在网上找了一下没有具体的原因,只好自己找bug,在调试过程中发现内存溢出,解决内存溢出就解决了core dumpe,故此写了test以验证,若有不足请指点。
环境:
SunOS solaris 5.10 Generic_139556-08 i86pc i386 i86pc
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
调用localtime或fprint,fwrite是Segmentation Fault (core dumped)
原因:在调用它们之前有内存溢出,形成内存无法释放
解决方法:需要手工排除看看那里内存溢出。一般是字符串处理的时候内存溢出。如果是大程序估计需要借助一些工具了。
现象:
#0 0xfee048da in _malloc_unlocked () from /lib/libc.so.1
#1 0xfee04764 in malloc () from /lib/libc.so.1
#2 0xfee044d5 in get_zone () from /lib/libc.so.1
#3 0xfee045b7 in getsystemTZ () from /lib/libc.so.1
#4 0xfee01f2d in localtime_r () from /lib/libc.so.1
#5 0xfee0202c in localtime () from /lib/libc.so.1
#6 0x08053977 in datetime ()
#7 0x080549b9 in errcall ()
#8 0x0805245d in srv_exit ()
#9 0xfee6745f in __sighndlr () from /lib/libc.so.1
#10 0xfee5d151 in call_user_handler () from /lib/libc.so.1
#11
#12 0xfee69965 in _so_accept () from /lib/libc.so.1
#13 0xfef9a2d9 in accept () from /lib/libsocket.so.1
#14 0x0805354d in main ()
程序:
|
while(!feof(fp))
{
if(fgets(buffer, sizeof(buffer), fp) == NULL)
{
break;
}
if(buffer[strlen(buffer) - 1] == 0x0a)
buffer[strlen(buffer) - 1] = 0;
p = ( struct proc_info * )malloc( sizeof(struct proc_info) );
if(p == NULL)
return -1;
sscanf(buffer, "%s %s", proc, proc_dir);
strcpy(proc_args, buffer+(strlen(proc)+strlen(proc_dir)+2));
sprintf(p->proc, "%s", proc);
sprintf(p->proc_dir, "%s", proc_dir);
//一下sprintf由于p->proc_args长度是50位,但是proc_args超出了50位,导致后来的localtime或fprint,fwrite产生Segmentation Fault (core dumped),扩展了p->proc_args定义长度后问题解决。
sprintf(p->proc_args, "%s", proc_args);//有问题的语句
p->next = NULL;
if(i == 0)
{
Proc_info = p;
p1 = Proc_info;
}
else
{
p1->next = p;
p1 = p1->next;
}
i++;
}
|
验证:test.c
|
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
#include <setjmp.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <sys/shm.h>
#include <sys/timeb.h>
#include <time.h>
#include <ctype.h>
main()
{
char aa[100];
time_t clock;
struct tm * tm;
time ( &clock );
sprintf(aa,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
//sprintf(aa,"a");
printf("test 1\n");
tm = localtime ( &clock );
printf("test 2\n");
tm = localtime ( &clock );
printf("test 3\n");
tm = localtime ( &clock );
tm = localtime ( &clock );
tm = localtime ( &clock );
tm = localtime ( &clock );
printf("3\n");
}
|
编译:cc -o test test.c
sprintf(aa,"a");的执行结果:
test 1
test 2
test 3
3
sprintf(aa,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
测试的时候不能让sprintf报core dump又要溢出内存。
的执行结果:
test 1
Segmentation Fault (core dumped)
信息:
#0 0xfeec94ae in clean_env () from /lib/libc.so.1
(gdb) where
#0 0xfeec94ae in clean_env () from /lib/libc.so.1
#1 0xfeeb7642 in initenv () from /lib/libc.so.1
#2 0xfeeb7b7b in getenv () from /lib/libc.so.1
#3 0xfeec4516 in getsystemTZ () from /lib/libc.so.1
#4 0xfeec1f2d in localtime_r () from /lib/libc.so.1
#5 0xfeec202c in localtime () from /lib/libc.so.1
#6 0x0805097a in main ()
呵呵现象一样但是信息有点不一样,可能测试程序和我报错的程序不是用同样的数据链.
阅读(2419) | 评论(0) | 转发(0) |
