From: loopless on
I am getting a crash in CAFXStringMgr::Free on exit of my program. At the
point , the runtime is terminating a number of DLLs. This crash happens when
one DLL is being unloaded and destruction of the various C++ objects is
happening.
This is not a simple bug in one class. If I have ANY static CString objects
in this DLL, then the crash will occur on destruction of the CString objects.
I tracked down and removed all the static CStrings, but now the crash is
happening with class member CStrings. It looks like a bug from mixing
compiler switchs or something, but no luck debugging this so far. Any
tips/ideas of things to look for.

I am using Visual Studio 2003/MFC in a DLL.


[E] FIM: Freeing invalid memory in free {1 occurrence}
Address 0x06c9bcdc points into a section in a user DLL
Location of free attempt
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
CAfxStringMgr::Free(CStringData::ATL *)
[f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\src\mfc\strcore.cpp:154]
ATL::CStringData::Release(void)
[f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\include\atlsimpstr.h:97]
ATL::CSimpleStringT<char,1>::~CSimpleStringT<char,1>(void)
[f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\include\atlsimpstr.h:264]
ATL::CStringT<wchar_t,class StrTraitMFC_DLL<wchar_t,class
ATL::ChTraitsCRT<wchar_t> > >::~CStringT<wchar_t,class
StrTraitMFC_DLL<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >(void)
[f:\vs70builds\3077\vc\mfcatl\ship\atlmfc\include\cstringt.h:963]

From: Oleg Starodumov on

> I am getting a crash in CAFXStringMgr::Free on exit of my program. At the
> point , the runtime is terminating a number of DLLs. This crash happens when
> one DLL is being unloaded and destruction of the various C++ objects is
> happening.
> This is not a simple bug in one class. If I have ANY static CString objects
> in this DLL, then the crash will occur on destruction of the CString objects.
> I tracked down and removed all the static CStrings, but now the crash is
> happening with class member CStrings. It looks like a bug from mixing
> compiler switchs or something, but no luck debugging this so far. Any
> tips/ideas of things to look for.
>

What is the complete call stack at the moment of the crash,
with good symbols for system DLLs?
(I am asking because free() itself is unlikely to crash in this way)

What messages are printed into Debug Output window before and at the moment
of the crash?

Since the crash happens when freeing a heap block, heap corruption is a possible suspect
(e.g. a buffer overwrite, or may be the same object gets deleted twice). You might try to test
the application with PageHeap to see if that's the case:
http://www.debuginfo.com/tips/userbpntdll.html

Regards,
Oleg
[VC++ MVP http://www.debuginfo.com/]





From: loopless on
I have been running both Purify and the Windows debug tools - they show the
same thing. As I said, this is not a problem of a buffer ovewrwite of just
one string. I am getting an invalid free in th AfxStringMgr for a number of
strings (unrelated objects).
From the stack trace, the behaviour I am seeing is pretty strange. My
program is not unicode. The string in question is being allocated with a
template parameter of <char> as expected. But, the stack trace shows the Free
is being called from an object of paramter type <w_char>

"Oleg Starodumov" wrote:

>
> > I am getting a crash in CAFXStringMgr::Free on exit of my program. At the
> > point , the runtime is terminating a number of DLLs. This crash happens when
> > one DLL is being unloaded and destruction of the various C++ objects is
> > happening.
> > This is not a simple bug in one class. If I have ANY static CString objects
> > in this DLL, then the crash will occur on destruction of the CString objects.
> > I tracked down and removed all the static CStrings, but now the crash is
> > happening with class member CStrings. It looks like a bug from mixing
> > compiler switchs or something, but no luck debugging this so far. Any
> > tips/ideas of things to look for.
> >
>
> What is the complete call stack at the moment of the crash,
> with good symbols for system DLLs?
> (I am asking because free() itself is unlikely to crash in this way)
>
> What messages are printed into Debug Output window before and at the moment
> of the crash?
>
> Since the crash happens when freeing a heap block, heap corruption is a possible suspect
> (e.g. a buffer overwrite, or may be the same object gets deleted twice). You might try to test
> the application with PageHeap to see if that's the case:
> http://www.debuginfo.com/tips/userbpntdll.html
>
> Regards,
> Oleg
> [VC++ MVP http://www.debuginfo.com/]
>
>
>
>
>
>
From: Alexander Grigoriev on
You should not use CStrings in any static objects (or objects destroyed at
static destruction time). AfxStringMgr is static itself. If it's destroyed
before your objects, you get a crash.

"loopless" <loopless(a)discussions.microsoft.com> wrote in message
news:23C9B6A6-B295-4F9B-B1BA-BA02CBB7CEE9(a)microsoft.com...
>I have been running both Purify and the Windows debug tools - they show the
> same thing. As I said, this is not a problem of a buffer ovewrwite of just
> one string. I am getting an invalid free in th AfxStringMgr for a number
> of
> strings (unrelated objects).
> From the stack trace, the behaviour I am seeing is pretty strange. My
> program is not unicode. The string in question is being allocated with a
> template parameter of <char> as expected. But, the stack trace shows the
> Free
> is being called from an object of paramter type <w_char>
>
> "Oleg Starodumov" wrote:
>
>>
>> > I am getting a crash in CAFXStringMgr::Free on exit of my program. At
>> > the
>> > point , the runtime is terminating a number of DLLs. This crash happens
>> > when
>> > one DLL is being unloaded and destruction of the various C++ objects is
>> > happening.
>> > This is not a simple bug in one class. If I have ANY static CString
>> > objects
>> > in this DLL, then the crash will occur on destruction of the CString
>> > objects.
>> > I tracked down and removed all the static CStrings, but now the crash
>> > is
>> > happening with class member CStrings. It looks like a bug from mixing
>> > compiler switchs or something, but no luck debugging this so far. Any
>> > tips/ideas of things to look for.
>> >
>>
>> What is the complete call stack at the moment of the crash,
>> with good symbols for system DLLs?
>> (I am asking because free() itself is unlikely to crash in this way)
>>
>> What messages are printed into Debug Output window before and at the
>> moment
>> of the crash?
>>
>> Since the crash happens when freeing a heap block, heap corruption is a
>> possible suspect
>> (e.g. a buffer overwrite, or may be the same object gets deleted twice).
>> You might try to test
>> the application with PageHeap to see if that's the case:
>> http://www.debuginfo.com/tips/userbpntdll.html
>>
>> Regards,
>> Oleg
>> [VC++ MVP http://www.debuginfo.com/]
>>
>>
>>
>>
>>
>>


From: Oleg Starodumov on

> You should not use CStrings in any static objects (or objects destroyed at
> static destruction time). AfxStringMgr is static itself. If it's destroyed
> before your objects, you get a crash.
>

IMO it should not be a problem, since CAfxStringMgr instance is marked as
#pragma init_seg( compiler )

> >I have been running both Purify and the Windows debug tools - they show the
> > same thing.

What exactly do they show? (WinDbg output would be especially useful,
please also include the output of 'r;kb' commands).

Oleg