malloc(): memory corruption (fast) [Cant seem to figure this out] on FC5 + G++ 4.1.0

[g35rider]

Hi, I have the following code that is giving this error, I cant
simplify the code, I was just testing some theory for something we are
doing and was getting an issue here. Please someone point out whats
wrong with my code.

class MsgData
{
  char* data;
  int size;

 public:

  MsgData(long l)
    {
      count++;
      size = 0;
      data = NULL;
      operator=(l);
    }

  MsgData(char* d)
    {
      count++;
      size = 0;
      data = NULL;
      if(d)
        {
          size = strlen(d);
          data = new char[size];
          strcpy(data, d);
          printf("MsgData(%s) @%d\n", d, data);
        }
    }

  MsgData(char* d, int s)
    {
      //printf("MsgData(%s, %d)\n", d, s);
      data = NULL;
      count++;
      size = s;
      data = new char[size];
      printf("MsgData(%s, %d) @%d\n", d, s, data);

      if(d)
        {
          memcpy(data, d, size);
          data[size] = 0;
        }
    }

  MsgData()
    {
      //printf("MsgData()\n");
      count++;
      data = NULL;
      size = 0;
    }

  MsgData(const MsgData& m)
    {
      //printf("MsgData(MsgData(%s, %d))\n", m.data, m.size);
      count++;
      data = NULL;
      size = 0;
      copy(m);
    }

  ~MsgData()
    {
      count--;
      printf("~MsgData(%s, %d) @%d [count=%d]\n", data, size, data,
count);
      delete [] data;
      data = NULL;
      //printf("count:%d\n", count);
    }

  MsgData& copy(char* d, int l)
    {
      printf("copy(%s, %d) @%d\n\n", d, l, data);
      MsgData tmp(d, l);
      copy(tmp);
    }

  MsgData& copy(char* d)
    {
      printf("copy(%s) @%d\n\n", d, data);
      return copy(d, strlen(d));
    }

  MsgData& copy(const MsgData& rhd)
    {
      printf("copy(MsgData(%s, %d))\n\n", rhd.data, rhd.size);
      if(data)
        {
          delete [] data;
          data = NULL;
          size = 0;
        }

      if(rhd.size)
        {
          size = rhd.size;
          data = new char[size];
          memcpy(data, rhd.data, size);
          data[size] = 0;
        }

      return *this;
    }

  MsgData& operator=(long l)
    {
      //printf("operator=(%l)\n", l);
      char tmp[16];
      sprintf(tmp, "%d", l);
      return copy(tmp);
    }

  MsgData& operator=(char* rhd)
    {
      printf("operator=(%s)\n\n", rhd);
      if(!rhd)
        return *this;

      MsgData tmp(rhd);
      return copy(tmp);
    }

  MsgData& operator=(MsgData rhd)
    {
      printf("operator=(MsgData(%s, %d)) @%d\n\n", rhd.data, rhd.size,
data);
      return copy(rhd);
    }

  MsgData operator+(MsgData& rhd)
    {
      printf("operator+(MsgData(%s, %d) @%d\n\n", rhd.data, rhd.size,
data);
      MsgData msg;
      msg.append(*this);
      msg.append(rhd);
      printf("newly created append: %s\n", msg.tostr());
      return msg;
    }

  MsgData& append(char* rhd)
    {
      MsgData msg(rhd);
      return append(msg);
    }

  MsgData& append(MsgData& rhd)
    {
      if(data && size)
        {
          if(rhd.data && rhd.size)
            {
              char* tmp = data;
              data = new char[size+rhd.size];
              memcpy(data, tmp, size);
              memcpy(data+size, rhd.data, rhd.size);
              size +=rhd.size;
              data[size] = 0;
              delete [] tmp;
              tmp = NULL;
            }
          return *this;
        }

      if(rhd.data && rhd.size)
        {
          return copy(rhd);
        }

      return *this;
    }

  MsgData operator+(char* str)
    {
      /*char* tmp = data;
      data = new char[size + strlen(str)];
      if(data)
        memcpy(data, tmp, size);
      memcpy(data+size, str, strlen(str));
      size += strlen(str);
      delete [] tmp;
      return *this;*/

