A difficult problem in programming in Linux -- the harm caused by wild pointers

Scenario:

A piece of code, single-process multi-thread mode, in addition to the main thread there are many sub-threads, which use a lot of pointers, code compilation does not have any warning and error; after the program runs, everything is normal, and communicates with another program through the Socket network, and everything is normal. All Sub-threads exit normally. The destructor of all classes are also normal. However, when the main process is destroyed (or exit (0 ),

The following error message is displayed:

* ** Glibc detected **./fsvspsiu: incluupted double-linked list: 0x08484100 ***
======= Backtrace: ============
/Lib/libc. so.6 [0x3bce1b]
/Lib/libc. so.6 [0x3be7fb]
/Lib/libc. so.6 (cfree + 0x90) [0x3c20f0]
./Fsvspsiu [0x804d4c5]
./Fsvspsiu [0x804c411]
./Fsvspsiu [0x804a134]
/Lib/libc. so.6 (exit + 0xEE) [0x38163e]
/Lib/libc. so.6 (_ libc_start_main + 0xe8) [0x36b398]
./Fsvspsiu (_ gxx_personality_v0 + 0x69) [0x8049211]
======= Memory map: ========
00110000-00111000 R-XP 00110000 0 [vdso]
00336000-00351000 R-XP 00000000 FD: 00 332652/lib/ld-2.7.so
00351000-00352000 R-XP 0001a000 FD: 00 332652/lib/ld-2.7.so
00352000-00353000 rwxp 0001b000 FD: 00 332652/lib/ld-2.7.so
00355000-004a8000 R-XP 00000000 FD: 00 332653/lib/libc-2.7.so
004a8000-004aa000 R-XP 00153000 FD: 00 332653/lib/libc-2.7.so
004aa000-004ab000 rwxp 00155000 FD: 00 332653/lib/libc-2.7.so
004ab000-004ae000 rwxp 004ab000 00:00 0
004b0000-004d7000 R-XP 00000000 FD: 00 332657/lib/libm-2.7.so
004d7000-004d8000 R-XP 00026000 FD: 00 332657/lib/libm-2.7.so
004d8000-004d9000 rwxp 00027000 FD: 00 332657/lib/libm-2.7.so
004e2000-004f7000 R-XP 00000000 FD: 00 332655/lib/libpthread-2.7.so
004f7000-004f8000 R-XP 00014000 FD: 00 332655/lib/libpthread-2.7.so
004f8000-004f9000 rwxp 00015000 FD: 00 332655/lib/libpthread-2.7.so
004f9000-004fb000 rwxp 004f9000 00:00 0
00cab000-00cb6000 R-XP 00000000 FD: 00 332676/lib/libgcc_s-4.1.2-20070925.so.1
00cb6000-00cb7000 rwxp rja000 FD: 00 332676/lib/libgcc_s-4.1.2-20070925.so.1
03694000-03774000 R-XP 00000000 FD: 00 415472/usr/lib/libstdc ++. so.6.0.8
03774000-03778000 R-XP 000df000 FD: 00 415472/usr/lib/libstdc ++. so.6.0.8
03778000-03779000 rwxp 000e3000 FD: 00 415472/usr/lib/libstdc ++. so.6.0.8
03779000-0377f000 rwxp 03779000 0
08048000-08052000 R-XP 00000000 85112/mnt/HGFS/D/fsvsp/src/PF/Siu/fsvspsiu
08052000-08053000 RW-P 00009000 85112/mnt/HGFS/D/fsvsp/src/PF/Siu/fsvspsiu
08053000-08057000 RW-P 08053000 0
08452000-08486000 RW-P 08452000 0
B5600000-b5621000 RW-P b5600000 0
B5621000-b5700000 --- P b5621000 00:00 0
B5718000-b5719000 --- P b5718000 00:00 0
B5719000-b6119000 RW-P b5719000 0
B6119000-b611a000 --- P b6119000 00:00 0
B611a000-b6b1a000 RW-P b611a000 0
B6b1a000-b6b1b000 --- P b6b1a000 00:00 0
B6b1b000-b751b000 RW-P b6b1b000 0
B751b000-b751c000 --- P b751b000 00:00 0
B751c000-b7f1f000 RW-P b751c000 0
Bfe86000-bfe9b000 RW-P bffea000 0 [Stack]
Aborted

 

1. I finally found the root cause of the problem through a one-week discount:

See the fifth line (/lib/libc. so.6 (cfree + 0x90) [0x3c20f0]). It can be estimated that a problem occurs when the heap memory is free, so free () what are the most likely problems with functions?

-- The heap is released multiple times.

2. Through code review, we found that:

There is a malloc pointer, Which is accidentally free, but is not assigned null and becomes a wild pointer. This wild pointer (already free) is not equal to null next time, therefore, when this pointer is used, it is free once again, resulting in free twice.

3. Questions not yet understood:

Why does the operating system not report an error when the second free operation, but when the entire process exits.