incorrect checksum for freed object. Extremely strange crash on app
I've been working on an app for some time now.. Up until now i've been running it whilst the debugger has been attached and it was working well (because NSZombies was enabled)...
I recently noticed that when pushing to a new view controller the app would crash. I figured it would be a simple fix but so far its not looking that way.
The app works by doing the following (this method has worked previously)...
- User Selects View
- RootViewController pushed to tableViewController
- User Selects item
- ViewController initialised and configured
- Navigation Controller pushes to new ViewController
Now if I configure my scheme to enable NSZombies, then this works fine.. my new view loads and vola, it works.
However.. if i don't the app crashes!
In my console window, I get the following error:
2012-01-17 19:51:14.599 DrivingInstructor[61946:17003] -[PhotoViewController loadView]
2012-01-17 19:51:14.654 DrivingInstructor[61946:17003] -[PhotoViewController viewWillAppear:]
DrivingInstructor(61946,0xac6ad2c0) malloc: *** error for object 0x92b0e14: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
So i set the malloc_error_break to see whats happening... doesn't make a difference, I still get the above error (note the first two messages show that my new ViewController is initialising)
If I run a backtrace after the crash.. here is my output:
#0 0x956a9c97 in malloc_error_break ()
#1 0x9566b4ce in szone_error ()
#2 0x9566b54e in free_list_checksum_botch ()
#3 0x9566b63f in tiny_free_list_remove_ptr ()
#4 0x956702b1 in szone_free ()
#5 0x01f30a98 in __CFAllocatorSystemDeallocate ()
#6 0x01f2978a in CFAllocatorDeallocate ()
#7 0x01f30960 in CFRelease ()
#8 0x01fe6b4f in __CFDictionaryStandardReleaseKey ()
#9 0x01f474df in __CFBasicHashDrain ()
#10 0x01f304e3 in CFRelease ()
#11 0x02011e94 in -[__NSArrayM dealloc] ()
#12 0x021c8e4d in _objc_rootRelease ()
#13 0x021c8e10 in objc_release ()
#14 0x021c9c60 in (anonymous namespace)::AutoreleasePoolPage::pop ()
#15 0x01f58ed8 in _CFAutoreleasePoolPop ()
#16 0x015f08ce in __NSFireDelayedPerform ()
#17 0x01ff8966 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ ()
#18 0x01ff8407 in __CFRunLoopDoTimer ()
#19 0x01f5b7c0 in __CFRunLoopRun ()
#20 0x01f5adb4 in CFRunLoopRunSpecific ()
#21 0x01f5accb in CFRunLoopRunInMode ()
#22 0x023e2879 in GSEventRunModal ()
#23 0x023e293e in GSEventRun ()
#24 0x00cd8a9b in UIApplicationMain ()
#25 0x00002149 in main (argc=1, argv=0xbffff5d4) at main.m:14
I should also point out... I originally thought this was being caused by me running a background thread what resizes images for me while the ui loads so there is no freezing up as my first crash log suggested it was crashing on a certain line in my image processing class but after not being able to sort that and commenting out the function what resizes the images (runs on background thread).. Now the app is crashing without me even calling that thread!
I don't know what has happened to is as my initial crash logs where telling me it was an issue using UIGraphics on a background thread while the crash was happening...
Now it just crashes :S
Here is my crash log below:
(pastebin as i go over 3k character limit) http://pastebin.com/dGF7QdeH
I would share the code to the app where this issue is occurring but I don't know where it's happening so I can't show you :S
From what I can see, the viewWillAppear: function is called so I can setup my view, but it crashes just before i actually push to it but there is nothing unusual in the setup of the view as the only code i have altered since the last working version is setting up of my view (what runs fine)
If anybody can help me with this I will be VERY grateful... I've been stressing over this all day and posting here is my last resort (before I go to developer.apple.com)
Thanks for reading, Please let me know if you need more info.
Liam
liamnichols5 Answers
First of all, find out what object is 0x92b0e14. (or whatever address shows up in your debugger.) Once you know what object it is, then put breakpoints everywhere you release it, and put a breakpoint where you get the error. When you hit the release before you hit the error, then you see what the problem is.
It might be that you never retain this object, which could give the same results if it is changed after being autoreleased. In this case, implement a retain/release scheme that keeps this object alive until you're done with it.
Owen HartnettYou hosed something on the main thread, and the background thread used to trip on it first.
When all else fails, you can use binary search to find the problem. Make a new #define like SEARCH_BUG=1 then use #ifdef SEARCH_BUG to comment out vast areas of code. Leaving Zombies on and enabling scribbling, and everything else would also likely find the bug faster than without it.
This is an iPhone app, run it in the simulator, and on hardware - iPad - etc perhaps the problem will manifest earlier on real hardware or in a simulator.
Tom AndersenThat stack sure looks like something is being over-released. (Which is less likely if you really did have zombie detection on.)
David DunhamI don't know if this will help, but the few times I encountered a malloc error, two instances of the same view controller class unintentionally exist in my view controller hierarchy. Try putting NSLog(@"init: %@", self); in your view controllers' init() and NSLog(@"dealloc: %@", self); in their dealloc(), then compare the class names and instance addresses.
John EstropiaI found the function free_list_checksum_botch() on Apple open source.
https://opensource.apple.com/source/Libc/Libc-825.26/gen/magazine_malloc.c
It try to put error log "incorrect checksum for freed object - object was probably modified after being freed."
user1418067User contributions licensed under CC BY-SA 3.0