Chinaunix首页 | 论坛 | 博客
  • 博客访问: 268909
  • 博文数量: 51
  • 博客积分: 1400
  • 博客等级: 上尉
  • 技术积分: 606
  • 用 户 组: 普通用户
  • 注册时间: 2007-11-13 16:43
文章分类

全部博文(51)

文章存档

2011年(1)

2010年(3)

2009年(45)

2008年(2)

我的朋友

分类: LINUX

2009-05-25 18:45:02

在网上找了一下没有具体的原因,只好自己找bug,在调试过程中发现内存溢出,解决内存溢出就解决了core dumpe,故此写了test以验证,若有不足请指点。
环境:
    SunOS solaris 5.10 Generic_139556-08 i86pc i386 i86pc
    gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
    调用localtime或fprint,fwrite是Segmentation Fault (core dumped)
 
原因:在调用它们之前有内存溢出,形成内存无法释放
解决方法:需要手工排除看看那里内存溢出。一般是字符串处理的时候内存溢出。如果是大程序估计需要借助一些工具了。
 
现象:
#0  0xfee048da in _malloc_unlocked () from /lib/libc.so.1
#1  0xfee04764 in malloc () from /lib/libc.so.1
#2  0xfee044d5 in get_zone () from /lib/libc.so.1
#3  0xfee045b7 in getsystemTZ () from /lib/libc.so.1
#4  0xfee01f2d in localtime_r () from /lib/libc.so.1
#5  0xfee0202c in localtime () from /lib/libc.so.1
#6  0x08053977 in datetime ()
#7  0x080549b9 in errcall ()
#8  0x0805245d in srv_exit ()
#9  0xfee6745f in __sighndlr () from /lib/libc.so.1
#10 0xfee5d151 in call_user_handler () from /lib/libc.so.1
#11
#12 0xfee69965 in _so_accept () from /lib/libc.so.1
#13 0xfef9a2d9 in accept () from /lib/libsocket.so.1
#14 0x0805354d in main ()
 
程序:
 

while(!feof(fp))
    {
        if(fgets(buffer, sizeof(buffer), fp) == NULL)
        {
            break;
        }
        if(buffer[strlen(buffer) - 1] == 0x0a)
            buffer[strlen(buffer) - 1] = 0;
 
        p = ( struct proc_info * )malloc( sizeof(struct proc_info) );
        if(p == NULL)
            return -1;
        sscanf(buffer, "%s %s", proc, proc_dir);
        strcpy(proc_args, buffer+(strlen(proc)+strlen(proc_dir)+2));
        sprintf(p->proc, "%s", proc);
        sprintf(p->proc_dir, "%s", proc_dir);

        //一下sprintf由于p->proc_args长度是50位,但是proc_args超出了50位,导致后来的localtime或fprint,fwrite产生Segmentation Fault (core dumped),扩展了p->proc_args定义长度后问题解决。
        sprintf(p->proc_args, "%s", proc_args);//有问题的语句
        p->next = NULL;
 
        if(i == 0)
        {
            Proc_info = p;
            p1 = Proc_info;
        }
        else
        {
            p1->next = p;
            p1 = p1->next;
        }
 
        i++;
    }

验证:test.c

 

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
#include <setjmp.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <sys/shm.h>
#include <sys/timeb.h>
#include <time.h>
#include <ctype.h>

main()
{
    char aa[100];
 
    time_t clock;
    struct tm * tm;
    time ( &clock );
 
    sprintf(aa,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
);
    //sprintf(aa,"a");
printf("test 1\n");
    tm = localtime ( &clock );
printf("test 2\n");
    tm = localtime ( &clock );
printf("test 3\n");
    tm = localtime ( &clock );
    tm = localtime ( &clock );
    tm = localtime ( &clock );
    tm = localtime ( &clock );
    printf("3\n");
}


 

编译:cc -o test test.c

sprintf(aa,"a");的执行结果:

test 1
test 2
test 3
3

sprintf(aa,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
);
测试的时候不能让sprintf报core dump又要溢出内存。

执行结果:

test 1
Segmentation Fault (core dumped)

信息:

#0  0xfeec94ae in clean_env () from /lib/libc.so.1
(gdb) where
#0  0xfeec94ae in clean_env () from /lib/libc.so.1
#1  0xfeeb7642 in initenv () from /lib/libc.so.1
#2  0xfeeb7b7b in getenv () from /lib/libc.so.1
#3  0xfeec4516 in getsystemTZ () from /lib/libc.so.1
#4  0xfeec1f2d in localtime_r () from /lib/libc.so.1
#5  0xfeec202c in localtime () from /lib/libc.so.1
#6  0x0805097a in main ()

呵呵现象一样但是信息有点不一样,可能测试程序和我报错的程序不是用同样的数据链.

阅读(2441) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~