为什么在创建 pthread 时会出现分段错误？

Question

我正在用 C 语言运行一个程序，但我遇到了分段错误。 在运行 Valgrind 以了解我得到的错误之后：

==7905== Process terminating with default action of signal 11 (SIGSEGV)
==7905==  Access not within mapped region at address 0x4
==7905==    at 0x8049A65: agregar_nuevo_segmento_al_proceso (msp.c:597)
==7905==    by 0x804990E: cargar_segmento_en_estructuras (msp.c:536)
==7905==    by 0x80498B4: CrearSegmento (msp.c:345)
==7905==    by 0x8049313: comunicacionConMSP (msp.c:161)
==7905==    by 0x804924B: escuchar_kernel (msp.c:135)
==7905==    by 0x8049592: conexion_nueva (msp.c:242)
==7905==    by 0x404AD4B: start_thread (pthread_create.c:308)
==7905==    by 0x4182D3D: clone (clone.S:130)
==7905==  If you believe this happened as a result of a stack
==7905==  overflow in your program's main thread (unlikely but
==7905==  possible), you can try to increase the size of the
==7905==  main thread stack using the --main-stacksize= flag.
==7905==  The main thread stack size used in this run was 8388608.
==7905== 

如您所见，错误从函数克隆开始，所以我在那里寻找错误，但我不知道为什么会发生。

int main(int argc, char *argv[]) {
    logger = log_create("Log.txt", "MSP", false, LOG_LEVEL_DEBUG);
    //int resultado = GenerarEStructurasAdministrativas();

    LeerArchivoCfg(argv[1]);
    GenerarEstructurasAdministrativas(cantidad_memoria,cantidad_swap);

    pthread_t th1;
    pthread_t conexiones[BACKLOG];
    int cant_conexiones = 0;
    memoria = malloc(cantidad_memoria);

    //Creo hilo para escuchar la consola de la msp
    pthread_create(&th1, NULL, (void *) consola, NULL );
    log_error(logger, "Se ha creado el hilo para atender la consola de la MSP");

    int yes = 1;
    int sock = 0;
    int newsock = 0;
    struct sockaddr_in my_addr;
    struct sockaddr_in their_addr;
    socklen_t sin_size;

    my_addr.sin_family = AF_INET;
    my_addr.sin_port = htons(puerto);
    my_addr.sin_addr.s_addr = INADDR_ANY;
    memset(&(my_addr.sin_zero), 0, 8);

    //creo el socket
    if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
        log_error(logger, "Error al abrir el socket");
        close(sock);
        exit(1);
    }
    if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) {
        log_error(logger, "Error en setsockopt.");
        close(sock);
        exit(1);

    }
    if (bind(sock, (struct sockaddr *) &my_addr, sizeof(struct sockaddr))
            == -1) {
        log_error(logger, "Error en funcion bind");
        close(sock);
        exit(1);
    }

    if (listen(sock, BACKLOG) == -1) {
        log_error(logger, "Error en funcion listen");
        close(sock);
        exit(1);
    }

    //acepto la conexión y creo un nuevo hilo que atienda dicha conexion
    while (1) {
        sin_size = sizeof(struct sockaddr_in);
        if ((newsock = accept(sock, (struct sockaddr *) &their_addr, &sin_size))
                == -1) {
            log_error(logger, "Error en accept.");
            continue;
        }
        int p = pthread_create(&conexiones[cant_conexiones], NULL,
                (void *) conexion_nueva, (void *) &newsock);
        cant_conexiones++;
        log_info(logger,p);
    }
    pthread_join(th1, NULL );

    log_destroy(logger);
    free(memoria);
    close(sock);
    return 0;
}

Answer 1

一个原因可能是您正在写入超出conexiones 数组末尾的内存。也就是说，conexiones 中只有 BACKLOG 项的空间，但是您的 while(1) 循环继续无限期地递增cant_conexiones，直到您作为 pthread_create 的第一个参数传递的指针超过数组的末尾，然后当pthread_create 尝试写入它，发生未定义的行为（和崩溃）。

另一个原因是 msp.c 第 597 行的代码（在 agregar_nuevo_segmento_al_proceso 函数内）试图取消引用 NULL 指针（具有 4 字节偏移量）。由于没有发布该代码，我无法说明原因，但这就是堆栈跟踪顶部告诉您的内容。