winapi - Interpreting App Verifier output: Heap corruption or misinterpreting stack address as heap address? -


we have test case crashes our big mfc-based app heap corruption error.

i turned on page heap using app verifier dll in question (turning heap on entire process isn't workable other reasons, unfortunately.) verifier didn't give more information had; triggered @ same point original crash.

right have 2 competing theories. theory think more correct, , next steps be?

  1. this indeed heap corruption. verifier isn't catching original damage because it's happening in dll. should try activate verifier more dlls , determine code damaging heap.
  2. the heap fine; problem treating stack address heap address. should study code in callstack further figure out what's going wrong.

i'm leaning #2 because parameter free() looks stack address, far nobody has proposed explanation how possible.

here's snippet of call stack. mystring simple wrapper around cstring. myappdll dll that's set use page heap.

msvcr90.dll!free(void * pblock=0x000000000012d6e8)  line 110 mfc90u.dll!atl::cstringt > >::~cstringt > >()  line 1011 + 0x1e bytes mystringdll.dll!mystring::~mystring()  line 59 myappdll.dll!dostuffwithlotsofstringinlining(myclass* input=0x000000000012d6d0)  line 863 + 0x26 bytes

here registers inside free() stack frame:

 rax = 0000000000000000 rbx = 000000000012d6e8 rcx = 0000000000000000  rdx = 0000000000000000 rsi = 000000000012d6d0 rdi = 00000000253c1090  r8  = 0000000000000000 r9  = 0000000000000000 r10 = 0000000000000000  r11 = 0000000000000000 r12 = 000000000012d7d0 r13 = 000007ffffc04ce0  r14 = 0000000025196600 r15 = 0000000000000000 rip = 00000000725bc7bc  rsp = 000000000012d570 rbp = 000007fff3670900 efl = 00000000

and here's app verifier message:

 verifier stop 0000000000000010: pid 0x1778: corrupted start stamp heap block.       00000000083b1000 : heap handle used in call.     000000006dd394e8 : heap block involved in operation.     54d32858a8747589 : size of heap block.     000000005e33ba8d : corrupted stamp value.

i think string or users of is/are overflowing/underflowing string's buffer somewhere, against field next string pointer, try free.

your rsp 12d570, 94 quads (ints) away trying free, somewhere between there, bad happening buffers.

verify not doing unsafe string ops , correctly reading documentation passing buffers/strings dlls using.

you need more code in question if want more exact answer.


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more