Cocoa mail archive
Strange malloc/free issue inside a category
FROM : Ken Tozier
DATE : Sun Jul 30 19:38:04 2006
Hi
Are there any special considerations to look out for when using
malloc/free inside a category? I wrote a simple category for NSData
that converts it's bytes to a hex string and while the value
conversions work fine, I'm getting strange crashes and error messages
in what seems to be a routine use of malloc/free. Here's the code
@implementation NSData (Hex_Extensions)
- (NSString *) unicharHexStringFromData
{
int slen = [self length],
dLen = slen * sizeof(unichar);
unsigned char *ss = (unsigned char *) [self bytes],
*se = ss + slen,
ch;
unichar *dbuf = (unichar *) malloc (dLen), // if I comment this out
//dbuf[4096], // and use this instead, no crashes or errors
*ds = dbuf;
if (dbuf == NULL)
{
NSLog(@"uh oh dbuf not allocating");
return nil;
}
else
{
while (ss < se)
{
ch = (*ss >> 4);
*ds = (ch < 10) ? 0x30 + ch : 0x57 + ch ;
ds++;
ch = (*ss & 0x0f);
*ds = (ch < 10) ? 0x30 + ch : 0x57 + ch ;
ds++;
ss++;
}
NSString *result = [NSString stringWithCharacters: dbuf length:
dLen];
free(dbuf); // If I comment this out when declaring dbuf[4096] no
problems
return result;
}
}
@end
I do an NSLog on the NSData object in question both before and after
calling this category and it doesn't look like I'm corrupting it,
it's data is identical
Here's the errors I see in the run log:
PMServer X(25207,0xa000cf60) malloc: *** error for object 0x1865600:
incorrect checksum for freed object - object was probably modified
after being freed, break at szone_error to debug
PMServer X(25207,0xa000cf60) malloc: *** set a breakpoint in
szone_error to debug
Or
PMServer X(25236,0x186de00) malloc: *** error for object 0x95c10: Non-
aligned pointer being freed (2)
PMServer X(25236,0x186de00) malloc: *** set a breakpoint in
szone_error to debug
Setting a breakpoint on szone_error doesn't shed much light on the
matter because it breaks at different places every time. The only
semi-consistent thing about the breakpoints is that they are usually
related to something deep in the bowels of the string class. I've
been using malloc/free for years and never run up against this issue
so I'm stumped.
The only thing I can think of is that, although not stated in the
documentation, NSString's stringWithCharacters:length takes posession
of the dbuf pointer behind the scenes. Could there be some sort of
autorelease related stuff happening inside NSString as it manipulates
strings? Or is there some inherent gotcha with malloc/free in a
category.
Any thoughts?
Ken
DATE : Sun Jul 30 19:38:04 2006
Hi
Are there any special considerations to look out for when using
malloc/free inside a category? I wrote a simple category for NSData
that converts it's bytes to a hex string and while the value
conversions work fine, I'm getting strange crashes and error messages
in what seems to be a routine use of malloc/free. Here's the code
@implementation NSData (Hex_Extensions)
- (NSString *) unicharHexStringFromData
{
int slen = [self length],
dLen = slen * sizeof(unichar);
unsigned char *ss = (unsigned char *) [self bytes],
*se = ss + slen,
ch;
unichar *dbuf = (unichar *) malloc (dLen), // if I comment this out
//dbuf[4096], // and use this instead, no crashes or errors
*ds = dbuf;
if (dbuf == NULL)
{
NSLog(@"uh oh dbuf not allocating");
return nil;
}
else
{
while (ss < se)
{
ch = (*ss >> 4);
*ds = (ch < 10) ? 0x30 + ch : 0x57 + ch ;
ds++;
ch = (*ss & 0x0f);
*ds = (ch < 10) ? 0x30 + ch : 0x57 + ch ;
ds++;
ss++;
}
NSString *result = [NSString stringWithCharacters: dbuf length:
dLen];
free(dbuf); // If I comment this out when declaring dbuf[4096] no
problems
return result;
}
}
@end
I do an NSLog on the NSData object in question both before and after
calling this category and it doesn't look like I'm corrupting it,
it's data is identical
Here's the errors I see in the run log:
PMServer X(25207,0xa000cf60) malloc: *** error for object 0x1865600:
incorrect checksum for freed object - object was probably modified
after being freed, break at szone_error to debug
PMServer X(25207,0xa000cf60) malloc: *** set a breakpoint in
szone_error to debug
Or
PMServer X(25236,0x186de00) malloc: *** error for object 0x95c10: Non-
aligned pointer being freed (2)
PMServer X(25236,0x186de00) malloc: *** set a breakpoint in
szone_error to debug
Setting a breakpoint on szone_error doesn't shed much light on the
matter because it breaks at different places every time. The only
semi-consistent thing about the breakpoints is that they are usually
related to something deep in the bowels of the string class. I've
been using malloc/free for years and never run up against this issue
so I'm stumped.
The only thing I can think of is that, although not stated in the
documentation, NSString's stringWithCharacters:length takes posession
of the dbuf pointer behind the scenes. Could there be some sort of
autorelease related stuff happening inside NSString as it manipulates
strings? Or is there some inherent gotcha with malloc/free in a
category.
Any thoughts?
Ken
| Related mails | Author | Date |
|---|---|---|
| Strange malloc/free issue inside a category |
Ken Tozier | Jul 30, 19:38 |
| Re: Strange malloc/free issue inside a category |
Andy Lee | Jul 30, 19:57 |
| Re: Strange malloc/free issue inside a category |
Jakob Olesen | Jul 30, 20:06 |
| Re: Strange malloc/free issue inside a category |
Ken Tozier | Jul 30, 20:09 |
| Re: Strange malloc/free issue inside a category |
Shawn Erickson | Jul 30, 20:25 |
| Re: Strange malloc/free issue inside a category |
Agent M | Jul 31, 03:01 |
| Re: Strange malloc/free issue inside a category |
Ken Tozier | Jul 31, 04:36 |
