How to find the cause of a malloc "double free" error?

Asked 9/6, 2009 at 16:49 Answered 25/5, 2017 at 13:31

Solved iphone objective-c memory-management malloc autorelease

I'm programming an application in Objective-C and I'm getting this error:

MyApp(2121,0xb0185000) malloc: *** error for object 0x1068310: double free
*** set a breakpoint in malloc_error_break to debug

It is happening when I release an NSAutoreleasePool and I can't figure out what object I'm releasing twice.

How do I set his breakpoint?

Is there a way to know what is this "object 0x1068310"?

Enroll answered 9/6, 2009 at 16:49 Comment(7)

you might want to tag this post with iPhone as well to get some more people – Kowalski 9/6, 2009 at 18:0

Removed "iphone" tag in favor of other more pertinent tags. – Rutter 29/6, 2009 at 18:22

I can't imagine why this iPhone question would be missing the iPhone tag. There must be more people following "iPhone" than some of these other tags like "autorelease." If you want to find "autorelease," you search for it, you don't follow the tag. So I put "iPhone" back in. – Enid 30/6, 2009 at 1:24

The reason I removed the "iphone" tag is because nothing about the question is specific to iPhone. The only link at all is that it occurs in an iPhone app, but the exact same error can occur in any C or Objective-C application. I don't expect that people following iPhone would be casually interested in this — rather, it would be people who search for things like "double free" or "malloc_error_break", and if they toss in "iPhone", it will still come up. Let's not bicker about tags, but consider that perhaps the people who answer may know where the question best belongs. – Rutter 3/7, 2009 at 0:59

This question is at least Cocoa-specific. If the iPhone tag offends, how about a cocoa tag? The obvious intent applies to Objective-C on Cocoa in XCode. Not Objective-C on Windows, or Linux, or outside the context of XCode. – Embower 17/11, 2009 at 6:45

As there plenty of reasons for this bug, I'll tell mine: (const float*) memory was modified. – Bul 22/12, 2016 at 18:19

refer to this https://mcmap.net/q/157573/-how-to-quot-set-a-breakpoint-in-malloc_error_break-to-debug-quot/6521116 to debug the error. – Belch 10/5, 2017 at 6:45

You'll find out what the object is when you break in the debugger. Just look up the call stack and you will find where you free it. That will tell you which object it is.

The easiest way to set the breakpoint is to:

Go to Run -> Show -> Breakpoints (ALT-Command-B)

Scroll to the bottom of the list and add the symbol malloc_error_break

Fractocumulus answered 9/6, 2009 at 18:6 Comment(4)

I tried that, but I get: unable to dissamble malloc_error_break.... what does it mean? – Enroll 10/6, 2009 at 5:49

No help for autorelease double free. He needs Zombies – Dressage 11/6, 2009 at 6:31

@Enroll — Just curious, if this didn't work for you, why did you you accept it as the answer? – Rutter 18/6, 2009 at 4:13

In Xcode 4.3.2, the breakpoints can be found in View → Navigators → Show Breakpoints Navigator or ⌘6 (Cmd-6) – Prestidigitation 15/5, 2012 at 9:44

When an object is "double-freed", the most common cause is that you're (unnecessarily) releasing an autoreleased object, and it is later autoreleased when the containing autorelease pool is emptied.

I've found that the best way to track down the extra release is to use the NSZombieEnabled environment variable for the affected executable in Xcode. For a quick rundown of how to use it, check out this CocoaDev wiki page. (In addition to this page, Apple has documented some incredibly obscure yet useful tips for debugging code in Xcode, some of which have saved my bacon more than a few times. I suggest checking out this Technical Note on developer.apple.com — link jumps to the section on Cocoa's Foundation framework).

Edit: You can often track the offending object down within the Xcode debugger, but it's often much easier if you use Instruments to assist you. From Xcode, choose Run → Start With Performance Tool → Object Allocations and you should be able to trace the offending object back to where it was created. (This will work best if you're enabled zombies as discussed above.) Note: Snow Leopard adds a Zombies tool to Instruments, accessible from the Run menu as well. Might be worth the $29 alone! ;-)

There is also a related SO question here.

Rutter answered 11/6, 2009 at 3:33 Comment(2)

CocoaDev wiki page linked in answer is dead :( – Cleavers 3/2, 2017 at 8:53

Use the Way Back Machine: web.archive.org/web/20120325135712/http://www.cocoadev.com/… – Rutter 10/2, 2017 at 22:30

You'll find out what the object is when you break in the debugger. Just look up the call stack and you will find where you free it. That will tell you which object it is.

The easiest way to set the breakpoint is to:

Go to Run -> Show -> Breakpoints (ALT-Command-B)

Scroll to the bottom of the list and add the symbol malloc_error_break

Fractocumulus answered 9/6, 2009 at 18:6 Comment(4)

I tried that, but I get: unable to dissamble malloc_error_break.... what does it mean? – Enroll 10/6, 2009 at 5:49

No help for autorelease double free. He needs Zombies – Dressage 11/6, 2009 at 6:31

@Enroll — Just curious, if this didn't work for you, why did you you accept it as the answer? – Rutter 18/6, 2009 at 4:13

In Xcode 4.3.2, the breakpoints can be found in View → Navigators → Show Breakpoints Navigator or ⌘6 (Cmd-6) – Prestidigitation 15/5, 2012 at 9:44

I just want to add my experience in addition to the answer of Quinn Taylor.

In one of my apps, I have to parse and save data into core data objects and later on get these objects to display on the views. In fact, the app works just fine and does not crash at all, until I tried to do a stress test of navigating back and forth multiple times, tried to open multiple views as fast as possible. The app crashes with the above message.

