一个malloc的crash问题

项目中遇到一个Crash问题，Crash时生成了core dump，调试core dump，gdb bt 后发现崩溃的线程中，调用栈深度总共有28层，下面贴的是顶部的12层，再往下就是项目代码，第13层（#11）是std::list<std::string>::push_back(...)操作，经检查，#11层往下的数据都没有错，从其他线程上也看不出异常。从 bt 结果来看，貌似Crash线程的栈并没有被写乱。

初步判断，是该线程的栈上的Memory溢出导致Crash（64bit CentOS）。经测试，在和Crash发生时相同的环境下，主线程栈上消耗Memory超过12,568,257 bytes时，进程Crash；从线程栈上消耗Memory超过10,479,656 bytes时，进程Crash。

这只是猜测，也可能其他线程中某项操作导致Crash线程访问内存越界。

#0  0xffffe410 in __kernel_vsyscall ()
#1  0xf7ad4df0 in raise () from /lib/libc.so.6
#2  0xf7ad6701 in abort () from /lib/libc.so.6
#3  0xf7b0d3ab in __libc_message () from /lib/libc.so.6
#4  0xf7b16d96 in _int_malloc () from /lib/libc.so.6
#5  0xf7b17fb7 in malloc () from /lib/libc.so.6
#6  0xf7cec517 in operator new(unsigned int) () from /usr/lib/libstdc++.so.6
#7  0x080901a2 in __gnu_cxx::new_allocator<std::_List_node<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::allocate
    (this=0xf6e56e0c, __n=1) at /usr/lib/gcc/i386-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/new_allocator.h:88
#8  0x080901c5 in std::_List_base<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_get_node (this=0xf6e56e0c)
    at /usr/lib/gcc/i386-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:316
#9  0x080919ac in std::list<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_create_node (this=0xf6e56e0c, __x="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \r\n")
    at /usr/lib/gcc/i386-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:448
#10 0x08091a62 in std::list<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_insert (this=0xf6e56e0c, __position=Traceback (most recent call last):
  File "/usr/share/gdb/python/libstdcxx/v6/printers.py", line 469, in to_string
    return self.val['_M_dataplus']['_M_p'].string (encoding, length = len)
RuntimeError: Cannot access memory at address 0xeb
, __x="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \r\n") at /usr/lib/gcc/i386-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:1139
#11 0x080aae18 in std::list<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::push_back (this=0xf6e56e0c, __x="Set-Cookie: SSLGWSVRID=%s; expires=%s \r\n")
    at /usr/lib/gcc/i386-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:761