segmantation Fault and understanding of pointers

segmantation Fault and understanding of pointers

Post by Bastian Trompette » Wed, 13 Dec 2000 18:16:29



Hello, in this following code  I get a segmantation fault on some
machines, not on all. The segmentation fault occures after the third
itereation of the do - while loop during a new rallocation of
ifc.ifc_req pointer.

Another thing I didn't understand ist the first define IFRSIZE. I
understand that it returns the size of the structure ifreq. In the first
loop it returns 64. In the second loop it returns 128. Why did this
define return different sizes? ifreq is a system variable with always
the same size, or is this not correct?

Thanks for help


regards

B. Trompetter

#define IFRSIZE   ((int)(size * sizeof (struct ifreq)))
#define inaddrr(x) (*(struct in_addr *) &ifr->x[sizeof sa.sin_port])

char * CheckSubnet ( unsigned long ulHost ){
  int                 sockfd, size  = 1, iAnz = 0, idummy;
 struct ifreq_all  ifreq_a;
   struct ifreq        *ifr, *ifrtemp;
   struct ifconf       ifc;
   struct sockaddr_in  sa;
   unsigned long  ulDMS, ulAddrMask;

 if (0 > (sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP))) {
  fprintf(stderr, "Cannot open socket.\n");
      exit(EXIT_FAILURE);
   }

   ifc.ifc_len = IFRSIZE;
   ifc.ifc_req = NULL;

   do {
    ++size;
      /* realloc buffer size until no overflow occurs  */
      if (NULL == (ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE))) {
        fprintf(stderr, "Out of memory.\n");
        exit(EXIT_FAILURE);
      }
      ifc.ifc_len = IFRSIZE;
      if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
   fprintf(stderr, "ioctl (SIOCGIFCONF): %s\n",strerror(errno));
   close (sockfd);
   free (ifc.ifc_req);
        return (NULL);
      }
      idummy = IFRSIZE;
   } while  (IFRSIZE <= ifc.ifc_len);

 
 
 

segmantation Fault and understanding of pointers

Post by Martin Jos » Wed, 13 Dec 2000 23:50:22



> Hello, in this following code  I get a segmantation fault on some
> machines, not on all. The segmentation fault occures after the third
> itereation of the do - while loop during a new rallocation of
> ifc.ifc_req pointer.

> Another thing I didn't understand ist the first define IFRSIZE. I
> understand that it returns the size of the structure ifreq. In the first
> loop it returns 64. In the second loop it returns 128. Why did this
> define return different sizes? ifreq is a system variable with always
> the same size, or is this not correct?
> #define IFRSIZE   ((int)(size * sizeof (struct ifreq)))

Horrors ! IFRSIZE is dependent on size, which is a var. in your code
(see below)
This explains, why its value changed.
(It serves you right, that you got confused by this !)
If you really want to do such things in a macro, pass the var. as
argument.

Quote:>    do {
>     ++size;

see above

Quote:>       /* realloc buffer size until no overflow occurs  */
>       if (NULL == (ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE))) {
[...]
>    free (ifc.ifc_req);

Here you free the pointer which you use (next time through the loop)
for realloc()
Your just lucky, that it SIGSEVs not the second time in the loop.

[...]

Quote:>    } while  (IFRSIZE <= ifc.ifc_len);

Maybe a C-textbook (or the FAQ) would be good to read ?!

HTH

Martin

 
 
 

segmantation Fault and understanding of pointers

Post by Floyd Davidso » Thu, 14 Dec 2000 02:40:21




>>    free (ifc.ifc_req);

>Here you free the pointer which you use (next time through the loop)
>for realloc()
>Your just lucky, that it SIGSEVs not the second time in the loop.

>[...]
>>    } while  (IFRSIZE <= ifc.ifc_len);

>Maybe a C-textbook (or the FAQ) would be good to read ?!

