malloc calls realloc, then crashes
Question
I am working with a daemon in a linux embedded device, the daemon crash randomly while running, usually after starting some hours. I investigated the crash report(stack dump) and detected that it crashes by 2 scenarios, follow these call traces:
- Case 1. my function -> calloc -> malloc -> realloc(crash by SIGSEGV)
- Case 2. my function -> calloc -> malloc -> realloc -> abort ->
raise(crash by SIGABRT)
I read this link and my issue seems because of heap corruption Why do I get a C malloc assertion failure? .
I made my own wraper version for memory allocation functions (malloc, calloc, realloc and free) to attach fences around the alloced memory and monitor them by a hash table, so I can detect buffer overflow or free twice. However it still crashes without any memory violation at my fences.
So I want to ask 2 questions:
- Do you have any idea to debug this kind of issue?
- When does malloc call realloc? I looked at malloc source code at glibc briefly and see no call to realloc.
1 answers
solution1
3 ACCPTED 2018-11-19 05:34:37
My colleague found the root cause(by investigating core dump file and libc malloc's source code), there is a point that it writes to a freed memory because of a bug in a linked list's delete function => corrupted memory => calloc crash.
Acually malloc does not call realloc , malloc calls __malloc_consolidate instead. In libc's obj dump file, __malloc_consolidate' 's asm code is under realloc 's asm code so I though malloc calls realloc .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.