Solved

Access violation - memory corruption?

Posted on 2014-11-05
4
232 Views
Last Modified: 2014-11-09
Hi Experts,

First off, I cannot post our code here, I have to keep this general.  Sorry in advance.

I have a call to a function where the first argument passed is an LPCSTR.  The actual parameter that the function takes is "const _variant_t & Source" (it's for a database query with ADO).

During the conversion of this string to the variant, there's an access violation on the AddRef here, from comutil.h:
inline _variant_t::_variant_t(IDispatch* pSrc, bool fAddRef) throw()
{
    V_VT(this) = VT_DISPATCH;
    V_DISPATCH(this) = pSrc;

    // Need the AddRef() as VariantClear() calls Release(), unless fAddRef
    // false indicates we're taking ownership
    //
    if (fAddRef) {
        if (V_DISPATCH(this) != NULL) {
            V_DISPATCH(this)->AddRef();  // KABOOM here...
        }
    }
}

Open in new window


Note that this code is called frequently before some specific functions actually get through here without a hitch.  It's after a specific previous function that I found with a binary search that when commented out, the issue goes away.

My question is, would you agree that this is likely a heap error?  I tried to detect it with windbg with no luck.  I looked at the code in the function that when commented out, the problem goes away, but I don't see the problem yet.  Is it highly likely that this is where the problem is?

And my most important question of all-->  If we skate around this issue and change the code in ways where we don't really fix it, but the error remains hidden, if it doesn't happen on my machine any more in debug or release mode, and the input to the function remains constant on customer machines, is it possible that other factors can expose this problem differenly on other machines?  (This is the "solution" that is being pushed on me and I'm thinking it's a very very bad idea)...

What do you think?

Thanks,
Mike
0
Comment
Question by:thready
  • 2
4 Comments
 
LVL 86

Assisted Solution

by:jkr
jkr earned 150 total points
ID: 40425158
It looks more like using an object that has already been deleted, which you also could call 'memory corruption' or 'heap error'. I'd try to add logging code to the destructors that dumps the 'this' pointers and then see if you can pinpoint the usage of one of these instances with the above code.
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 150 total points
ID: 40425174
Another thing - you could check the 'IDispatch' pointer used to contruct the _variant_t using 'IsBadReadPtr()' (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366713%28v=vs.85%29.aspx) and avoid using it then. Alternatively, you could still use a SEH handler to catch the exception, e.g.

__try {

  _variant_t var = ...;

} __except(ERROR_ACCESS_VIOLATION == GetExceptionCode()) {

  // handler code
}

Open in new window

0
 
LVL 32

Accepted Solution

by:
sarabande earned 350 total points
ID: 40425863
the V_DISPATCH(this) actually expands to ((this)->pdispVal)

the pdispVal is a union member of the Variant structure for VT_DISPATCH type and the argument pSrc would be assigned to it.

the following calls (most likely) are

STDMETHODIMP_(ULONG) COleDispatchImpl::AddRef()
{
	METHOD_PROLOGUE_EX_(CCmdTarget, Dispatch)
	return pThis->ExternalAddRef();
}
DWORD CCmdTarget::ExternalAddRef()
{
	// delegate to controlling unknown if aggregated
	if (m_pOuterUnknown != NULL)
		return m_pOuterUnknown->AddRef();

	return InternalAddRef();
}

Open in new window

a heap error would occur if malloc returns a NULL pointer, or free would not find the pointer passed as argument what both is not the case here.

here the pointer pSrc was invalid and was not pointing to a valid _variant_t, perhaps it was NULL or was not initialized.  unfortunately the 'IsBadReadPtr' function cannot used to decide whether a non-null pointer was corrupt as it is an obsolete function which doesn't work correctly (see the link jkr provided above).

alternatively to using the SEH try-catch as described by jkr, you also could catch the exception by a c++ try-catch when you choose the option 'Yes, with SEH exceptions' at configuration properties - c/c++ - code generation - enable c++ exceptions for your active project configuration.

Sara
0
 
LVL 1

Author Closing Comment

by:thready
ID: 40431593
Thank you very much!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Templates For Beginners Or How To Encourage The Compiler To Work For You Introduction This tutorial is targeted at the reader who is, perhaps, familiar with the basics of C++ but would prefer a little slower introduction to the more ad…
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now