Clearly the call to free() is NOT going to be used in any future
iteration of the while loop, much less seg fault in the call to
realloc().  Here it is again, with the context restored:

Quote:>>     if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
>>  fprintf(stderr, "ioctl (SIOCGIFCONF): %s\n",strerror(errno));
>>  close (sockfd);
>>  free (ifc.ifc_req);
>>       return (NULL);
>>     }

Reformatted for easier reading:

  if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
    fprintf(stderr, "ioctl (SIOCGIFCONF): %s\n",strerror(errno));
    close(sockfd);
    free(ifc.ifc_req);
    return NULL;
  }

The only obvious problem I could see is that on some systems the
SIOCGIFCONF ioctl system call will not truncate data being written
to the ifc.ifc_ifr buffer, but instead will return an error and
set errno to EINVAL.  That will result in functional failure of
the code, but not in a seg fault.

--
Floyd L. Davidson         <http://www.ptialaska.net/~floyd>

 
 
 

segmantation Fault and understanding of pointers

Post by Bastian Trompette » Fri, 15 Dec 2000 00:02:13



> Reformatted for easier reading:

>   if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
>     fprintf(stderr, "ioctl (SIOCGIFCONF): %s\n",strerror(errno));
>     close(sockfd);
>     free(ifc.ifc_req);
>     return NULL;
>   }

> The only obvious problem I could see is that on some systems the
> SIOCGIFCONF ioctl system call will not truncate data being written
> to the ifc.ifc_ifr buffer, but instead will return an error and
> set errno to EINVAL.  That will result in functional failure of
> the code, but not in a seg fault.

BT_> The ioctl call did work. It only gets a segmentation fault on a
system with two network interfaces. I don't know why.

regards

Bastian Trompetter

 
 
 

segmantation Fault and understanding of pointers

Post by Floyd Davidso » Fri, 15 Dec 2000 02:06:28



>BT_> The ioctl call did work. It only gets a segmentation fault on a
>system with two network interfaces. I don't know why.

>regards

>Bastian Trompetter

Here is a short program that does essentially the same thing as
the interesting part of your program, except that it prints out
some information as it goes along.  I'd be interested in what
happens when you compile and run it.  I tested this on a Linux
box, so your system might be different in ways such as which
headers are required.  If you can indicate any changes needed to
allow it to compile and run on your system it will help.  Also
if you can cut and paste the results into an article (rather
than trying to re-type them) and post it, it might help to
figure out what your system is doing.

If this program does not seg fault in the same way as your
program there are several possible reasons.  One is that what
you actually are compiling might be different than the code you
posted if that was retyped as opposed to inserted from the
original by cut and paste or something similar.  Another might
be that malloc's tables may have been munged by previous
operations that are not part of the code you posted, but which
result in calls to realloc() crashing.  Buffer overruns or
uninitialized pointers are common causes for such corruption.

  Floyd

--
Floyd L. Davidson         <http://www.ptialaska.net/~floyd>

 
 
 

segmantation Fault and understanding of pointers

Post by Floyd Davidso » Fri, 15 Dec 2000 02:41:51




>>BT_> The ioctl call did work. It only gets a segmentation fault on a
>>system with two network interfaces. I don't know why.

>>regards

>>Bastian Trompetter

>Here is a short program that does essentially the same thing as
>the interesting part of your program, except that it prints out
>some information as it goes along.  I'd be interested in what
>happens when you compile and run it.  I tested this on a Linux
>box, so your system might be different in ways such as which
>headers are required.  If you can indicate any changes needed to
>allow it to compile and run on your system it will help.  Also
>if you can cut and paste the results into an article (rather
>than trying to re-type them) and post it, it might help to
>figure out what your system is doing.

>If this program does not seg fault in the same way as your
>program there are several possible reasons.  One is that what
>you actually are compiling might be different than the code you
>posted if that was retyped as opposed to inserted from the
>original by cut and paste or something similar.  Another might
>be that malloc's tables may have been munged by previous
>operations that are not part of the code you posted, but which
>result in calls to realloc() crashing.  Buffer overruns or
>uninitialized pointers are common causes for such corruption.

