Why realloc of char** gives Address is 0 bytes after alloc'd

Question

I have the following code:

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
  char* filename = "file_prefix.txt";
  FILE* file_prefix = fopen(filename, "r");

  char buff[1024];
  int i = 0;
  char** prefix = NULL;

  char c = fscanf(file_prefix, "%s", buff);
  while ( EOF != c )
  {
    printf("%d : %s\n", i, buff);
    char** temp  = realloc(prefix, sizeof(char*) * (i+1));
    temp[i] = malloc( (sizeof(char) * strlen(buff)) + 1);
    strcpy(temp[i], buff );
    prefix = temp;
    memset(buff, 0, sizeof(buff));
    c = fscanf(file_prefix, "%s", buff);
    ++i;
  } 

  int x = 0;
  for (;x < i; ++x) {
    printf("%s\n", prefix[i]);
  }
  free(prefix);

  fclose(file_prefix);
  return 0;
}

Assuming file_prefix.txt exists I get the following with valgrind:

==7322== Memcheck, a memory error detector
==7322== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==7322== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==7322== Command: ./main
==7322== 
0 : pdf
1 : txt
==7322== Invalid read of size 8
==7322==    at 0x400A6D: main (main.c:29)
==7322==  Address 0x51fc370 is 0 bytes after a block of size 16 alloc'd
==7322==    at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7322==    by 0x400976: main (main.c:18)
==7322== 
==7322== Invalid read of size 1
==7322==    at 0x4C2E0E2: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7322==    by 0x4EA6E3B: puts (ioputs.c:36)
==7322==    by 0x400A77: main (main.c:29)
==7322==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7322== 
==7322== 
==7322== Process terminating with default action of signal 11 (SIGSEGV)
==7322==  Access not within mapped region at address 0x0
==7322==    at 0x4C2E0E2: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7322==    by 0x4EA6E3B: puts (ioputs.c:36)
==7322==    by 0x400A77: main (main.c:29)
==7322==  If you believe this happened as a result of a stack
==7322==  overflow in your program's main thread (unlikely but
==7322==  possible), you can try to increase the size of the
==7322==  main thread stack using the --main-stacksize= flag.
==7322==  The main thread stack size used in this run was 8388608.
==7322== 
==7322== HEAP SUMMARY:
==7322==     in use at exit: 592 bytes in 4 blocks
==7322==   total heap usage: 5 allocs, 1 frees, 600 bytes allocated
==7322== 
==7322== LEAK SUMMARY:
==7322==    definitely lost: 0 bytes in 0 blocks
==7322==    indirectly lost: 0 bytes in 0 blocks
==7322==      possibly lost: 0 bytes in 0 blocks
==7322==    still reachable: 592 bytes in 4 blocks
==7322==         suppressed: 0 bytes in 0 blocks
==7322== Reachable blocks (those to which a pointer was found) are not shown.
==7322== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==7322== 
==7322== For counts of detected and suppressed errors, rerun with: -v
==7322== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
[1]    7322 segmentation fault (core dumped)  valgrind --leak-check=full ./main

What is the problem with:

char** temp  = realloc(prefix, sizeof(char*) * (i+1));

??

Answer 1

fscanf does not return EOF, it returns the number of input items assigned (man fscanf). For your purposes, you need to check

 while ( c == 1 )
   ...

However, that in itself does not cause the segfault! It is caused by attempting to print prefix[i] (repeatedly), which is not set to a correct value. You probably meant to print prefix[x] instead:

for (;x < i; ++x) {
  printf("%s\n", prefix[x]);
}

With these two corrections, your program runs without an error.

Answer 2

• fscanf returns int so you should have:

  int c = fscanf(file_prefix, "%s", buff);

  Since char is the only type that can be signed or unsigned depending on implementation, your code actually might not be able to detect EOF condition. If scanf returns EOF(-1) and it is assigned to unsigned char c you will get 255. Condition in while(c!=EOF){...} loop will always be true.

• fscanf can return EOF(-1) or number of processed elements. In this case you want to have one string processed so you should check in the while loop:

  while ( c == 1 ) { ... }

• There is a bug in the last loop.

  int x = 0; for (;x < i; ++x) {printf("%s\n", prefix[x]);} // change i to x

After these changes program extracts words from file.