@grzesiek51114 trafił w sedno. Ci którzy budują do architektury 32 bitowej błędu nie zauważają. Ty budujesz do architektury 64 bitowej (co widać przez ułamek sekundy na filmiku amd64
).
Czyli rozmiar adresów ma 64 bity, ale int
nadal ma 32 bity, więc koniec końców pierwsza alokacja jest za mała i wykraczasz poza zakres tablicy.
Zamiast posługiwać się typem w sizeof
lepiej używać zmiennej:
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
int **ptr = (int **)malloc(sizeof(*ptr) * 5);
int i = 0;
for(; i < 5; ++i) ptr[i] = (int *)malloc(sizeof(**ptr) * 10);
for(i = 0; i < 5; ++i) free(ptr[i]);
free(ptr);
return 0;
}
Polecam używać Address Sanitizer zamiast valgrinda.
Jest skuteczniejszy, szybszy i daje jaśniejsze raport o błedach.
Przykładowo clang na Mac:
=================================================================
==72999==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000fce0 at pc 0x000104765e56 bp 0x7fff5b49ab40 sp 0x7fff5b49ab38
WRITE of size 8 at 0x60300000fce0 thread T0
#0 0x104765e55 in main test.c:8
#1 0x7fffd04b6234 in start (libdyld.dylib:x86_64+0x5234)
0x60300000fce4 is located 0 bytes to the right of 20-byte region [0x60300000fcd0,0x60300000fce4)
allocated by thread T0 here:
#0 0x1047c118c in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5618c)
#1 0x104765dfa in main test.c:6
#2 0x7fffd04b6234 in start (libdyld.dylib:x86_64+0x5234)
SUMMARY: AddressSanitizer: heap-buffer-overflow test.c:8 in main
Shadow bytes around the buggy address:
0x1c0600001f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0600001f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0600001f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0600001f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0600001f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c0600001f90: fa fa fa fa fa fa fa fa fa fa 00 00[04]fa fa fa
0x1c0600001fa0: 00 00 00 00 fa fa 00 00 01 fa fa fa 00 00 00 fa
0x1c0600001fb0: fa fa fd fd fd fd fa fa fd fd fd fa fa fa 00 00
0x1c0600001fc0: 00 00 fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
0x1c0600001fd0: 00 00 00 00 fa fa fd fd fd fd fa fa fd fd fd fa
0x1c0600001fe0: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==72999==ABORTING
Abort trap: 6