>  Floyd

I guess it's better if I actually include the program, eh?? :-)

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <net/if_arp.h>
#include <arpa/inet.h>

#define inaddrr(x) (*(struct in_addr *) &ifr->x[sizeof sa.sin_port])
#define IFRSIZE   ((int)(size * sizeof (struct ifreq)))

int main(void)
{
  int           sockfd;
  int           size  = 1;
  struct ifconf ifc;

  if (0 > (sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP))) {
          fprintf(stderr, "Cannot open socket.\n");
    exit(EXIT_FAILURE);
  }

  ifc.ifc_len = IFRSIZE;
  ifc.ifc_req = NULL;

  do {
    fprintf(stderr, "Iteration %d\n", size);
    ++size;
    fprintf(stderr, "buffer size to be realloc'd:  %4d at %p\n",
           IFRSIZE, ifc.ifc_req);
    if (NULL == (ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE))) {
      fprintf(stderr, "Out of memory.\n");
      exit(EXIT_FAILURE);
    }
    ifc.ifc_len = IFRSIZE;
    fprintf(stderr, "buffer size after realloc:    %4d at %p\n",
           ifc.ifc_len, ifc.ifc_req);
    if (ioctl(sockfd, SIOCGIFCONF, &ifc)) {
      perror("ioctl SIOCFIFCONF");
      exit(EXIT_FAILURE);
    }
    fprintf(stderr, "buffer size after ioctl:      %4d at %p\n\n",
           ifc.ifc_len, ifc.ifc_req);
  } while  (IFRSIZE <= ifc.ifc_len);

  close(sockfd);
  return EXIT_SUCCESS;

Quote:}

--
Floyd L. Davidson         <http://www.ptialaska.net/~floyd>

 
 
 

1. Pointer to a pointer - Trying to understand...

Hi there,

I have an application (FreeBSD) that gets the mounted filesystem
information and stores it in a struct statfs*;

So in my main {} I have the following :

int fscount = 0;
struct statfs* mounted_fs;
fs_count = get_mount_info (&mounted_fs);

Then in mountinfo.c I have the following function :

int get_mount_info (struct statfs** mounted_fs)
{
        return(getmntinfo (mounted_fs, 0));

So mounted_fs is a pointer to a struct based on statfs in main. In
get_mount_info it is a pointer to a pointer.
And I am passing the address of the pointer to get_mount_info.

Is this correct so far ?

Now from what I understand of getmntinfo (man 3 getmntinfo) it returns
an array of statfs() structures (not strictly speaking true - on
success it returns the number of mounted filesystems - it actually
stores the filesystem information in the struct that you pass it).

Now according to my (possibly flawed) reasoning, I am creating a
pointer to a structure in main. And I am passing the address of that
pointer to get_mount_info which treats it as a pointer to a
pointer. How does that work and why?

getmntinfo stores an array of structs inside this pointer to a
pointer. In other words it stores this array in the struct pointed to
by the mounted_fs in main. Is this correct ?

So how does the array come into being? How is memory for this array
of statfs structures allocated?

Sorry for the dumb :)

--
- Wayne Pascoe
                                 | I laugh in the face of danger...

http://www.penguinpowered.org.uk |

2. http works, ftp & telnet dont - going out of my mind!!!

3. pthreads, GDB, Segmantation fault

4. Linux - SuSE Installation

5. Segmantation fault with multithreading

6. PCI Mach 64 card, How do I get 1280x1024?

7. Segmantation fault(core dumped)

8. 1000 Mbit ethernet on F50?

9. How to fix segmantation fault and broken pipes?

10. segmantation fault

11. : segmantation fault in XtString()

12. error message: UNRESOLVE, need pointer to understand it

13. Pointer to understanding shared mem