      /*printf("operator+(%s) to %s\n", str, data);
      MsgData tmp(0, size+strlen(str));
      if(data)
        sprintf(tmp.tostr(), "%s%s", data, str);
      else
        strcpy(tmp.tostr(), str);
      return tmp;*/

      printf("operator+(%s)\n\n", str);
      MsgData msg(str);
      return operator+(msg);
    }

  char operator[](int index)
  {
    //printf("operator[%d]\n", index);
    if(data && (index >=0 && index < size))
      return data[index];

    return 0;
  }

  bool operator==(char* rhd)
  {
    MsgData tmp(rhd);
    return operator==(tmp);
  }

  bool operator==(MsgData& rhd)
  {
    if(!data || !rhd.data)
      return false;

    if(size != rhd.size)
      return false;

    if(!strncmp(data, rhd.data, size))
      return true;

    return false;
  }

  char*& tostr()
    {
      //printf("tostr()\n");
      return data;
    }
};

And now the driver code which is giving me the issue

int main()
{
  MsgData m1, m2, m3, m4, m5;
  m1 = "m1";
  m2 = "m2";
  m3 = "m3";

  m4 = m4 + m1 + "123";
  //m4 = m4 + m1 + m2 + m3 + "123" + "1";
  printf("%s = %d----------------------------------------%d\n",
m4.tostr(), 0,0);
  m4 =  m4 + m1 + "123";
  printf("%s = %d----------------------------------------%d\n",
m4.tostr(), 1,1);
  m4 = m4 + " " + m1 + "123";
  m4 = m4 + " " + m1 + "123";
  m4 = m4 + " " + m1 + "123";
  printf("%s = %d----------------------------------------%d\n",
m4.tostr(), 2,2);


  printf("m4=%s\n", m4.tostr());
}

or if I change those m4 lines to then it again core dumps but if i
comment the 2nd line " m4 = m4 + m1 + "123"; " it works??

  m4 = m4 + m1 + m2 + m3 + "123" + "1";
  printf("%s = %d----------------------------------------%d\n",
m4.tostr(), 0,0);
  m4 =  m4 + m1 + "123";
  printf("%s = %d----------------------------------------%d\n",
m4.tostr(), 1,1);
  m4 = m4 + " " + m1 + "123";
  printf("%s = %d----------------------------------------%d\n",
m4.tostr(), 2,2);

I will get the same problem...I cant seem to figure whats the
difference in doing this over and over again.

Please someone help! I just cant seem to figure this out.

Thanks

Ankur

 

[trm]

Hi, I have the following code that is giving this error, I cant
simplify the code, I was just testing some theory for something we are
doing and was getting an issue here. Please someone point out whats
wrong with my code.

class MsgData
{
char* data;
int size;

public:

MsgData(long l)
{
count++;[/QUOTE]

'count' has not been defined anywhere.
[QUOTE]
size = 0;
data = NULL;[/QUOTE]

It's better to use initializer lists for this.
[QUOTE]
operator=(l);
}[/QUOTE]

Without looking to see what operator=() actually does, I will say
that it's an unclear way of writing this. Better would be to use a
private helper function, which both MsgData() and operator=() can
call internally.
[QUOTE]
MsgData(char* d)[/QUOTE]

This should probably be (const char *d), unless you intend to
modify whatever d points to.
[QUOTE]
{
count++;
size = 0;
data = NULL;[/QUOTE]

Same comments as previously.
[QUOTE]
if(d)
{
size = strlen(d);[/QUOTE]

You have a signedness mismatch and a possible size mismatch here.
[QUOTE]
data = new char[size];[/QUOTE]

You probably meant: new char[size + 1]...
[QUOTE]
strcpy(data, d);[/QUOTE]

....yes, that's what you meant. The line above has just corrupted
some memory somewhere.
[QUOTE]
printf("MsgData(%s) @%d\n", d, data);[/QUOTE]

Undefined behaviour. Use %p, not %d, to printf() pointers.
[QUOTE]
}
}[/QUOTE]

[Lots of similar quality code snipped.]
[QUOTE]
Please someone help! I just cant seem to figure this out.[/QUOTE]

I suggest that you study a C++ textbook, and start out with basic
(that is, short and uncomplicated) exercises. You are trying to do
too many things at once here. You're also using mainly C idioms
in place of conceptually simpler C++ idioms. It also appears that
you're using a pre-standard compiler, which will limit the usefulness
of any advice you receive here.

 

[Ron Natalie]

Hi, I have the following code that is giving this error, I cant
simplify the code, I was just testing some theory for something we are
doing and was getting an issue here. Please someone point out whats
wrong with my code.

class MsgData
{
char* data;
int size;
[/QUOTE]
If you just declared this as
	std::string data;

You'd avoid having to mismanipulate string data (and possibly
even writing your own bug-ridden copy constructor, assignment
op, and destructors).