Well if you spent 2 weeks looking at the whole code, I doubt there is a lot anyone here can do with only 5 lines of code which isn't even syntactically correct!
My first suggestion is put it back to how it was when it was crashing. Because as hk_mp5kpdw says, it is extremely unlikely that you fixed anything, only hidden it.
Another tool to try and use is Electric Fence, which is another malloc debug tool.
Make sure you compile it all with -g enabled (debug) and then run it in gdb.
At the crash, start with 'bt' and post the results here.
Two common mistakes to look out for are
1. Mistakenly believing that malloc returns with memory full of \0. It does do initially, but as time goes on, it's likely to contain only just from previous use. So anything which starts with strcat rather than strcpy starts off working, then blows up.
Use these options with valgrind.
--malloc-fill=<hexnumber> fill malloc'd areas with given value
--free-fill=<hexnumber> fill free'd areas with given value
2. Forgetting to add 1 to any strlen() result when allocating memory.
3. Forgetting to copy a \0 when necessary (if not using strcpy / strcat )
Another good thing to check is if the segfault address looks like a printable string fragment (eg. 0x41423132 aka "AB12")
valgrind and malloc_debug don't trap every problem.
Eg.
Code:
#include <stdio.h>
#include <string.h>
void foo ( void ) {
char a[10], b[10], c[10];
strcpy( b, "hello world" ); // overrun
printf("%s\n",b);
}
int main(int argc, char *argv[])
{
foo();
return 0;
}
$ gcc -g bar.c
$ ./a.out
hello world
$ valgrind ./a.out
==4951== Memcheck, a memory error detector
==4951== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==4951== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==4951== Command: ./a.out
==4951==
hello world
==4951==
==4951== HEAP SUMMARY:
==4951== in use at exit: 0 bytes in 0 blocks
==4951== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==4951==
==4951== All heap blocks were freed -- no leaks are possible
==4951==
==4951== For counts of detected and suppressed errors, rerun with: -v
==4951== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)
If you have code like this which overwrites a pointer, then it can go wrong very quickly.