Resources | Resources |



Detecting double free corruption using Heap1Wrapper

Double free corruption occurs when an application frees the same memory more than once, which can corrupt the memory if it has already been allocated to another application. The memtests sample code, available on the Brew MP website with this guide, allows you to produce a double free error.

To detect this problem, enable delayed free in the Heap1Wrapper config.ini file by adding the following:

totalDelayedFreeCount=50000      // size of the delayed free queue

When a node is freed the first time, it is added to the delayed free queue instead of actually getting freed. While the node remains in the delayed free queue, if it is freed again, Heap1Wrapper reports the error in the logger or QXDM with a message similar to the following:

DoubleFree Err@0x22607c0:Thread Name:UI,Module Name:fs:/usermods/memtests(0x24A7EA),
      Time Stamp:17730278i

In this case, the message indicates that double free occurred against the buffer allocated at time 17730278, at memory address: 0x22607c0, from Applet ID 0x24A7EA, from fs:/usermods/memtests (mod or mod1) in the UI thread.

To have the device crash or break upon detection, add the following lines to the Heap1Wrapper config.ini file:

debuggerOn=1      //  only need if a debugger is connected