Why does app crash ?

Posted on 2000-04-27
Last Modified: 2013-12-03

My win32 console app keeps crashing at a specifc point. I found the point where it crashes
when i run it in debug mode in MS VC 4.0 (crashes with assertion _CrtIsValidHeapPointer).
What is the _free_dbg command used for ? Why does it keep crashing ? It crashes at address
0040f7bb below:

--- dbgheap.c  ---------------------------------------------------------------------------------
0040f6e0 55                   push      ebp
0040f6e1 8bec                 mov       ebp,esp
0040f6e3 83ec04               sub       esp,00000004
0040f6e6 53                   push      ebx
0040f6e7 56                   push      esi
0040f6e8 57                   push      edi
0040f6e9 f6058088420004       test      byte ptr [_crtDbgFlag (00428880)],04
0040f6f0 0f8432000000         je        _free_dbg+00000048 (0040f728)
0040f6f6 e835070000           call      _CrtCheckMemory (0040fe30)
0040f6fb 85c0                 test      eax,eax
0040f6fd 0f8525000000         jne       _free_dbg+00000048 (0040f728)
0040f703 6870894200           push      00428970
0040f708 6a00                 push      00000000
0040f70a 68e1030000           push      000003e1
0040f70f 6864894200           push      00428964
0040f714 6a02                 push      00000002
0040f716 e8f5470000           call      _CrtDbgReport (00413f10)
0040f71b 83c414               add       esp,00000014
0040f71e 83f801               cmp       eax,00000001
0040f721 0f8501000000         jne       _free_dbg+00000048 (0040f728)
0040f727 cc                   int       3
0040f728 837d0800             cmp       dword ptr [pUserData],00000000
0040f72c 0f8505000000         jne       _free_dbg+00000057 (0040f737)
0040f732 e9c6030000           jmp       _free_dbg+0000041d (0040fafd)
0040f737 6a00                 push      00000000
0040f739 6a00                 push      00000000
0040f73b 6a00                 push      00000000
0040f73d 8b450c               mov       eax,dword ptr [nBlockUse]
0040f740 50                   push      eax
0040f741 6a00                 push      00000000
0040f743 8b4508               mov       eax,dword ptr [pUserData]
0040f746 50                   push      eax
0040f747 6a03                 push      00000003
0040f749 ff15009a4200         call      dword ptr [_pfnAllocHook (00429a00)]
0040f74f 83c41c               add       esp,0000001c
0040f752 85c0                 test      eax,eax
0040f754 0f8529000000         jne       _free_dbg+000000a3 (0040f783)
0040f75a 68348c4200           push      00428c34
0040f75f 6804894200           push      00428904
0040f764 6a00                 push      00000000
0040f766 6a00                 push      00000000
0040f768 6a00                 push      00000000
0040f76a 6a00                 push      00000000
0040f76c e89f470000           call      _CrtDbgReport (00413f10)
0040f771 83c418               add       esp,00000018
0040f774 83f801               cmp       eax,00000001
0040f777 0f8501000000         jne       _free_dbg+0000009e (0040f77e)
0040f77d cc                   int       3
0040f77e e97a030000           jmp       _free_dbg+0000041d (0040fafd)
0040f783 8b4508               mov       eax,dword ptr [pUserData]
0040f786 50                   push      eax
0040f787 e8240b0000           call      _CrtIsValidHeapPointer (004102b0)
0040f78c 83c404               add       esp,00000004
0040f78f 85c0                 test      eax,eax
0040f791 0f8525000000         jne       _free_dbg+000000dc (0040f7bc)
0040f797 68748a4200           push      00428a74
0040f79c 6a00                 push      00000000
0040f79e 68f3030000           push      000003f3
0040f7a3 6864894200           push      00428964
0040f7a8 6a02                 push      00000002
0040f7aa e861470000           call      _CrtDbgReport (00413f10)
0040f7af 83c414               add       esp,00000014
0040f7b2 83f801               cmp       eax,00000001
0040f7b5 0f8501000000         jne       _free_dbg+000000dc (0040f7bc)
0040f7bb cc                   int       3

Any help would be appreciated.
Question by:afzalmj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 86

Expert Comment

ID: 2756155
It seems that you're freeing memory that does not belong to your heap (e.g. was allocated in a DLL)...

Expert Comment

ID: 2756279
Hm. It really crashes at 40F7BB? Did you place the breakpoint (int 03) there intentioally, or not? int 03 always crashes apps, if they don't handle them explicitly. If you didn't set it there, try to get rid of it.


Author Comment

ID: 2756350
What is int 03 ?
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.


Author Comment

ID: 2756355
I'm sending and receiving data very down a socket. I'm constantly allocating and freeing a couple of k of memory. Could this be a problem ?

Author Comment

ID: 2756358
Would it make any difference if i used GlobalAlloc instead of malloc ? And globalfree instead of free ?

Expert Comment

ID: 2756732
int 03 is the debugger interrupt (or breakpoint execution interrupt). Maybe you set a breakpoint with your debugger there.


Accepted Solution

nl03510 earned 192 total points
ID: 2756860
I'm not a C programmer, but I think I can give you some hints :
1) int 03 is a "breakpoint" interrupt, that has been put there by VC Debug mode. An int 03 "transfers control" to the debugger. I don't expect that the int 3 instruction is in your normal app. (Unless you force it using a -Debug flag while linking ?? (if that's possible in C ?))
2) the _free_dbg function is nothing more than the normal free() function but then the "debug" version of it (Used by the VC Debug mode).
3)I agree on jkr' remark that you probably try to free memory not belonging to your app.It looks like the pUserData pointer is corrupted?
LVL 23

Expert Comment

ID: 2757326
Show the call stack.

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows a few slightly more advanced techniques for Windows 7 gadget programming, including how to save and restore user settings for your gadget and how to populate the "details" panel that is displayed in the Windows 7 gadget gallery.  …
As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question