Linux Applications Debugging Techniques/Heap corruption

Electric Fence
Electric Fence is still the reference for dealing with heap corruption, even if not maintined for a while. RedHat ships a version that can be used as an interposition library.

Drawback: might not work with code that uses mmap to allocate memory.

Duma
Duma is a fork of Electric Fence.

glibc builtin
man (3) malloc: Recent versions of Linux libc (later than 5.4.23) and GNU libc (2.x) include a malloc implementation which is tunable via environment variables. When MALLOC_CHECK_ is set, a special (less efficient) implementation is used which is designed to be tolerant  against  simple  errors,  such  as  double calls of free with the same argument, or overruns of a single byte (off-by-one bugs). Not all such errors can be protected against, however, and memory leaks can result. If MALLOC_CHECK_ is set to 0,  any detected heap corruption is silently ignored and an error message is not generated; if set to 1, the error message is printed on stderr, but the program is not aborted; if set to 2, abort is called immediately, but the error message is not  generated;  if set  to 3, the error message is printed on stderr and program is aborted. This can be useful because otherwise a crash may happen much later, and the true cause for the problem is then very hard to track down.

C++ stdlib builtin
Compile with -D_GLIBCXX_DEBUG - it turns on debugging checks in the C++ standard library.

AddressSanitizer
A fast memory error detector via  -fsanitize=address , with a recent gcc (since 4.8) or clang (since 3.1). Memory access instructions will be instrumented to detect heap-, stack-, and global-buffer overflow as well as use-after-free bugs. To get nicer stacktraces, use -fno-omit-frame-pointer. The AddressSanitizer is available on IA-32/x86-64/x32/PowerPC/PowerPC64 GNU/Linux and on x86-64 Darwin.


 * http://clang.llvm.org/docs/AddressSanitizer.html
 * https://code.google.com/p/address-sanitizer/

ubsan
Starting with gcc 4.9 and later, you can use the ubsan sanitizer for bounds checking.

gdb heisenbugs
Memory-related bugs that don't happen when using GDB but do without GDB are often caused by GDB disabling ASLR. This is usually useful for reproducibility of debugging sessions, but may indeed make address space layout too predictable and fail to reproduce a bug. Try using the GDB command "set disable-randomization off" (without quotes) to undo this behavior and thus start your program in a normal, randomized, environment.

Links

 * Intel support for memory issues