paramArray[2]);

volatile U32* basePtr = FpgaResManager_CL::getInstance().getFpgaBasePtr();

if((basePtr) == NULL) {
dwi_logp(LogFpgaRM, Err, "Null base pointer got in FPGA resource manager");
return Failed;
}

if (msg->i.nbytes > 0)
ocb->attr->flags |= IOFUNC_ATTR_MTIME | IOFUNC_ATTR_CTIME;

free(inputBufPtr); //crashes the program... ?

return (_RESMGR_NPARTS (0));
}
newbie_learner
Active Member
 
Posts: 18
Joined: Wed Mar 27, 2013 10:12 pm

Re: io_write() crashes when freeing memory..

Postby maschoen » Thu Jul 04, 2013 8:15 pm

If you see the printf "Received %d bytes..."

then the variable inputBufPtr is changed from the malloc's memory to point at msg[1].

msg is a pointer passed from the the resource manager which should not be free()'d.
maschoen
QNX Master
 
Posts: 2640
Joined: Wed Jun 25, 2003 5:18 pm

Re: io_write() crashes when freeing memory..

Postby newbie_learner » Fri Jul 05, 2013 1:42 pm

Thanks Maschoen.

But I am still confused. Because there are 2 printf() statements in my function. If I comment out my highlighted red section, everything is fine. I can still free the memory without problem.
My question is , I am still left with one more similar printf() statement after that if else condition..
Why is it not causing problem when I free the pointer at the end of the function ?

Thanks
newbie_learner
Active Member
 
Posts: 18
Joined: Wed Mar 27, 2013 10:12 pm

Re: io_write() crashes when freeing memory..

Postby maschoen » Fri Jul 05, 2013 6:35 pm

I can't teach you to program. My answer is no different from the first time. Read your code carefully. Read my first reply carefully. The answer is there. The problem has nothing to do with printf's.
maschoen
QNX Master
 
Posts: 2640
Joined: Wed Jun 25, 2003 5:18 pm

Re: io_write() crashes when freeing memory..

Postby Thunderblade » Fri Jul 12, 2013 10:09 am

newbie_learner wrote:But I am still confused. Because there are 2 printf() statements in my function. If I comment out my highlighted red section, everything is fine. I can still free the memory without problem.

Of course all is fine when you comment out the highlighted section. Because in there, you do:

inputBufPtr = (char *)(msg+1);

You change the inputBufPtr to point into the message buffer that belongs to the resource manager framework in the OS library. Thus you are not freeing the memory you previously allocated with malloc, but some other memory that does not belong to you. That's why it crashes, and that's what maschoen told you. I told you the same, just using different words, in the hope this time you understand. ;-)

Cheers,

- ThunderBlade
Thunderblade
Senior Member
 
Posts: 487
Joined: Thu Apr 07, 2005 11:52 am


Return to QNX6 - Applications

Who is online

Users browsing this forum: No registered users and 2 guests