I have tried all the methods that Quinn suggested in his answer and still failed to find out where was the exact cause.

I set NSZombieEnabled=YES, and NSStackLogging=YES, ran the command shell malloc_history to find out why, but still no luck. It always points out to where I save the data into core data objects, in fact, I have checked thousand times the over released objects there, nothing odd.

Running in Instruments with various tools(Allocations, Leaks, etc...) still did not help. Enable the Guard Malloc still got nothing.

Final rescue: I tried to come back to the views where the objects were taken from Core Data and sent a retain message to all of these objects, and took note to these changes. It solved the issue!!!

So, I found out that I failed to retain one, that's exactly the cause. Just want to share my experience so you have another rescue for your app.

Puppis answered 3/11, 2010 at 13:32 Comment(0)

Open up the debugger console by pressing Cmd+Shift+R. There, type

break malloc_error_break

to set a breakpoint at the beginning of the malloc_error_break function.

If you want to find out what object is located at address 0x1068310, you can type the following into the debugger console:

print-object 0x1068310

Of course, you have to do this while the object is still alive -- if the object has already been freed by the time you do this, then this will not work.

Honeysweet answered 11/6, 2009 at 3:51 Comment(6)

This is autorelease, he needs Zombies. – Dressage 11/6, 2009 at 6:32

Finally what I did was invoking the "suspicious" method outside of AutoreleasePoll. Funny thought I still got the warning, but no break point was hit. I just commented out blocks until I found the line. I was autoreleasing a string that was created with stringWithFormat (no alloc or copy). Thank you all for your tips! Gonso – Enroll 12/6, 2009 at 0:38

For this particular type of bug, breaking on malloc_error_break has never helped find the problem — it has always required enabling zombies. – Rutter 3/7, 2009 at 15:23

See here for instructions on setting a breakpoint for malloc_error_break in XCode 4: #6969907 – Shoran 30/9, 2011 at 2:35

I'm getting "error: 'print-object' is not a valid command. error: Unrecognized command 'print-object'." when I use the command. – Unstrained 24/8, 2015 at 0:24

@Zammbi: Try using the po alias, or equivalently expr -o. In the years since this answer was originally written, the debugging engine used by Xcode has been changed from GDB to LLDB, and LLDB has a different set of commands. – Honeysweet 29/9, 2015 at 2:57

Please find the below steps for how to find the object which is free and crash the application.

1) Click on the "Breakpoint navigator".
2) Then click on the "+" button which is below.
3) Add the "Symbolic Breakpoint..." from the list.
4) Add the "malloc_error_break" keyword on the "Symbol" option.

Or you can also refer the below GIF presentation.

Bridgehead answered 25/5, 2017 at 13:31 Comment(0)

For me the issue was solved by

(gdb) call (void)_CFAutoreleasePoolPrintPools()

right after the crash. The address at the top of the stack was the address of the culprit. Threw in a retain and voila.

The address given in the log message did not get me anywhere. It never showed up in any of the various Instrumets. Apparently a pointer to some internal data which had already been freed.

Gompers answered 9/7, 2011 at 17:59 Comment(0)

Adding a symbolic breakpoint in Xcode 4

Just an update to make this relevant to Xcode 4...

From the Xcode 4 User Guide:

To add a symbolic breakpoint . . .

In the bottom-left corner of the breakpoint navigator, click the Add button.

Choose Add Symbolic Breakpoint.

Enter the symbol name in the Symbol field.

Click Done.

Loleta answered 17/12, 2011 at 19:54 Comment(0)

This is what the malloc_error_break breakpoint looks like in the Breakpoints window in Xcode. Need to check the boxes to make it work.

alt text http://www.martijnthe.nl/wp-content/uploads/2009/08/Afbeelding-1.png

Footgear answered 5/8, 2009 at 10:51 Comment(0)

Check your classes and look under the dealloc method. Make sure you care calling [super dealloc].

I had this exact same problem and found out I was calling [self dealloc] instead. Just not paying attention.

Jesuitism answered 11/11, 2010 at 17:27 Comment(0)

In Xcode, click left of the line number to set a breakpoint. Then you can launch it by doing a "Build and Debug".

It is recommended to not have object that you create be autorelease since memory is a commodity on the iPhone. Apple recommends explicitly calling release.

Kowalski answered 9/6, 2009 at 18:0 Comment(0)

To find these kinds of memory and pointer problems in general, you want to run your code against a runtime memory error checker like Valgrind. This should be able to point out lots of things your code is doing wrong, beyond those that cause it to crash.

Valgrind can work on OSX (though it says it's "unsupported and incomplete and buggy"), and with a little hacking someone got it to work on iPhone SDK executables.

Even better you can try Instruments, which is part of XCode. There's a tutorial for running it here.

Tiptoe answered 29/6, 2009 at 18:29 Comment(1)

instruments is the way to go; use the object alloc instrument and turn on zombies. (or just use the Zombies template). Valgrind is solution of last resort. It is terribly slow and often simply won't work. – Fibster 30/6, 2009 at 2:19

If malloc_error_break is not helping...

The best way to solve this error is to run instruments with the NSZombies turned on. Instruments will flag you when the Zombie is messaged and you can trace directly back to the line of code.

Snow Leopard required, what a lifesaver though!

Motte answered 18/5, 2011 at 19:7 Comment(0)

This is usually caused by some inspector, such as safari or safari preview. Refer to post or post and question.

Remove the select of AutoMatically Show Web ...., will remove this issue.

Note, just close safari or safari preview will not remove this issue. And you have to deselect both of safari and safari preview.

If this will not do, refer to this answer or post to debug it.

Belch answered 10/5, 2017 at 7:12 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Adding a symbolic breakpoint in Xcode 4

Recommended topics

Hot tags