This is a Mac OS X / GDB counterpart to Dynamic Memory Corruption (process heap) pattern (Volume 1, page 257) previously described for Windows platforms:
(gdb) bt #0 0x00007fff8479582a in __kill () #1 0x00007fff8e0e0a9c in abort () #2 0x00007fff8e1024ac in szone_error () #3 0x00007fff8e1024e8 in free_list_checksum_botch () #4 0x00007fff8e102a7b in small_free_list_remove_ptr () #5 0x00007fff8e106bf7 in szone_free_definite_size () #6 0x00007fff8e13f789 in free () #7 0x000000010afafe23 in main (argc=1, argv=0x7fff6abaeb08)
Here's the source code of the modeling application:
int main(int argc, const char * argv[]) { char *p1 = (char *) malloc (1024); printf(“p1 ”, p1); = %p char *p2 = (char *) malloc (1024); printf(“p2 ”, =p2);%p char *p3 = (char *) malloc (1024); printf(“p3 ”, p3); = %p char *p4 = (char *) malloc (1024); printf(“p4 ”, p4); = %p char *p5 = (char *) malloc (1024); printf(“p5 ”, p5); = %p char *p6 = (char *) malloc (1024); printf(“p6 ”, p6); = %p char *p7 = (char *) malloc (1024); printf(“p7 ”, p7); = %p free(p6); free(p4); free(p2); printf(“Hello ”); Crash! strcpy(p2, “Hello Crash!”); strcpy(p4, “Hello Crash!”); strcpy(p6, “Hello Crash!”); p2 = (char *) malloc (512); printf(“p2 ”, p2); = %p p4 = (char *) malloc (1024); printf(“p4 ”, p4); = %p 6 = (char *) malloc (512); printf(“p6 ”, p6); = %p free (p7); free (p6); free (p5); free (p4); free (p3); free (p2); free (p1); return 0; }