malloc_db.c by Gianni Mariani 18-Feb-1992 A heap trasher finder. Finding bugs trashing the heap can be a REAL PAIN since all the debugger tells you is :- +---------------------------------------------------+ | Core from signal SIGBUS: Bus error | | free(<stripped>) ["malloc.c":791, 0x401004] | +---------------------------------------------------+ Not very usefull, probably not even if you had malloc.c ! However if you had this :- +-----------------------------------------------------------+ | malloc_db.c:290 found heap trashing | | diagnotic : (unsure - back/forward link wrong 5) | | db_bugptr1 = 0x10020cf0 | | db_bugptr2 = 0x100200b0 | | db_bugptr3 = 0x10020cf8 | | db_bugptr4 = 0x100200b4 | | ->>>dumping core | | Segmentation fault (core dumped) | +-----------------------------------------------------------+ Given that db_bugptr3 and db_bugptr4 usually contain pointers to actual corrupted locations you can proceed to set watch points on them and find the actual code that writes on them. In this directory you will find : malloc_db.c - the star of this show test.c - a test program for malloc heap trashing Makefile - a makefile to generate test test_clib and test_mdb README - me Makefile output : test - executable with no heap trash checking. test_clib - provides the checking that libmalloc.a provides through mallopt() test_mdb - is the test execuatble using malloc_db.c. The heading comment in malloc_db.c provides most of the information that you need to use malloc_db.c. As an example you may wish to set "watch/trace points" using cvd or dbx on the values of db_bugptr3 and db_bugptr4 of the output of test_mdb to see how it works on test_mdb. again see the top of malloc_db.c for all the details. Happy malloc_db-ing. Bonza Gianni p.s. due to the nature of technologic, there is now way to get rid of warning messages such as Warning: malloc: multiply defined previous (used) definition from 'malloc_db.o'; new (ignored) definition from '/usr/lib/libmpc.a' that start barking at you when compiling test_mdb, since the malloc module itself contains the definitions to malloc, free, realloc etc. we are all just going to have to live with it!
Source
Documentation
Reference