Linux Applications Debugging Techniques/Heap corruption

Electric FenceEdit

Electric Fence is still the reference for dealing with heap corruption, even if not maintined for a while. RedHat ships a version that can be used as an interposition library.

Drawback: might not work with code that uses mmap() to allocate memory.

DumaEdit

Duma is a fork of Electric Fence.

glibc builtinEdit

man (3) malloc: Recent versions of Linux libc (later than 5.4.23) and GNU libc (2.x) include a malloc implementation which is tunable via environment variables. When MALLOC_CHECK_ is set, a special (less efficient) implementation is used which is designed to be tolerant against simple errors, such as double calls of free() with the same argument, or overruns of a single byte (off-by-one bugs). Not all such errors can be protected against, however, and memory leaks can result. If MALLOC_CHECK_ is set to 0, any detected heap corruption is silently ignored and an error message is not generated; if set to 1, the error message is printed on stderr, but the program is not aborted; if set to 2, abort() is called immediately, but the error message is not generated; if set to 3, the error message is printed on stderr and program is aborted. This can be useful because otherwise a crash may happen much later, and the true cause for the problem is then very hard to track down.

C++ stdlib builtinEdit

Compile with -D_GLIBCXX_DEBUG - it turns on debugging checks in the C++ standard library.

AddressSanitizerEdit

A fast memory error detector via -fsanitize=address , with a recent gcc (since 4.8) or clang (since 3.1). Memory access instructions will be instrumented to detect heap-, stack-, and global-buffer overflow as well as use-after-free bugs. To get nicer stacktraces, use -fno-omit-frame-pointer. The AddressSanitizer is available on IA-32/x86-64/x32/PowerPC/PowerPC64 GNU/Linux and on x86-64 Darwin.

ubsanEdit

Starting with gcc 4.9 and later, you can use the ubsan sanitizer for bounds checking.

gdb heisenbugsEdit

Memory-related bugs that don't happen when using GDB but do without GDB are often caused by GDB disabling ASLR. This is usually useful for reproducibility of debugging sessions, but may indeed make address space layout too predictable and fail to reproduce a bug. Try using the GDB command "set disable-randomization off" (without quotes) to undo this behavior and thus start your program in a normal, randomized, environment.

LinksEdit