C malloc assertion help

Question

I am implementing a divide and conquer polynomial algorithm so i can bench it against an opencl implementation, but i can't seem to get malloc to work. When I run the program it allocates a bunch of stuff, checks some things, then sends the size/2 to the algorithm. Then when I hit the malloc line again it spits out this:

malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed. Aborted

The line in question is:

int *mult(int size, int *a, int *b) {
    int *out,i, j, *tmp1, *tmp2, *tmp3, *tmpa1, *tmpa2, *tmpb1, *tmpb2,d, *res1, *res2;
    fprintf(stdout, "size: %d\n", size);
    out = (int *)malloc(sizeof(int) * size * 2); 

I have checked size with fprintf and it is a positive int (usually 50 at that point). I have tried calling malloc with a plain number as well and i still get the error. I'm just stumped at what's going on, and nothing from google that I have found so far has been too helpful.

Any ideas what's going on? I'm trying to figure out how to compile a newer GCC in case it's a compiler error, but i really doubt it.

Answer 1

99.9% likely that you have corrupted memory (over- or under-flowed a buffer, wrote to a pointer after it was freed, called free twice on the same pointer, etc.)

Run your code under Valgrind to see where your program did something incorrect.

Answer 2

You are probably overrunning beyond the allocated mem somewhere. then the underlying sw doesn't pick up on it until you call malloc

There may be a guard value clobbered that is being caught by malloc.

edit...added this for bounds checking help

http://www.lrde.epita.fr/~akim/ccmp/doc/bounds-checking.html

Answer 3

I've been dealing with this assertion for some days now. It only happens when I compile my program in debug. In my case, the assertion happens after a fixed number of calls to malloc() for various allocation sizes i.e. the assertion can be reproduced 100% and identically.

As a test, I incremented every allocation size with a constant value of 80, like this:

ad = malloc(size);

... became ...

ad = malloc(size + 80);

Interestingly, the assertion now pops up at another point, but it is still 100% reproducible.

I believe it's a bug in the assertion itself. Looking at it, the assertion is so utterly complex it wouldn't surprise me it's wrong. Why didn't they split it up anyway?

Cheers