这个小函数为什么在free的时候，会报double free？
int
load_poll_proginfo_and_send(char *config_buf,
struct pipe_info * * pipe_array,
const unsigned int listenfd,
const unsigned int connfd,
struct mon_comm * mon_comm_recv

)
{
printf( "here is in load_poll_proginfo_and_send.\n ");
fflush(stdout);

unsigned int count = 0;

char *pos_start; //locate the poll prog;
char *pos_middle;//locate poll prog info
char *pos_temp = (char *)calloc(strlen(config_buf), 1); //save file location
char *prog_info = (char *)calloc(PROG_NAME_LEN, 1);//load prog_info;
char *serv_info;//load prog_info;

char *buf = (char *)calloc(strlen(config_buf), 1);
memcpy(buf, config_buf, strlen(config_buf));

const char deliniters [] = " <> ";

char *test = strstr(config_buf, "poll ");


for(;;)
{
if((pos_start = strstr(buf, "poll "))== NULL)
{
if(count == 0)
{
printf( "There is no poll service in config file buf.\n ");
fflush(stdout);

if(buf != NULL)
{
memset(buf, 0, strlen(config_buf));
free(buf);
}

if(pos_middle != NULL)
{
memset(pos_middle, 0, strlen(config_buf));
free(buf);
}

free(pos_middle);
free(pos_temp);
free(prog_info);
free(serv_info);

return -1;
}else
{
printf( "There is no poll service any more in config file buf.\n ");
fflush(stdout);

free(buf);
free(pos_middle);
free(pos_temp);
free(prog_info);
free(serv_info);

return 0;
}
}

if((pos_middle = strstr(pos_start, " < ")) == NULL)
{
printf( "There is no poll prog info after poll_programe_name in config file buf.\n ");
fflush(stdout);

free(buf);
free(pos_middle);
free(pos_temp);
free(prog_info);
free(serv_info);

return -1;
}


memcpy(pos_temp, pos_middle + 1, strlen(pos_middle));//over the ' < '

*prog_info = '. ';//for system act
//prog_info = strtok(pos_middle, deliniters);
strcpy(prog_info + 1, strtok(pos_middle, deliniters));//prog_info = "./....... "

strtok(NULL, deliniters);
serv_info = strtok(NULL, deliniters) + 1;

printf( "serv_info is %s ", serv_info);
fflush(stdout);

mon_comm_recv-> task_id = 0;

//mon_comm_recv.

if(fork_and_pipe(config_buf,
pipe_array,
listenfd,
connfd,
mon_comm_recv,
prog_info) < 0)
{

free(buf);
free(pos_middle);
free(pos_temp);
free(prog_info);
free(serv_info);

return -1;
}

memset(buf, 0, strlen(config_buf));
memcpy(buf, pos_temp, strlen(pos_temp));

memset(pos_middle, 0, strlen(config_buf));

count++;
}
}


[解决办法]
我想, 你这是在Linux/Unix平台. 你这个错误大约是gcc的运行时库报的. 两次调用free函数, 对一个有效地址进行内存释放. 我上次遇到是这样的, 你往这个方向查查.