0

I am really in need of help in debugging some memory corruption bug that keeps surfacing. A few bits of information:

  • Boost::Asio is used to receive som protobuf packets over UDP. I am pretty sure that it is related to this.
  • Using valgrind makes the problem dissappear. Maybe because of boost::asio?
  • Running under GDB shows a SIGSEGV at a "random" malloc which indicates that we have some heap corruption that unables the malloc to allocate new memory.

I have downloaded and installed dmalloc and have included dmalloc.h in all the source files and pass the flag -DDMALLOC_FUNC_CHECK (I am using CMake so set(CMAKE_CXX_FLAGS "-DMALLOC_FUNC_CHECK").

When running now with dmalloc replacing malloc and free, the program terminates at a malloc and I get the following log output

1612369583: 1080: Dmalloc version '5.6.5' from 'http://dmalloc.com/'
1612369583: 1080: flags = 0x4f4e903, logfile 'dmalloc-log'
1612369583: 1080: interval = 10, addr = 0x0, seen # = 0, limit = 0
1612369583: 1080: threads enabled, lock-on = 0, lock-init = 2
1612369583: 1080: starting time = 1612369583
1612369583: 1080: process pid = 23374
1612369583: 1080: WARNING: tried to free(0) from 'unknown'
1612369583: 1082: WARNING: tried to free(0) from 'unknown'
1612369583: 1084: WARNING: tried to free(0) from 'unknown'
1612369583: 1086: WARNING: tried to free(0) from 'unknown'
1612369583: 1088: WARNING: tried to free(0) from 'unknown'
1612369583: 1090: WARNING: tried to free(0) from 'unknown'
1612369583: 1092: WARNING: tried to free(0) from 'unknown'
1612369583: 1095: WARNING: tried to free(0) from 'unknown'
1612369583: 1098: WARNING: tried to free(0) from 'unknown'
1612369583: 1101: WARNING: tried to free(0) from 'unknown'
1612369583: 1104: WARNING: tried to free(0) from 'unknown'
1612369583: 1107: WARNING: tried to free(0) from 'unknown'
1612369587: 1110:   error details: checking free pointer
1612369587: 1110:   pointer '0x7f541b272e80' from 'unknown' prev access 'unknown'
1612369587: 1110:   dump of '0x7f541b272e80'0: '\002\000\2253\177\000\000\001\000\000\000\000\000\000\000\000\337\337\337\337'
1612369587: 1110: ERROR: _dmalloc_chunk_heap_check: free space has been overwritten (err 67)

Any ideas for how to get function names and line numbers instead of 'unknown'? According to the documentation including dmalloc.h and passing that flag should be enough. Also the fact that I am using C++ makes me unsure whether it is possible at all.

Are anyone able to see anything useful from that log? The dmalloc docs asys the following about this error:

67 (ERROR_FREE_OVERWRITTEN) free space has been overwritten "If either the free-blank or check-blank tokens are enabled then the library will overwrite memory when it is freed with the “dmalloc-free” byte (hex 0xdf, octal 0337, decimal 223). If the program writes into this space, then the library will detect the write and trigger this error. This could indicate that the program is using a pointer after it has been freed"

This tells me that the dmalloc is detecting that this memory was previously freed. But I dont see the problem in re-allocating a heap buffer that has been freed?

Thanks alot for any help

trincot
  • 317,000
  • 35
  • 244
  • 286
hamsterman
  • 91
  • 6
  • You probably need to compile with debugging symbols enabled. – n. m. could be an AI Feb 03 '21 at 17:35
  • 1
    `ERROR_FREE_OVERWRITTEN)` _"...detecting that this memory was previously freed..."_ nope, it has detected that that the program has written to already freed memory (after it has been freed). When freeing memory dmalloc writes know data to the free area. It has detected (later on) that this known data (in the free area) has been overwritten. – Richard Critten Feb 03 '21 at 18:02
  • Hey Richard. Thanks for that clarification. I take it that this means one of two things: 1. A pointer was freed and then later on that pointer (or a copy of it) was dereferenced and the memory was edited. 2. The memory was freed and due to stack/heap overflow this region was written to. So, this is not noticed until I call malloc and it tries to allocate a new heap buffer and dmalloc finds that this heap buffer has been written to already. The only problem is that this write could be anywhere in the program. – hamsterman Feb 03 '21 at 21:14
  • @hamsterman exactly, it's a very hard problem to find the root cause. Using tools like Valgrind can help. – Richard Critten Feb 04 '21 at 01:56
  • 1
    You are likely using wrong tools. Have you tried https://en.wikipedia.org/wiki/AddressSanitizer ? – Employed Russian Feb 04 '21 at 03:46
  • I tried out AddressSanitizer and it was just the tool I needed. Thansk alot for that great suggestion. I am going to let the question remain but edit it towards finding out how to get from 'unknown' to function and line in c++ – hamsterman Feb 04 '21 at 11:15

0 Answers0