Malloc struct in one thread, free in another => SEGV

Christopher Taylor
Fri Jul 18 22:18:00 GMT 2008

This is probably a pebkac issue and the workaround is obvious and
works but I'm curious why this doesn't?

The code below segv's at the indicated free.

Seems to me that malloc would keep track of an address and a size and
what I do with those and what structures that I populate that space
?should be? irrelvant to malloc/free.  Either that's not the case or
(more likely) I'm doing something that's out in left field.

The code below is a simplicicaton of what I've built on my debian etch machine:
gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
libc6-dev  2.3.6.ds1-13etch5  GNU C Library: Development Libraries and
Header Files
NPTL 2.3.6

If I free the memory in the thread it was created everything works.
If instead of passing a prt to a struct, I pass an int .. everything works.
If I malloc the memory in chunks instead of all at once (the obvious
workaround mentioned above) ... everything works

Does anyone have any ideas?

Thanx for any assistance!

typedef struct {

  char *buffers;
  int   *amoutUsedPerBuffer;
  int    numBuffers;

} Thread_Response_t;

workerThread(void* arg)

  Thread_Response_t *tr = (Thread_Response_t*)malloc(
sizeof(Thread_Response_t) + //space for the struct
    (sizeof(char) * MAX_NUM_BUFFERS * MAX_BUFFER_SIZE) + //space for the buffers
    (sizeof(int) * MAX_NUM_BUFFERS)); //space for the int array

  //do some stuff inclusing filling up the buffers



main (int argc, char **argv)

  Thread_Response_t *tr;
  pthread_t wtid;

  pthread_create(&wtid, NULL);
  pthread_join(wtid, &tr);

  //printf some stuff out

  free((void*)tr);   //<=== segv here

  return 0;


More information about the Libc-help mailing list