I don't use lldb, I use gdb. I'm assuming they are similar enough. I asked to set breakpoint on the line of code you shared (fflush), not via "/dev/null".
You can do it in two ways. Either run debugger, set the breakpoint and continue or run the program, attach the debugger (gdb -p ) , set the breakpoint and let it continue. I'd prefer the later option.
If you have compiled it via ports you could enable debug mode (CFLAGS+=-g) and set it on line of code, or if you're debugging binary without debug symbols you need to find which instruction is calling that fflush and set breakpoint on that.
FILE* structure has fd assigned to it or -1 if none is used. It would be interesting to see if that FILE* structure has sane values. As covacat mentioned it may be that the FILE* structure is already corrupted, not causing the corruption (or in other words it's a victim of a bug, not a bug).
FILE* (and hence printf,scanf & friends) does use buffers (allocated on heap). It could be that this part of the code rubs the bug the correct way and gets triggered.
That EBADF could be that stdout is set to -1, i.e. not used. This is not a bug necessarily. Consider this example of code:
Code:
close(1);
..
..
fprintf(stdout, "hello world\n");
Technically there's nothing wrong with this code. But printing to stdout in the terminal will most likely (stdout can be redirected elsewhere, that's why I said most likely) end up in error EBADF. There may be logic in the code where 0,1,2 is either redirected to socket or closed completely. Hence the error.
But I keep asking myself -- what has changed in FreeBSD that it's being triggered now.