What is a memory smasher?

A memory smasher is the name for what happens when valid memory is replaced with garbage. When memory is replaced with garbage this does not always cause an immediate problem. Often the memory that is replaced with garbage is not used for some time and the garbage memory acts as a booby trap waiting for the program to use it and crash.

What causes crashes?

One of the most common causes of crashes is when bookkeeping memory is replaced with garbage. In addition to the objects you create and use directly there is a large amount of memory used to keep track of function call state, memory bookkeeping, dynamic method dispatch tables, or other runtime features of the programing language. When bookkeeping memory is read and then used it it can result in completely bogus instructions like freeing memory that does not exist or trying to call a function that does not exist. Those invalid instructions are what cause the crash.  One of the most common crash points is in memory management functions like (m)alloc or free.

Where does it crash?

What makes memory smasher crashes difficult to debug is the crash point has nothing to do with the source of the problem. A single line/function call could corrupt memory, but the crash could happen in a completely unrelated codebase. The program could then run for seconds, minutes, or hours before the garbage memory causes a problem. The crash points will vary from crash to crash because it is not predictable, what memory was replaced with garbage,  what is in the garbage, or when the garbage will be used. Usually the crashes aggregate around wherever your program is spending most if its time. Each time your program touches memory, especially the memory used for internal bookkeeping, it has a chance of touching the garbage memory and crashing. If every line of your program had a .01% chance of crashing you would see a lot of crashes on the lines you call most frequently.

How do I debug it?

The best way to debug memory smashers is to run unit tests with Address Sanitizer (ASAN). ASAN will add safeguards around writing memory and help detect incorrect memory writing.