how to debug RB_TREE for memory corruption?
    Andriy Gapon 
    avg at FreeBSD.org
       
    Thu Oct  6 16:58:55 UTC 2011
    
    
  
on 06/10/2011 19:51 Lev Serebryakov said the following:
> Hello, Hackers.
> 
>   I'm writing some code, which uses RB_TREE from <sys/tree.h>. At some
> momoent, it crashes within REMOVE method with "elm" 0xa5a5a5a5 (I have
> malloc() debug options turned on).
>   So, it seems, that free()ed element presents somewhere in the tree,
> am I right?
>   Ok, I add printing of whole tree BEFORE removal call with simple
> recursive function. It doesn't crash and doesn't print any invalid pointers!
> 
>   How could it happen!? Tree is perfectly valid at line BEFORE
> RB_DELETE() call and crashes with bad pointer in this method!
> 
>   I could (theoretically!) belive, that my code forget to delete node
> from tree in some situations. But in such case tree printing function
> will crash (or print "0xa5a5a5a5" pointer) before RB_DELETE crash!
> 
>   Any hints how to debug such strange situation?
A trivial check first - does the element on which you call RB_DELETE actually
belong to the tree in question?
-- 
Andriy Gapon
    
    
More information about the freebsd-hackers
mailing list