When I try and run my program I get this warning and some weird bugs.
rmi_pdu in the following structure contains a variable sized array which I want to access.
struct rmi_message_s { /* Queue element containing Rmi message */
struct rmi_message_s *hnext;
struct rmi_message_s *hprev;
uint16_t gen_counter; /* Generation counter */
time_value send_time;
uint8_t retry_count;
TAILQ_ENTRY(rmi_message_s) rmi_message_next;
rmi_message_pdu rmi_pdu; /* contains a variable sized array */
};
typedef struct {
uint16_t zero;
uint16_t type;
uint8_t version;
uint8_t len;
uint8_t protocol;
uint16_t edge_port;
uint16_t core_port;
uint32_t connexus_id;
pi_ipv4_addr_t edge_addr;
pi_ipv4_addr_t core_addr;
uint16_t gen_count; /* Integer to identify a stale packet */
uint8_t payload[];
} rmi_message_pdu;
the problem is when I am trying to free the memory which I am dynamically allocating. The contents are there but the free() API is abort()ing . This what the core looks like
in raise () from /lib64/libc.so.6
in abort () from /lib64/libc.so.6
in __libc_message () from /lib64/libc.so.6
in _int_free () from /lib64/libc.so.6
in free () from /lib64/libc.so.6
in free (p=0x2aaabc000fa0) at mallocdbg.cc:188
in rmi_hash_cleanup (rmi_msg=0x2aaabc000fa0) at tcpsvc_rmi.c:126
in rmi_process_response (response_packet=0x27422e00) at tcpsvc_rmi.c:239
in rmi_message_handle (pkt=0x27422e00 "", cnt=28) at tcpsvc_base.c:154
in udpif_worker (arg=0x2b01f7014340) at rumpnet_virtif/if_udp_netbsd_guest.c:573
in threadbouncer (arg=0x2b01f7016428) at rumpkern/emul.c:428
in clone () from /lib64/libc.so.6
This is what the allocation looks like. The caller who wants to use rmi, will pass the size as an argument.
struct rmi_message_s *rmi_msg;
rmi_msg = (struct rmi_message_s *) malloc (sizeof(struct rmi_message_s *) + len * sizeof(uint8_t));
len is passed as an argument.
You are not allocating enough memory:
You had
...sizeof(struct rmi_message_s *)..., but it should have been...sizeof(struct rmi_message_s)...