开发者

Heap corruption - Vector push_back

I seem to have a corrupted heap, I cannot figure out why this is happening....

Following is the trace from valgrind..

==12697== Use of uninitialised value of size 4
==12697==    at 0xDD0725: __gnu_cxx::__atomic_add(int volatile*, int) (in /usr/lib/libstdc++.so.6.0.7)
==12697==    by 0x1C3AD9BB: chargeRate::chargeRate(cha开发者_JS百科rgeRate const&) (in /root//app/libapp++.so)
==12697==    by 0x1C4C9C22: __gnu_cxx::__mt_alloc_base<chargeRate>::construct(chargeRate*, chargeRate const&) (mt_allocator.h:585)
==12697==    by 0x1C4CAC9F: std::vector<chargeRate, std::allocator<chargeRate> >::_M_insert_aux(__gnu_cxx::__normal_iterator<chargeRate*, std::vector<chargeRate, std::allocator<chargeRate> > >, chargeRate const&) (vector.tcc:284)
==12697==    by 0x1C4CAF9E: std::vector<chargeRate, std::allocator<chargeRate> >::push_back(chargeRate const&) (stl_vector.h:610)
==12697==    by 0x1C4C8A03: WebTranslations::getChargeDetails(std::vector<std::string, std::allocator<std::string> >&, std::vector<chargeRate, std::allocator<chargeRate> >&) (WebTranslations.cpp:427)
==12697==    by 0x1C4C8F83: WebTranslations::getChargeTranslations(std::vector<std::string, std::allocator<std::string> >&, std::vector<std::string, std::allocator<std::string> >&) (WebTranslations.cpp:1172)

==12697== 
==12697== Invalid read of size 4
==12697==    at 0xDB468B: std::string::string(std::string const&) (in /usr/lib/libstdc++.so.6.0.7)
==12697==    by 0x1C3AD9E0: chargeRate::chargeRate(chargeRate const&) (in /root//app/libapp++.so)
==12697==    by 0x1C4C9C22: __gnu_cxx::__mt_alloc_base<chargeRate>::construct(chargeRate*, chargeRate const&) (mt_allocator.h:585)
==12697==    by 0x1C4CAC9F: std::vector<chargeRate, std::allocator<chargeRate> >::_M_insert_aux(__gnu_cxx::__normal_iterator<chargeRate*, std::vector<chargeRate, std::allocator<chargeRate> > >, chargeRate const&) (vector.tcc:284)
==12697==    by 0x1C4CAF9E: std::vector<chargeRate, std::allocator<chargeRate> >::push_back(chargeRate const&) (stl_vector.h:610)
==12697==    by 0x1C4C8A03: WebTranslations::getChargeDetails(std::vector<std::string, std::allocator<std::string> >&, std::vector<chargeRate, std::allocator<chargeRate> >&) (WebTranslations.cpp:427)
==12697==    by 0x1C4C8F83: WebTranslations::getChargeTranslations(std::vector<std::string, std::allocator<std::string> >&, std::vector<std::string, std::allocator<std::string> >&) (WebTranslations.cpp:1172)
==12697==    by 0x1C299E48: zif__get_charge_translations (in /usr/lib/php4/.so)
==12697==    by 0x1BCE0916: zend_do_fcall_common_helper (in /usr/lib/httpd/modules/libphp5.so)
==12697==    by 0x1BCF1088: zend_do_fcall_handler (in /usr/lib/httpd/modules/libphp5.so)
==12697==    by 0x1BCDDD92: execute (in /usr/lib/httpd/modules/libphp5.so)
==12697==    by 0x1BCE02A9: zend_do_fcall_common_helper (in /usr/lib/httpd/modules/libphp5.so)
==12697==  Address 0xFFFFFFFC is not stack'd, malloc'd or (recently) free'd
==12697== 
==12697== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==12697==  GPF (Pointer out of bounds?)
==12697==    at 0xDB468B: std::string::string(std::string const&) (in /usr/lib/libstdc++.so.6.0.7)
==12697==    by 0x1C3AD9E0: chargeRate::chargeRate(chargeRate const&) (in /root//app/libapp++.so)
==12697==    by 0x1C4C9C22: __gnu_cxx::__mt_alloc_base<chargeRate>::construct(chargeRate*, chargeRate const&) (mt_allocator.h:585)
==12697==    by 0x1C4CAC9F: std::vector<chargeRate, std::allocator<chargeRate> >::_M_insert_aux(__gnu_cxx::__normal_iterator<chargeRate*, std::vector<chargeRate, std::allocator<chargeRate> > >, chargeRate const&) (vector.tcc:284)
==12697==    by 0x1C4CAF9E: std::vector<chargeRate, std::allocator<chargeRate> >::push_back(chargeRate const&) (stl_vector.h:610)
==12697==    by 0x1C4C8A03: WebTranslations::getChargeDetails(std::vector<std::string, std::allocator<std::string> >&, std::vector<chargeRate, std::allocator<chargeRate> >&) (WebTranslations.cpp:427)
==12697==    by 0x1C4C8F83: WebTranslations::getChargeTranslations(std::vector<std::string, std::allocator<std::string> >&, std::vector<std::string, std::allocator<std::string> >&) (WebTranslations.cpp:1172)

The code is just pushing a structure into a vector. The structure has a few string variables in it. Please let me know if the source is required for further debugging.

Some source:

typedef struct{
  string chargeType; // The name of the charge type, eg "Date Units"
  string unitSize;
  string rate;
  bool perConnection;
  string cap;
  bool useMaxDailyCharge;
  string maxDailyCharge;
  string identifier;
} chargeRate;

getChargeDetails :

vector<chargeRate> my_vector;
my_vector.push_back(this->getChargeRateDetails(chargeStructureNames[i]));

getChargeRateDetails :

where : vector<vector<string> > StringMatrix
StringMatrix *results; //used to retrive results from database.
chargeRate chargeInformation;
...
//populate results, check them
..
chargeInformation.chargeType = (*results)[FIRST_ROW][CHARGE_TYPE];
return chargeInformation;

Edit : I am aware this is returning a "copy" .. this is done test out a few things, i am inserting the same into a copy of vector passed by reference.

Cheers!


In case getChargeRateDetails returns by reference you are trying to use a reference to a variable that is already out of scope.


It looks like your copy constructor doesn't do the right thing. In order to push an element onto a vector, a copy of your chargeRate is created. At first sight,

at 0xDD0725: __gnu_cxx::__atomic_add(int volatile*, int)
chargeRate::chargeRate(chargeRate const&)

Tells me that the chargeRate copy constructor tries to add something to an uninitialized variable (pointed at by the int volatile* argument of __atomic_add.

Probably, you are __atomic_adding something to an uninitialized member variable.

StringMatrix *results;

Seems intended to refer to an array of strings. Chances are that the StringMatrix is not initialized well. Hence, the first row may contain an uninitialized string-like piece of memory, that is used to copy-construct the chargeType member of your new object.

The string class contains a reference counter that needs to be increased when a new string points to the same data, so this may make sense.

You can verify this by (temporarily) assigning e.g. an empty string instead of (*results)[FIRST_ROW][CHARGE_TYPE].


Not sure what is going on in your application, but maybe it has to do with (not) using back_inserter?

there is a good example here.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