Malloc struct in one thread, free in another => SEGV

Christopher Taylor chtaylo3@gmail.com
Fri Jul 18 22:18:00 GMT 2008


This is probably a pebkac issue and the workaround is obvious and
works but I'm curious why this doesn't?

The code below segv's at the indicated free.

Seems to me that malloc would keep track of an address and a size and
what I do with those and what structures that I populate that space
?should be? irrelvant to malloc/free.  Either that's not the case or
(more likely) I'm doing something that's out in left field.

The code below is a simplicicaton of what I've built on my debian etch machine:
gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
libc6-dev  2.3.6.ds1-13etch5  GNU C Library: Development Libraries and
Header Files
NPTL 2.3.6


If I free the memory in the thread it was created everything works.
If instead of passing a prt to a struct, I pass an int .. everything works.
If I malloc the memory in chunks instead of all at once (the obvious
workaround mentioned above) ... everything works


Does anyone have any ideas?


Thanx for any assistance!
-Chris



typedef struct {

  char *buffers;
  int   *amoutUsedPerBuffer;
  int    numBuffers;

} Thread_Response_t;

void*
workerThread(void* arg)
{

  Thread_Response_t *tr = (Thread_Response_t*)malloc(
sizeof(Thread_Response_t) + //space for the struct
    (sizeof(char) * MAX_NUM_BUFFERS * MAX_BUFFER_SIZE) + //space for the buffers
    (sizeof(int) * MAX_NUM_BUFFERS)); //space for the int array

  //do some stuff inclusing filling up the buffers

  pthread_exit((void*)tr);

}

int
main (int argc, char **argv)
{

  Thread_Response_t *tr;
  pthread_t wtid;

  pthread_create(&wtid, NULL);
  pthread_join(wtid, &tr);

  //printf some stuff out

  free((void*)tr);   //<=== segv here

  return 0;

}



More information about the Libc-help mailing list