free.c throws exception with "this program has stopped working"

rubenwardy picture rubenwardy · Oct 21, 2012 · Viewed 8.9k times · Source

When I run the program (server.exe) with Visual C++ 2010 Express's debugger, it runs perfectly, but when I run it as an exe it does not; it crashes with a "Server.exe has stopped working" dialog.

Next I renamed the exe to "ServerInstaller.exe" and it worked, so I figured it is a permissions error, BUT it does not work with "Server.exe" in adminstrator mode.

I then attached the debugger in VC++ to the "Server.exe" program, and it came up with an exception in "free.c".

The code in this file is

void __cdecl _free_base (void * pBlock)
{

        int retval = 0;


        if (pBlock == NULL)
            return;

        RTCCALLBACK(_RTC_Free_hook, (pBlock, 0));

        retval = HeapFree(_crtheap, 0, pBlock);   // Exception thrown in this function
       if (retval == 0)
        {
            errno = _get_errno_from_oserr(GetLastError());
        }
}

The exception is

Unhandled exception at 0x770ae3be in Server.exe: 0xC0000005: Access violation reading location 0x3765f8c7.

I checked up the value for pBlock and it is 0x007f82c0.

My Program.

My program is a RakNet server, and a player has just been deleted successfully. The server is checking for messages from RakNet at that point

Stack Trace back

    ntdll.dll!770ae3be()    
    [Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll] 
    ntdll.dll!770ae023()    
    kernel32.dll!75e814dd()     
>   msvcr100d.dll!_free_base(void * pBlock)  Line 50 + 0x13 bytes   C
    msvcr100d.dll!_free_dbg_nolock(void * pUserData, int nBlockUse)  Line 1431 + 0x9 bytes  C++
    msvcr100d.dll!_free_dbg(void * pUserData, int nBlockUse)  Line 1265 + 0xd bytes C++
    msvcr100d.dll!free(void * pUserData)  Line 49 + 0xb bytes   C++
    RakNetDebug.dll!RakNet::_RakFree_Ex(void * p, const char * file, unsigned int line)  Line 165 + 0xc bytes   C++
    RakNetDebug.dll!RakNet::ReliabilityLayer::FreeInternalPacketData(RakNet::InternalPacket * internalPacket, const char * file, unsigned int line)  Line 3766 + 0x17 bytes C++
    RakNetDebug.dll!RakNet::ReliabilityLayer::RemovePacketFromResendListAndDeleteOlderReliableSequenced(RakNet::uint24_t messageNumber, unsigned __int64 time, DataStructures::List<RakNet::PluginInterface2 *> & messageHandlerList, const RakNet::SystemAddress & systemAddress)  Line 2391   C++
    RakNetDebug.dll!RakNet::ReliabilityLayer::HandleSocketReceiveFromConnectedPlayer(const char * buffer, unsigned int length, RakNet::SystemAddress & systemAddress, DataStructures::List<RakNet::PluginInterface2 *> & messageHandlerList, int MTUSize, unsigned int s, RakNet::RakNetRandom * rnr, unsigned short remotePortRakNetWasStartedOn_PS3, unsigned int extraSocketOptions, unsigned __int64 timeRead, RakNet::BitStream & updateBitStream)  Line 776   C++
    RakNetDebug.dll!RakNet::ProcessNetworkPacket(RakNet::SystemAddress systemAddress, const char * data, const int length, RakNet::RakPeer * rakPeer, RakNet::RakNetSmartPtr<RakNet::RakNetSocket> rakNetSocket, unsigned __int64 timeRead, RakNet::BitStream & updateBitStream)  Line 5012 C++
    RakNetDebug.dll!RakNet::RakPeer::RunUpdateCycle(unsigned __int64 timeNS, unsigned __int64 timeMS, RakNet::BitStream & updateBitStream)  Line 5099 + 0x81 bytes  C++
    RakNetDebug.dll!RakNet::UpdateNetworkLoop(void * arguments)  Line 5868  C++
    msvcr100d.dll!_callthreadstartex()  Line 314 + 0xf bytes    C
    msvcr100d.dll!_threadstartex(void * ptd)  Line 297  C
    kernel32.dll!75e833aa()     
    ntdll.dll!770b9ef2()    
    ntdll.dll!770b9ec5() 

Answer

DNT picture DNT · Oct 21, 2012

If your pointer has a value, and you get an error like this, it most likely means you are attempting to free the memory multiple times. Check the code, and try to find how many times you are freeing. One way to stop this, is to set the pointer immediately after freeing the block it points to, to zero.

Another possibility, is that you are not using msvcrt and you are loading a DLL that is also not using msvcrt, and the allocation happens in either the executable or the DLL, and freed in the other.