how to debug RB_TREE for memory corruption?
Andriy Gapon
avg at FreeBSD.org
Thu Oct 6 16:58:55 UTC 2011
on 06/10/2011 19:51 Lev Serebryakov said the following:
> Hello, Hackers.
>
> I'm writing some code, which uses RB_TREE from <sys/tree.h>. At some
> momoent, it crashes within REMOVE method with "elm" 0xa5a5a5a5 (I have
> malloc() debug options turned on).
> So, it seems, that free()ed element presents somewhere in the tree,
> am I right?
> Ok, I add printing of whole tree BEFORE removal call with simple
> recursive function. It doesn't crash and doesn't print any invalid pointers!
>
> How could it happen!? Tree is perfectly valid at line BEFORE
> RB_DELETE() call and crashes with bad pointer in this method!
>
> I could (theoretically!) belive, that my code forget to delete node
> from tree in some situations. But in such case tree printing function
> will crash (or print "0xa5a5a5a5" pointer) before RB_DELETE crash!
>
> Any hints how to debug such strange situation?
A trivial check first - does the element on which you call RB_DELETE actually
belong to the tree in question?
--
Andriy Gapon
More information about the freebsd-hackers
mailing list