valgrind

run valgrind yourapp yourargs it will report Invalid write, un-freed memory on standard error output. but vagrind will crash because of the complexity of the target binary, run with valgrind --vex-guest-max-insns=25 works, but its very slow (it's power/weakness comes from the underlying Virtual Machine nature).

we reproduced the crash by making a snapshot of the input causes the crash, and with gdb we find out the memory under/overflow position in code.

The lesson we learned is:

always supplement a super automatic violent unit-test to your naive implementation.