In message <E11Iub1-0001HX-00@quartz.newn.cam.ac.uk>, "Patrick Welche" writes:
>Program terminated with signal 11, Segmentation fault.
>(gdb) bt
>#0  0x48393b6c in memcpy ()
>#1  0xa5d1000 in ?? ()
>#2  0x483931db in realloc (ptr=0xb8fd000, size=1843200)
>    at /usr/src/lib/libc/stdlib/malloc.c:1135
>#3  0x48118519 in ReallocateMemory (memory=0xb8fd000, size=1843200)

Any time I see a crash inside malloc or realloc, I assume (probably correctly,
IMHO) that someone has previously stomped on pointers.

>        r = irealloc(ptr, size);

>irealloc is in malloc.c, so where does

?"irealloc"?  It says "realloc" above, what's up?

>Any suggestions on how to proceed?

I generally "solve" this by replacing malloc and realloc with wrapper
functions which log all allocations and frees, then run until the crash,
then run a little perl script on the output to find out what memory was
freed twice, or what memory was freed that was never allocated, etcetera.

-s