Why does app crash ?

Posted on 2000-04-27
Last Modified: 2013-12-03

My win32 console app keeps crashing at a specifc point. I found the point where it crashes
when i run it in debug mode in MS VC 4.0 (crashes with assertion _CrtIsValidHeapPointer).
What is the _free_dbg command used for ? Why does it keep crashing ? It crashes at address
0040f7bb below:

--- dbgheap.c  ---------------------------------------------------------------------------------
0040f6e0 55                   push      ebp
0040f6e1 8bec                 mov       ebp,esp
0040f6e3 83ec04               sub       esp,00000004
0040f6e6 53                   push      ebx
0040f6e7 56                   push      esi
0040f6e8 57                   push      edi
0040f6e9 f6058088420004       test      byte ptr [_crtDbgFlag (00428880)],04
0040f6f0 0f8432000000         je        _free_dbg+00000048 (0040f728)
0040f6f6 e835070000           call      _CrtCheckMemory (0040fe30)
0040f6fb 85c0                 test      eax,eax
0040f6fd 0f8525000000         jne       _free_dbg+00000048 (0040f728)
0040f703 6870894200           push      00428970
0040f708 6a00                 push      00000000
0040f70a 68e1030000           push      000003e1
0040f70f 6864894200           push      00428964
0040f714 6a02                 push      00000002
0040f716 e8f5470000           call      _CrtDbgReport (00413f10)
0040f71b 83c414               add       esp,00000014
0040f71e 83f801               cmp       eax,00000001
0040f721 0f8501000000         jne       _free_dbg+00000048 (0040f728)
0040f727 cc                   int       3
0040f728 837d0800             cmp       dword ptr [pUserData],00000000
0040f72c 0f8505000000         jne       _free_dbg+00000057 (0040f737)
0040f732 e9c6030000           jmp       _free_dbg+0000041d (0040fafd)
0040f737 6a00                 push      00000000
0040f739 6a00                 push      00000000
0040f73b 6a00                 push      00000000
0040f73d 8b450c               mov       eax,dword ptr [nBlockUse]
0040f740 50                   push      eax
0040f741 6a00                 push      00000000
0040f743 8b4508               mov       eax,dword ptr [pUserData]
0040f746 50                   push      eax
0040f747 6a03                 push      00000003
0040f749 ff15009a4200         call      dword ptr [_pfnAllocHook (00429a00)]
0040f74f 83c41c               add       esp,0000001c
0040f752 85c0                 test      eax,eax
0040f754 0f8529000000         jne       _free_dbg+000000a3 (0040f783)
0040f75a 68348c4200           push      00428c34
0040f75f 6804894200           push      00428904
0040f764 6a00                 push      00000000
0040f766 6a00                 push      00000000
0040f768 6a00                 push      00000000
0040f76a 6a00                 push      00000000
0040f76c e89f470000           call      _CrtDbgReport (00413f10)
0040f771 83c418               add       esp,00000018
0040f774 83f801               cmp       eax,00000001
0040f777 0f8501000000         jne       _free_dbg+0000009e (0040f77e)
0040f77d cc                   int       3
0040f77e e97a030000           jmp       _free_dbg+0000041d (0040fafd)
0040f783 8b4508               mov       eax,dword ptr [pUserData]
0040f786 50                   push      eax
0040f787 e8240b0000           call      _CrtIsValidHeapPointer (004102b0)
0040f78c 83c404               add       esp,00000004
0040f78f 85c0                 test      eax,eax
0040f791 0f8525000000         jne       _free_dbg+000000dc (0040f7bc)
0040f797 68748a4200           push      00428a74
0040f79c 6a00                 push      00000000
0040f79e 68f3030000           push      000003f3
0040f7a3 6864894200           push      00428964
0040f7a8 6a02                 push      00000002
0040f7aa e861470000           call      _CrtDbgReport (00413f10)
0040f7af 83c414               add       esp,00000014
0040f7b2 83f801               cmp       eax,00000001
0040f7b5 0f8501000000         jne       _free_dbg+000000dc (0040f7bc)
0040f7bb cc                   int       3

Any help would be appreciated.
Question by:afzalmj
LVL 86

Expert Comment

Comment Utility
It seems that you're freeing memory that does not belong to your heap (e.g. was allocated in a DLL)...

Expert Comment

Comment Utility
Hm. It really crashes at 40F7BB? Did you place the breakpoint (int 03) there intentioally, or not? int 03 always crashes apps, if they don't handle them explicitly. If you didn't set it there, try to get rid of it.


Author Comment

Comment Utility
What is int 03 ?

Author Comment

Comment Utility
I'm sending and receiving data very down a socket. I'm constantly allocating and freeing a couple of k of memory. Could this be a problem ?
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.


Author Comment

Comment Utility
Would it make any difference if i used GlobalAlloc instead of malloc ? And globalfree instead of free ?

Expert Comment

Comment Utility
int 03 is the debugger interrupt (or breakpoint execution interrupt). Maybe you set a breakpoint with your debugger there.


Accepted Solution

nl03510 earned 192 total points
Comment Utility
I'm not a C programmer, but I think I can give you some hints :
1) int 03 is a "breakpoint" interrupt, that has been put there by VC Debug mode. An int 03 "transfers control" to the debugger. I don't expect that the int 3 instruction is in your normal app. (Unless you force it using a -Debug flag while linking ?? (if that's possible in C ?))
2) the _free_dbg function is nothing more than the normal free() function but then the "debug" version of it (Used by the VC Debug mode).
3)I agree on jkr' remark that you probably try to free memory not belonging to your app.It looks like the pUserData pointer is corrupted?
LVL 23

Expert Comment

Comment Utility
Show the call stack.

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

If you have ever found yourself doing a repetitive action with the mouse and keyboard, and if you have even a little programming experience, there is a good chance that you can use a text editor to whip together a sort of macro to automate the proce…
What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now