Crash in CAfxStringMgr::Free
in [MFC]
|
Prev: How to create a FlexGrid dynamically (using MSFlxGrd.ocx)
Next: Problems with CString (Conversion from VC6 to VC2005)
From: loopless on 26 Jan 2006 11:56 I am getting a crash in CAFXStringMgr::Free on exit of my program. At the point , the runtime is terminating a number of DLLs. This crash happens when one DLL is being unloaded and destruction of the various C++ objects is happening. This is not a simple bug in one class. If I have ANY static CString objects in this DLL, then the crash will occur on destruction of the CString objects. I tracked down and removed all the static CStrings, but now the crash is happening with class member CStrings. It looks like a bug from mixing compiler switchs or something, but no luck debugging this so far. Any tips/ideas of things to look for. I am using Visual Studio 2003/MFC in a DLL. [E] FIM: Freeing invalid memory in free {1 occurrence} Address 0x06c9bcdc points into a section in a user DLL Location of free attempt free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] CAfxStringMgr::Free(CStringData::ATL *) [f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\src\mfc\strcore.cpp:154] ATL::CStringData::Release(void) [f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\include\atlsimpstr.h:97] ATL::CSimpleStringT<char,1>::~CSimpleStringT<char,1>(void) [f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\include\atlsimpstr.h:264] ATL::CStringT<wchar_t,class StrTraitMFC_DLL<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >::~CStringT<wchar_t,class StrTraitMFC_DLL<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >(void) [f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\include\cstringt.h:963]
From: Oleg Starodumov on 27 Jan 2006 04:36 > I am getting a crash in CAFXStringMgr::Free on exit of my program. At the > point , the runtime is terminating a number of DLLs. This crash happens when > one DLL is being unloaded and destruction of the various C++ objects is > happening. > This is not a simple bug in one class. If I have ANY static CString objects > in this DLL, then the crash will occur on destruction of the CString objects. > I tracked down and removed all the static CStrings, but now the crash is > happening with class member CStrings. It looks like a bug from mixing > compiler switchs or something, but no luck debugging this so far. Any > tips/ideas of things to look for. > What is the complete call stack at the moment of the crash, with good symbols for system DLLs? (I am asking because free() itself is unlikely to crash in this way) What messages are printed into Debug Output window before and at the moment of the crash? Since the crash happens when freeing a heap block, heap corruption is a possible suspect (e.g. a buffer overwrite, or may be the same object gets deleted twice). You might try to test the application with PageHeap to see if that's the case: http://www.debuginfo.com/tips/userbpntdll.html Regards, Oleg [VC++ MVP http://www.debuginfo.com/]
From: loopless on 31 Jan 2006 12:00 I have been running both Purify and the Windows debug tools - they show the same thing. As I said, this is not a problem of a buffer ovewrwite of just one string. I am getting an invalid free in th AfxStringMgr for a number of strings (unrelated objects). From the stack trace, the behaviour I am seeing is pretty strange. My program is not unicode. The string in question is being allocated with a template parameter of <char> as expected. But, the stack trace shows the Free is being called from an object of paramter type <w_char> "Oleg Starodumov" wrote: > > > I am getting a crash in CAFXStringMgr::Free on exit of my program. At the > > point , the runtime is terminating a number of DLLs. This crash happens when > > one DLL is being unloaded and destruction of the various C++ objects is > > happening. > > This is not a simple bug in one class. If I have ANY static CString objects > > in this DLL, then the crash will occur on destruction of the CString objects. > > I tracked down and removed all the static CStrings, but now the crash is > > happening with class member CStrings. It looks like a bug from mixing > > compiler switchs or something, but no luck debugging this so far. Any > > tips/ideas of things to look for. > > > > What is the complete call stack at the moment of the crash, > with good symbols for system DLLs? > (I am asking because free() itself is unlikely to crash in this way) > > What messages are printed into Debug Output window before and at the moment > of the crash? > > Since the crash happens when freeing a heap block, heap corruption is a possible suspect > (e.g. a buffer overwrite, or may be the same object gets deleted twice). You might try to test > the application with PageHeap to see if that's the case: > http://www.debuginfo.com/tips/userbpntdll.html > > Regards, > Oleg > [VC++ MVP http://www.debuginfo.com/] > > > > > >
From: Alexander Grigoriev on 31 Jan 2006 23:08 You should not use CStrings in any static objects (or objects destroyed at static destruction time). AfxStringMgr is static itself. If it's destroyed before your objects, you get a crash. "loopless" <loopless(a)discussions.microsoft.com> wrote in message news:23C9B6A6-B295-4F9B-B1BA-BA02CBB7CEE9(a)microsoft.com... >I have been running both Purify and the Windows debug tools - they show the > same thing. As I said, this is not a problem of a buffer ovewrwite of just > one string. I am getting an invalid free in th AfxStringMgr for a number > of > strings (unrelated objects). > From the stack trace, the behaviour I am seeing is pretty strange. My > program is not unicode. The string in question is being allocated with a > template parameter of <char> as expected. But, the stack trace shows the > Free > is being called from an object of paramter type <w_char> > > "Oleg Starodumov" wrote: > >> >> > I am getting a crash in CAFXStringMgr::Free on exit of my program. At >> > the >> > point , the runtime is terminating a number of DLLs. This crash happens >> > when >> > one DLL is being unloaded and destruction of the various C++ objects is >> > happening. >> > This is not a simple bug in one class. If I have ANY static CString >> > objects >> > in this DLL, then the crash will occur on destruction of the CString >> > objects. >> > I tracked down and removed all the static CStrings, but now the crash >> > is >> > happening with class member CStrings. It looks like a bug from mixing >> > compiler switchs or something, but no luck debugging this so far. Any >> > tips/ideas of things to look for. >> > >> >> What is the complete call stack at the moment of the crash, >> with good symbols for system DLLs? >> (I am asking because free() itself is unlikely to crash in this way) >> >> What messages are printed into Debug Output window before and at the >> moment >> of the crash? >> >> Since the crash happens when freeing a heap block, heap corruption is a >> possible suspect >> (e.g. a buffer overwrite, or may be the same object gets deleted twice). >> You might try to test >> the application with PageHeap to see if that's the case: >> http://www.debuginfo.com/tips/userbpntdll.html >> >> Regards, >> Oleg >> [VC++ MVP http://www.debuginfo.com/] >> >> >> >> >> >>
From: Oleg Starodumov on 1 Feb 2006 03:57
> You should not use CStrings in any static objects (or objects destroyed at > static destruction time). AfxStringMgr is static itself. If it's destroyed > before your objects, you get a crash. > IMO it should not be a problem, since CAfxStringMgr instance is marked as #pragma init_seg( compiler ) > >I have been running both Purify and the Windows debug tools - they show the > > same thing. What exactly do they show? (WinDbg output would be especially useful, please also include the output of 'r;kb' commands). Oleg |