realloc(): invalid next size: 0x0000000000ad92d0

Question

I'm trying to use dynamic arrays to store elements but i came across a weird bug. Here's the code that defines my dynamic arrays:

#include "dtab.h"
#include "dbg.h"
#include <stdio.h>

dtab* dtab_create( void ) {

  // Initialise un dtab*
  // avec count = taille = tab = 0
  return calloc(1, sizeof(dtab));
}

void dtab_push(dtab* t, void* value) {

  if(t->taille == 0) { // Le tableau est vide
    t->tab = malloc(sizeof(void*));
    check_mem(t->tab);
    t->tab[0] = value;
    t->taille = 1;
    t->count = 1;
  } else if( t->taille == t->count) { // Le tableau est plein
    t->taille *= 2;
    printf("%zd", t->taille);
    fflush(stdout);
    t->tab = realloc(t->tab, t->taille);
    check_mem(t->tab);
    t->tab[t->count] = value;
    t->count++;
  } else {
    t->tab[t->count] = value;
    t->count++;
  }

error:
  return;
}

I can use such an array but when i try to add a fifth element, so when realloc is called with t->taille == 8, it crashes with the error realloc(): invalid next size: 0x0000000000ad92d0. I've check everything and can't understand why is there this behavior.

Thanks for your help.

The definition of the arrays is:

typedef struct dtab {
  unsigned int count;
  size_t taille;
  void** tab;
} dtab;

Here is the code that is using them:

#include <string.h>
#include "db.h"

int main(int argc, char** argv) {

  dtab* db = dtab_create();
  char* mot;
  unsigned int* pos;
  FILE* file = fopen("test/test", "r");
  unsigned int i = 0;

  mot = malloc(50 * sizeof(char));
  pos = malloc(sizeof(unsigned int));

  while(fscanf(file, "%s", mot) == 1) {
    *pos = ftell(file) - strlen(mot);
    dtab_push(db, mot);
    dtab_push(db, dtab_create());
    dtab_push((dtab*) db->tab[2*i+1], pos);
    mot = malloc(50 * sizeof(char));
    pos = malloc(sizeof(unsigned int));
    i++;
  }

  print_db(fopen("test/db", "w"), db);

  fclose(file);

  return 0;
}

the file "test/test" contains:

one two
three

and valgrind is throwing a lot of errors like thie one:

==24752== Invalid write of size 8
==24752==    at 0x400C4E: dtab_push (dtab.c:26)
==24752==    by 0x4009E1: main (lookup.c:18)
==24752==  Address 0x4c2e4a8 is 6 bytes after a block of size 2 alloc'd
==24752==    at 0x4A083AA: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24752==    by 0x400BCD: dtab_push (dtab.c:24)
==24752==    by 0x4009E1: main (lookup.c:18)
==24752== 
==24752== Invalid read of size 8
==24752==    at 0x4009FB: main (lookup.c:19)
==24752==  Address 0x4c2e4a8 is 6 bytes after a block of size 2 alloc'd
==24752==    at 0x4A083AA: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24752==    by 0x400BCD: dtab_push (dtab.c:24)
==24752==    by 0x4009E1: main (lookup.c:18)
==24752== 

Answer 1

There is memory corruption on your heap. You need to run with some sort of heap checking tool, such as valgrind.