Ticket #131 (closed defect: fixed)
Heap corruption in FixOutOfBonds()
| Reported by: | DuMuT6p | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | 0.6.0 |
| Component: | HUD | Version: | |
| Keywords: | Cc: |
Description (last modified by DuMuT6p) (diff)
Theres a bug in the MSVC version. After hitting "Im ready", comes the expression:
Windows has triggered a breakpoint in Epiar_debug.exe. This may be due to a corruption of the heap, which indicates a bug in Epiar_debug.exe or any of the DLLs it has loaded. This may also be due to the user pressing F12 while Epiar_debug.exe has focus. The output window may have more diagnostic information.
Callstack:
ntdll.dll!7c90120e() [Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll] ntdll.dll!7c96e191() ntdll.dll!7c94b585() ntdll.dll!7c96eef8() ntdll.dll!7c94b3e4() ntdll.dll!7c918831() ntdll.dll!7c92717a() ntdll.dll!7c92717a() ntdll.dll!7c92717a() ntdll.dll!7c9271f4() ntdll.dll!7c9271f4() > Epiar_debug.exe!_heap_alloc_base(unsigned int size) Line 55 C Epiar_debug.exe!_heap_alloc_dbg_impl(unsigned int nSize, int nBlockUse, const char * szFileName, int nLine, int * errno_tmp) Line 431 + 0x9 bytes C++ Epiar_debug.exe!_nh_malloc_dbg_impl(unsigned int nSize, int nhFlag, int nBlockUse, const char * szFileName, int nLine, int * errno_tmp) Line 239 + 0x19 bytes C++ Epiar_debug.exe!_nh_malloc_dbg(unsigned int nSize, int nhFlag, int nBlockUse, const char * szFileName, int nLine) Line 302 + 0x1d bytes C++ Epiar_debug.exe!malloc(unsigned int nSize) Line 56 + 0x15 bytes C++ Epiar_debug.exe!operator new(unsigned int size) Line 59 + 0x9 bytes C++ Epiar_debug.exe!std::_Allocate<std::_List_nod<Sprite *,std::allocator<Sprite *> >::_Node>(unsigned int _Count, std::_List_nod<Sprite *,std::allocator<Sprite *> >::_Node * __formal) Line 36 + 0x15 bytes C++ Epiar_debug.exe!std::allocator<std::_List_nod<Sprite *,std::allocator<Sprite *> >::_Node>::allocate(unsigned int _Count) Line 187 + 0xb bytes C++ Epiar_debug.exe!std::_List_val<Sprite *,std::allocator<Sprite *> >::_Buynode(std::_List_nod<Sprite *,std::allocator<Sprite *> >::_Node * _Next, std::_List_nod<Sprite *,std::allocator<Sprite *> >::_Node * _Prev, Sprite * const & _Val) Line 508 + 0xd bytes C++ Epiar_debug.exe!std::list<Sprite *,std::allocator<Sprite *> >::_Insert(std::_List_const_iterator<std::_List_val<Sprite *,std::allocator<Sprite *> > > _Where, Sprite * const & _Val) Line 975 + 0x1f bytes C++ Epiar_debug.exe!std::list<Sprite *,std::allocator<Sprite *> >::push_back(Sprite * const & _Val) Line 927 + 0x3c bytes C++ Epiar_debug.exe!QuadTree::FixOutOfBounds() Line 334 C++ Epiar_debug.exe!SpriteManager::Update(bool lowFps) Line 164 + 0x12 bytes C++ Epiar_debug.exe!Simulation::Run() Line 220 C++ Epiar_debug.exe!Main_Menu() Line 555 C++ Epiar_debug.exe!SDL_main(int argc, char * * argv) Line 69 C++ Epiar_debug.exe!main(int argc, char * * argv) Line 315 + 0xd bytes C Epiar_debug.exe!WinMain(HINSTANCE__ * hInst, HINSTANCE__ * hPrev, char * szCmdLine, int sw) Line 398 + 0xd bytes C Epiar_debug.exe!__tmainCRTStartup() Line 275 + 0x2c bytes C Epiar_debug.exe!WinMainCRTStartup() Line 189 C kernel32.dll!7c817077() Epiar_debug.exe!xmlRelaxNGCheckCycles(_xmlRelaxNGParserCtxt * ctxt, _xmlRelaxNGDefine * cur, int depth) Line 5964 + 0xf bytes C 35e53535()
Ive tried to tweak FixOutOfBonds, but to no luck. As I see it, all dynamic memory is deleted after its returned from the function or near the end of it. It may be a iterator problem.
The callstack trace led to the last bracket in this code(line 334 on my build)
} else { // Leaf
// Collect and forget any out of bound sprites from object list
for( i = objects->begin(); i != objects->end(); ++i ) {
if(! this->Contains((*i)->GetWorldPosition()) ) {
outofbounds->push_back( *i );
}
}
Change History
Note: See
TracTickets for help on using
tickets.
