Access violation - memory corruption?

Hi Experts,

First off, I cannot post our code here, I have to keep this general.  Sorry in advance.

I have a call to a function where the first argument passed is an LPCSTR.  The actual parameter that the function takes is "const _variant_t & Source" (it's for a database query with ADO).

During the conversion of this string to the variant, there's an access violation on the AddRef here, from comutil.h:
inline _variant_t::_variant_t(IDispatch* pSrc, bool fAddRef) throw()
{
    V_VT(this) = VT_DISPATCH;
    V_DISPATCH(this) = pSrc;

    // Need the AddRef() as VariantClear() calls Release(), unless fAddRef
    // false indicates we're taking ownership
    //
    if (fAddRef) {
        if (V_DISPATCH(this) != NULL) {
            V_DISPATCH(this)->AddRef();  // KABOOM here...
        }
    }
}

Open in new window


Note that this code is called frequently before some specific functions actually get through here without a hitch.  It's after a specific previous function that I found with a binary search that when commented out, the issue goes away.

My question is, would you agree that this is likely a heap error?  I tried to detect it with windbg with no luck.  I looked at the code in the function that when commented out, the problem goes away, but I don't see the problem yet.  Is it highly likely that this is where the problem is?

And my most important question of all-->  If we skate around this issue and change the code in ways where we don't really fix it, but the error remains hidden, if it doesn't happen on my machine any more in debug or release mode, and the input to the function remains constant on customer machines, is it possible that other factors can expose this problem differenly on other machines?  (This is the "solution" that is being pushed on me and I'm thinking it's a very very bad idea)...

What do you think?

Thanks,
Mike
LVL 1
threadyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jkrCommented:
It looks more like using an object that has already been deleted, which you also could call 'memory corruption' or 'heap error'. I'd try to add logging code to the destructors that dumps the 'this' pointers and then see if you can pinpoint the usage of one of these instances with the above code.
0
jkrCommented:
Another thing - you could check the 'IDispatch' pointer used to contruct the _variant_t using 'IsBadReadPtr()' (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366713%28v=vs.85%29.aspx) and avoid using it then. Alternatively, you could still use a SEH handler to catch the exception, e.g.

__try {

  _variant_t var = ...;

} __except(ERROR_ACCESS_VIOLATION == GetExceptionCode()) {

  // handler code
}

Open in new window

0
sarabandeCommented:
the V_DISPATCH(this) actually expands to ((this)->pdispVal)

the pdispVal is a union member of the Variant structure for VT_DISPATCH type and the argument pSrc would be assigned to it.

the following calls (most likely) are

STDMETHODIMP_(ULONG) COleDispatchImpl::AddRef()
{
	METHOD_PROLOGUE_EX_(CCmdTarget, Dispatch)
	return pThis->ExternalAddRef();
}
DWORD CCmdTarget::ExternalAddRef()
{
	// delegate to controlling unknown if aggregated
	if (m_pOuterUnknown != NULL)
		return m_pOuterUnknown->AddRef();

	return InternalAddRef();
}

Open in new window

a heap error would occur if malloc returns a NULL pointer, or free would not find the pointer passed as argument what both is not the case here.

here the pointer pSrc was invalid and was not pointing to a valid _variant_t, perhaps it was NULL or was not initialized.  unfortunately the 'IsBadReadPtr' function cannot used to decide whether a non-null pointer was corrupt as it is an obsolete function which doesn't work correctly (see the link jkr provided above).

alternatively to using the SEH try-catch as described by jkr, you also could catch the exception by a c++ try-catch when you choose the option 'Yes, with SEH exceptions' at configuration properties - c/c++ - code generation - enable c++ exceptions for your active project configuration.

Sara
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
threadyAuthor Commented:
Thank you very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.