Breedlove: c++ - Why does my program crash when using HeapAlloc and work normally whith malloc -

Sunday 15 August 2010

c++ - Why does my program crash when using HeapAlloc and work normally whith malloc -

i writed programme in c++ next string:

pdataarray[i]->hwritepipes = (handle*)heapalloc(getprocessheap(), heap_zero_memory, sizeof(handle)*(max_threads - 1));

and when run i'm getting message:

heap[multythreading1.exe]: heap: free heap block 4f5830 modified @ 4f5850 after freed multythreading1.exe has triggered breakpoint.

i replaced string with

pdataarray[i]->hwritepipes = (handle*)malloc(sizeof(handle)*(max_threads - 1));

and seems programme works properly.

have thought wrong first version?

regards.

all code bellow:

#include "stdafx.h" #include <windows.h> #include <tchar.h> #include <strsafe.h> #include <iostream> #include <cstdio> #include <string.h> #include <stdlib.h> #include <time.h>  using namespace std;  #define max_threads 3 #define buf_size 255 #define pipe_size 64  typedef struct args {     char tname[56];     handle hreadpipe;     int n;     handle* hwritepipes/*[max_threads-1]*/;     int i; } args, *pargs;   void errorhandler(lptstr lpszfunction); dword winapi recieverfunction(void *arg); dword winapi senderfunction(void *arg); pargs initparg(int i);   int _tmain() {     pargs pdataarray[max_threads];      dword   dwthreadidarray[max_threads];     handle  hthreadarray[max_threads];      (int = 0; < max_threads; i++)     {         pdataarray[i] = initparg(i);          if (i == 0){             pdataarray[i]->hwritepipes = (handle*)heapalloc(getprocessheap(), heap_zero_memory, sizeof(handle)*(max_threads - 1));          }         else {             if (!createpipe(&pdataarray[i]->hreadpipe, &pdataarray[0]->hwritepipes[i - 1], null, null)){                 errorhandler(text("createthread"));                 exitprocess(3);             }         }           if (pdataarray[i] == null)             exitprocess(2);          hthreadarray[i] = createthread(null, 0, i==0 ? senderfunction : recieverfunction, pdataarray[i], 0, &dwthreadidarray[i]);          if (hthreadarray[i] == null)         {             errorhandler(text("createthread"));             exitprocess(3);         }     }      waitformultipleobjects(max_threads, hthreadarray, true, infinite);      (int = 0; i<max_threads; i++)     {         closehandle(hthreadarray[i]);         if (pdataarray[i] != null)         {                 heapfree(getprocessheap(), 0, pdataarray[i]);                 pdataarray[i] = null;    // ensure address not reused.         }     }       homecoming 0; }  pargs initparg(int i){     pargs ret = (pargs)heapalloc(getprocessheap(), heap_zero_memory, sizeof(pargs));     ret->i = i;      homecoming ret; }  dword  winapi senderfunction(void *arg) {     string input;     while (true) {     }      homecoming null; }  dword winapi recieverfunction(void *arg) {      while (true) {}       homecoming null; }     void errorhandler(lptstr lpszfunction) {     // retrieve  scheme error message last-error code.      lpvoid lpmsgbuf;     lpvoid lpdisplaybuf;     dword dw = getlasterror();      formatmessage(         format_message_allocate_buffer |         format_message_from_system |         format_message_ignore_inserts,         null,         dw,         makelangid(lang_neutral, sublang_default),         (lptstr)&lpmsgbuf,         0, null);      // display error message.      lpdisplaybuf = (lpvoid)localalloc(lmem_zeroinit,         (lstrlen((lpctstr)lpmsgbuf) + lstrlen((lpctstr)lpszfunction) + 40) * sizeof(tchar));     stringcchprintf((lptstr)lpdisplaybuf,         localsize(lpdisplaybuf) / sizeof(tchar),         text("%s failed error %d: %s"),         lpszfunction, dw, lpmsgbuf);     messagebox(null, (lpctstr)lpdisplaybuf, text("error"), mb_ok);      // free error-handling buffer allocations.      localfree(lpmsgbuf);     localfree(lpdisplaybuf); }

(posting reply doesn't lost in comments)

as eric alluded to, heapalloc phone call in initparg function wrong. allocating plenty space pointer (sizeof(pargs)), using result if allocated plenty room whole structure.

pargs initparg(int i) {     pargs ret = (pargs)heapalloc(getprocessheap(), heap_zero_memory, sizeof(pargs));     ret->i = i;      homecoming ret; }

you have allocated 4 bytes of memory, ret->i = i line writes offset ~68 bytes past origin of allocated block. out-of-bounds access corrupting heap.

the corrective action take here allocate sizeof(args) bytes.

as malloc "fixing" issue:

the implementation of malloc you're using might internally round allocation sizes larger minimum such illegal write happens not corrupt important. the implementation of malloc you're using might space allocations far plenty apart illegal write happens not corrupt important. the implementation of malloc you're using might not perform same sort of validation heapalloc doing (or might on free) such although illegal write corrupting things, hasn't been noticed yet.

also, note if switch malloc allocation, must utilize free de-allocation. heapfree cannot assumed compatible.

c++

Breedlove

Sunday 15 August 2010

c++ - Why does my program crash when using HeapAlloc and work normally whith malloc -

No comments:

Post a Comment