在网上找了一下没有具体的原因,只好自己找bug,在调试过程中发现内存溢出,解决内存溢出就解决了core dumpe,故此写了test以验证,若有不足请指点。
环境:
SunOS solaris 5.10 Generic_139556-08 i86pc i386 i86pc
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
调用localtime或fprint,fwrite是Segmentation Fault (core dumped)
原因:在调用它们之前有内存溢出,形成内存无法释放
解决方法:需要手工排除看看那里内存溢出。一般是字符串处理的时候内存溢出。如果是大程序估计需要借助一些工具了。
现象:
#0 0xfee048da in _malloc_unlocked () from /lib/libc.so.1
#1 0xfee04764 in malloc () from /lib/libc.so.1
#2 0xfee044d5 in get_zone () from /lib/libc.so.1
#3 0xfee045b7 in getsystemTZ () from /lib/libc.so.1
#4 0xfee01f2d in localtime_r () from /lib/libc.so.1
#5 0xfee0202c in localtime () from /lib/libc.so.1
#6 0x08053977 in datetime ()
#7 0x080549b9 in errcall ()
#8 0x0805245d in srv_exit ()
#9 0xfee6745f in __sighndlr () from /lib/libc.so.1
#10 0xfee5d151 in call_user_handler () from /lib/libc.so.1
#11
#12 0xfee69965 in _so_accept () from /lib/libc.so.1
#13 0xfef9a2d9 in accept () from /lib/libsocket.so.1
#14 0x0805354d in main ()
程序:
while(!feof(fp)) { if(fgets(buffer, sizeof(buffer), fp) == NULL) { break; } if(buffer[strlen(buffer) - 1] == 0x0a) buffer[strlen(buffer) - 1] = 0; p = ( struct proc_info * )malloc( sizeof(struct proc_info) ); if(p == NULL) return -1; sscanf(buffer, "%s %s", proc, proc_dir); strcpy(proc_args, buffer+(strlen(proc)+strlen(proc_dir)+2)); sprintf(p->proc, "%s", proc); sprintf(p->proc_dir, "%s", proc_dir);
//一下sprintf由于p->proc_args长度是50位,但是proc_args超出了50位,导致后来的localtime或fprint,fwrite产生Segmentation Fault (core dumped),扩展了p->proc_args定义长度后问题解决。 sprintf(p->proc_args, "%s", proc_args);//有问题的语句 p->next = NULL; if(i == 0) { Proc_info = p; p1 = Proc_info; } else { p1->next = p; p1 = p1->next; } i++; }
|
验证:test.c
#include <stdio.h> #include <string.h> #include <stdlib.h> #include <stdarg.h> #include <errno.h> #include <unistd.h> #include <fcntl.h> #include <signal.h> #include <setjmp.h> #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> #include <netdb.h> #include <sys/ipc.h> #include <sys/msg.h> #include <sys/shm.h> #include <sys/timeb.h> #include <time.h> #include <ctype.h>
main() { char aa[100]; time_t clock; struct tm * tm; time ( &clock ); sprintf(aa,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); //sprintf(aa,"a"); printf("test 1\n"); tm = localtime ( &clock ); printf("test 2\n"); tm = localtime ( &clock ); printf("test 3\n"); tm = localtime ( &clock ); tm = localtime ( &clock ); tm = localtime ( &clock ); tm = localtime ( &clock ); printf("3\n"); }
|
编译:cc -o test test.c
sprintf(aa,"a");的执行结果:
test 1
test 2
test 3
3
sprintf(aa,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
测试的时候不能让sprintf报core dump又要溢出内存。
的执行结果:
test 1
Segmentation Fault (core dumped)
信息:
#0 0xfeec94ae in clean_env () from /lib/libc.so.1
(gdb) where
#0 0xfeec94ae in clean_env () from /lib/libc.so.1
#1 0xfeeb7642 in initenv () from /lib/libc.so.1
#2 0xfeeb7b7b in getenv () from /lib/libc.so.1
#3 0xfeec4516 in getsystemTZ () from /lib/libc.so.1
#4 0xfeec1f2d in localtime_r () from /lib/libc.so.1
#5 0xfeec202c in localtime () from /lib/libc.so.1
#6 0x0805097a in main ()
呵呵现象一样但是信息有点不一样,可能测试程序和我报错的程序不是用同样的数据链.
阅读(2441) | 评论(0) | 转发(0) |