[問題] 請問malloc與指標crash問題

看板C_and_CPP (C/C++)作者 (我還存在耶)時間3年前 (2021/08/11 10:07), 編輯推噓5(505)
留言10則, 6人參與, 最新討論串1/1
請教一下 我要將test.bin讀出後寫入node, load_bin_compare_name用malloc分配大小,然後用fread存在fwbin(全域變數), 在combin_binary_upgrade準備寫入剛讀出的binary,但會發生crash,後來我把底下mark掉又不會crash write(fd, write_string, counts); //crash 點 或是我把DEBUG_PRINT打開然後把上面crash先mark掉,又可以正確印出整個test.bin內容,沒有crash. 請教一下我使用p_arr指到fwbin,然後每次累加p_arr的offset(2048 byte)依序寫入節點,是哪邊有問題? 非常感謝 code:(簡列出) static char *fwbin; unsigned char fw_upgrade(unsigned char type) { unsigned char u8_ret; unsigned int u32_len = 0; u32_len = load_bin_compare_name("test.bin"); combin_binary_upgrade(u8_type, u32_len); return u8_ret; } void combin_binary_upgrade(unsigned char u8_type, unsigned int u32_len) { int fd, ret = 0, i = 0, loops = 0, leftcount = 0, counts = 0; char write_string[2048], cmd_buf[20], str_sys_cmd_path[200]; unsigned char u8_cmd, u8_ret = SUCCESS; int j = 0; char *p_arr = NULL; memset(cmd_buf, 0, sizeof(cmd_buf)); memset(str_sys_cmd_path, 0, sizeof(str_sys_cmd_path)); sprintf(str_sys_cmd_path, "%s%s", g_sysfs_location, "/receive_binary_node"); p_arr = fwbin; fd = open_node(str_sys_cmd_path); if (fd < 0) { printf("open_node fail!\n"); return -1; } else printf("open_node pass\n");//有印出 sprintf(cmd_buf, "%x,%x,%x", u8_cmd, u8_type, u32_len); write(fd, cmd_buf, sizeof(cmd_buf)); loops = u32_len / 2048; leftcount = u32_len % 2048; for (i = 0; i <= loops; i++) { if (i == loops) counts = leftcount; else counts = FW_WRITE_SIZE; memset(write_string, 0, sizeof(write_string)); memcpy(write_string, p_arr, counts); write(fd, write_string, counts); //造成crash #if DEBUG_PRINT for (j = 1; j <= counts; j++) { printf("%5x ", write_string[j - 1]); if (j % 16 == 0) printf("\n"); } #endif p_arr += counts; } free(fwbin); close(fd); } unsigned int load_bin_compare_name(char *filename) { FILE *pFile; unsigned long lSize; size_t result; int len = 0, ret = 0, i = 0, checkfile_num = 0, burn = 0; char burnfilename[100], *value, fwpath[100]; memset(burnfilename, 0, 100*sizeof(char)); len = strlen(g_path); if (g_path[len - 1] != '/') strcat(g_path, "/"); sprintf(fwpath, "%s%s", g_path, burnfilename); pFile = fopen(fwpath, "rb"); if (pFile == NULL) { printf("[touch] fopen %s error, please check your files or path\n",fwpath); exit(1); } fseek(pFile , 0 , SEEK_END); lSize = ftell(pFile); rewind(pFile); fwbin = (char *) malloc(sizeof(char) * lSize); if (fwbin == NULL) { printf("[touch] fwbin malloc fail\n"); } result = fread(fwbin, 1, lSize, pFile); if (result != lSize) { printf("[touch]fread error, result=%d, lSize=%ld\n", result, lSize); } fclose(pFile); return lSize; } crash log: [ 22.864884] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 22.878321] pgd = db524000 [ 22.880921] [00000000] *pgd=00000000 [ 22.884404] Internal error: Oops: 805 [#1] PREEMPT SMP ARM [ 22.889769] Modules linked in: drmboot(P) mali_kbase [ 22.894634] CPU: 0 PID: 1371 Comm: raydium_selftes Tainted: P 3.10.0 #3439 [ 22.902392] task: dc1bc980 ti: db4c4000 task.ti: db4c4000 [ 22.907684] PC is at memcpy+0x50/0x330 [ 22.911345] LR is at 0x0 ----- Sent from JPTT on my Asus ASUS_Z012DA. -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 180.217.33.85 (臺灣) ※ 文章網址: https://www.ptt.cc/bbs/C_and_CPP/M.1628647653.A.7B8.html

08/11 11:31, 3年前 , 1F
memcpy(write_string, p_arr, counts); p_arr==null ?
08/11 11:31, 1F

08/11 11:32, 3年前 , 2F
抱歉 忽視上面註解
08/11 11:32, 2F

08/11 13:07, 3年前 , 3F
FW_WRITE_SIZE是多少呢
08/11 13:07, 3F

08/11 19:56, 3年前 , 4F
2048大小
08/11 19:56, 4F

08/12 02:55, 3年前 , 5F
i==0時crash,還是i==loops時crash
08/12 02:55, 5F

08/12 02:56, 3年前 , 6F
leftcount會等於0嗎
08/12 02:56, 6F

08/12 22:18, 3年前 , 7F
試著檢查write的回傳值?
08/12 22:18, 7F

08/26 19:18, , 8F
跟CJacky想的一樣 如果u32_len剛好是2048倍數(最後一次l
08/26 19:18, 8F

08/26 19:18, , 9F
eftcount為0)看起來會crash
08/26 19:18, 9F

09/17 09:47, , 10F
log 已經告訴你了,看一下 pc在哪就知道了
09/17 09:47, 10F
文章代碼(AID): #1X4p3bUu (C_and_CPP)
文章代碼(AID): #1X4p3bUu (C_and_CPP)