Why does app crash ?

Posted on 2000-04-27
Last Modified: 2013-12-03

My win32 console app keeps crashing at a specifc point. I found the point where it crashes
when i run it in debug mode in MS VC 4.0 (crashes with assertion _CrtIsValidHeapPointer).
What is the _free_dbg command used for ? Why does it keep crashing ? It crashes at address
0040f7bb below:

--- dbgheap.c  ---------------------------------------------------------------------------------
0040f6e0 55                   push      ebp
0040f6e1 8bec                 mov       ebp,esp
0040f6e3 83ec04               sub       esp,00000004
0040f6e6 53                   push      ebx
0040f6e7 56                   push      esi
0040f6e8 57                   push      edi
0040f6e9 f6058088420004       test      byte ptr [_crtDbgFlag (00428880)],04
0040f6f0 0f8432000000         je        _free_dbg+00000048 (0040f728)
0040f6f6 e835070000           call      _CrtCheckMemory (0040fe30)
0040f6fb 85c0                 test      eax,eax
0040f6fd 0f8525000000         jne       _free_dbg+00000048 (0040f728)
0040f703 6870894200           push      00428970
0040f708 6a00                 push      00000000
0040f70a 68e1030000           push      000003e1
0040f70f 6864894200           push      00428964
0040f714 6a02                 push      00000002
0040f716 e8f5470000           call      _CrtDbgReport (00413f10)
0040f71b 83c414               add       esp,00000014
0040f71e 83f801               cmp       eax,00000001
0040f721 0f8501000000         jne       _free_dbg+00000048 (0040f728)
0040f727 cc                   int       3
0040f728 837d0800             cmp       dword ptr [pUserData],00000000
0040f72c 0f8505000000         jne       _free_dbg+00000057 (0040f737)
0040f732 e9c6030000           jmp       _free_dbg+0000041d (0040fafd)
0040f737 6a00                 push      00000000
0040f739 6a00                 push      00000000
0040f73b 6a00                 push      00000000
0040f73d 8b450c               mov       eax,dword ptr [nBlockUse]
0040f740 50                   push      eax
0040f741 6a00                 push      00000000
0040f743 8b4508               mov       eax,dword ptr [pUserData]
0040f746 50                   push      eax
0040f747 6a03                 push      00000003
0040f749 ff15009a4200         call      dword ptr [_pfnAllocHook (00429a00)]
0040f74f 83c41c               add       esp,0000001c
0040f752 85c0                 test      eax,eax
0040f754 0f8529000000         jne       _free_dbg+000000a3 (0040f783)
0040f75a 68348c4200           push      00428c34
0040f75f 6804894200           push      00428904
0040f764 6a00                 push      00000000
0040f766 6a00                 push      00000000
0040f768 6a00                 push      00000000
0040f76a 6a00                 push      00000000
0040f76c e89f470000           call      _CrtDbgReport (00413f10)
0040f771 83c418               add       esp,00000018
0040f774 83f801               cmp       eax,00000001
0040f777 0f8501000000         jne       _free_dbg+0000009e (0040f77e)
0040f77d cc                   int       3
0040f77e e97a030000           jmp       _free_dbg+0000041d (0040fafd)
0040f783 8b4508               mov       eax,dword ptr [pUserData]
0040f786 50                   push      eax
0040f787 e8240b0000           call      _CrtIsValidHeapPointer (004102b0)
0040f78c 83c404               add       esp,00000004
0040f78f 85c0                 test      eax,eax
0040f791 0f8525000000         jne       _free_dbg+000000dc (0040f7bc)
0040f797 68748a4200           push      00428a74
0040f79c 6a00                 push      00000000
0040f79e 68f3030000           push      000003f3
0040f7a3 6864894200           push      00428964
0040f7a8 6a02                 push      00000002
0040f7aa e861470000           call      _CrtDbgReport (00413f10)
0040f7af 83c414               add       esp,00000014
0040f7b2 83f801               cmp       eax,00000001
0040f7b5 0f8501000000         jne       _free_dbg+000000dc (0040f7bc)
0040f7bb cc                   int       3

Any help would be appreciated.
Question by:afzalmj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 86

Expert Comment

ID: 2756155
It seems that you're freeing memory that does not belong to your heap (e.g. was allocated in a DLL)...

Expert Comment

ID: 2756279
Hm. It really crashes at 40F7BB? Did you place the breakpoint (int 03) there intentioally, or not? int 03 always crashes apps, if they don't handle them explicitly. If you didn't set it there, try to get rid of it.


Author Comment

ID: 2756350
What is int 03 ?
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now


Author Comment

ID: 2756355
I'm sending and receiving data very down a socket. I'm constantly allocating and freeing a couple of k of memory. Could this be a problem ?

Author Comment

ID: 2756358
Would it make any difference if i used GlobalAlloc instead of malloc ? And globalfree instead of free ?

Expert Comment

ID: 2756732
int 03 is the debugger interrupt (or breakpoint execution interrupt). Maybe you set a breakpoint with your debugger there.


Accepted Solution

nl03510 earned 192 total points
ID: 2756860
I'm not a C programmer, but I think I can give you some hints :
1) int 03 is a "breakpoint" interrupt, that has been put there by VC Debug mode. An int 03 "transfers control" to the debugger. I don't expect that the int 3 instruction is in your normal app. (Unless you force it using a -Debug flag while linking ?? (if that's possible in C ?))
2) the _free_dbg function is nothing more than the normal free() function but then the "debug" version of it (Used by the VC Debug mode).
3)I agree on jkr' remark that you probably try to free memory not belonging to your app.It looks like the pUserData pointer is corrupted?
LVL 23

Expert Comment

ID: 2757326
Show the call stack.

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question