Common Memory Errors
Error Types
- A: derefencing a non-pointer
- B: accessing a freed block
- C: freeing a freed block
- D: failing to free memory (memory leak)
- E: no bounds checking (potential buffer overflow)
- F: reading uninitialized memory
- G: referencing nonexistent variable
- H: wrong allocation size
Case 1
char s[8]; int i; gets(s); /* reads "123456789" from stdin */
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 2
int* foo() { int val = 0; return &val; }
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 3
x = (int *) malloc( N * sizeof(int) ); // manipulate x free(x); ... y = (int *) malloc( M * sizeof(int) ); // manipulate y free(x);
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 4
NandMare defined elsewhere (#define)
int **p; p = (int **) malloc( N * sizeof(int) ); for (int i = 0; i < N; i++) { p[i] = (int *) malloc( M * sizeof(int) ); }
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 5
Ais anN×Nmatrix,xis anN-sized vector (so the product is a vector of sizeNNis defined elsewhere (#define)
/* return y = Ax */ int *matvec(int **A, int *x) { int *y = (int *) malloc( N * sizeof(int) ); int i, j; for (i = 0; i < N; i++) for (j = 0; j < N; j++) y[i] += A[i][j] * x[j]; return y; }
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 6
scanfsignature:int scanf(const char *format, ...)
int val; ... scanf("%d", val);
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 7
x = (int *) malloc( N * sizeof(int) ); // manipulate x free(x); ... y = (int *) malloc( M * sizeof(int) ); for (i = 0; i < M; i++) y[i] = x[i]++;
| Error Type | Program Stop Possible? | Fix |
|---|---|---|
Case 8
typedef struct L { int val; struct L *next; } list; void foo() { list *head = (list *) malloc( sizeof(list) ); head->val = 0; head->next = NULL; // create and manipulate the rest of the list ... free(head); return; }
| Error Type | Program Stop Possible? | Fix |
|---|---|---|