Date: Thu, 06 Oct 2011 19:58:51 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: lev@FreeBSD.org Cc: hackers@FreeBSD.org Subject: Re: how to debug RB_TREE for memory corruption? Message-ID: <4E8DDE4B.4040608@FreeBSD.org> In-Reply-To: <1034127827.20111006205103@serebryakov.spb.ru> References: <1034127827.20111006205103@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
on 06/10/2011 19:51 Lev Serebryakov said the following: > Hello, Hackers. > > I'm writing some code, which uses RB_TREE from <sys/tree.h>. At some > momoent, it crashes within REMOVE method with "elm" 0xa5a5a5a5 (I have > malloc() debug options turned on). > So, it seems, that free()ed element presents somewhere in the tree, > am I right? > Ok, I add printing of whole tree BEFORE removal call with simple > recursive function. It doesn't crash and doesn't print any invalid pointers! > > How could it happen!? Tree is perfectly valid at line BEFORE > RB_DELETE() call and crashes with bad pointer in this method! > > I could (theoretically!) belive, that my code forget to delete node > from tree in some situations. But in such case tree printing function > will crash (or print "0xa5a5a5a5" pointer) before RB_DELETE crash! > > Any hints how to debug such strange situation? A trivial check first - does the element on which you call RB_DELETE actually belong to the tree in question? -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E8DDE4B.4040608>