Home Dashboard Directory Help
Search

dllcrt0.c corrupts heap by Orin Eman(laplink)


Status: 

Closed


2
0
Sign in
to vote
Type: Bug
ID: 773459
Opened: 12/4/2012 2:29:29 PM
Access Restriction: Public
0
Workaround(s)
view
2
User(s) can reproduce this bug

Description

All memory allocated by the C runtime in a dll is freed too early by __freeCrtMemory().

_ioterm() and _mtterm() which are called after __freeCrtMemory() both access and/or free memory that was allocated by the C runtime. See below:

                    /* Free allocated CRT memory */
                    __freeCrtMemory();

#ifndef _DEBUG
                    /* If dwReason is DLL_PROCESS_DETACH, lpreserved is NULL
                     * if FreeLibrary has been called or the DLL load failed
                     * and non-NULL if the process is terminating.
                     */
                    if ( lpreserved == NULL )
                    {
#endif /* _DEBUG */
                        /*
                         * The process is NOT terminating so we must clean up...
                         */
                        /* Shut down lowio */
                        _ioterm();
                        _mtterm();

                        /* This should be the last thing the C run-time does */
                        _heap_term(); /* heap is now invalid! */
#ifndef _DEBUG
                    }
#endif /* _DEBUG */


The fix is simple. __freeCrtMemory() should be after _mtterm().
Details
Sign in to post a comment.
Posted by Microsoft on 4/29/2014 at 12:31 PM
Thank you for reporting this issue. This issue has been fixed in Visual Studio 2013. You can install a trial version of Visual Studio 2013 with the fix from: http://go.microsoft.com/?linkid=9832436
Posted by chksr on 8/21/2013 at 2:32 AM
Still happening:

Microsoft Visual Studio Premium 2012
Version 11.0.60610.01 Update 3

---

kernel32!InterlockedDecrement+0x9
cMLS19!_freefls+0x13d
ntdll32!RtlFlsFree+0xa0
KERNELBASE!FlsFree+0xe
cMLS19!__crtFlsFree+0x24
cMLS19!_mtterm+0x17
cMLS19!_CRT_INIT+0x127
cMLS19!__DllMainCRTStartup+0x12b
cMLS19!_DllMainCRTStartup+0x1f
verifier_11150000!AVrfpStandardDllEntryPointRoutine+0x99
vrfcore!VfCoreStandardDllEntryPointRoutine+0x121
vfbasics!AVrfpStandardDllEntryPointRoutine+0x9f
ntdll32!LdrpCallInitRoutine+0x14
ntdll32!LdrpUnloadDll+0x375
ntdll32!LdrUnloadDll+0x4a
vfbasics!AVrfpLdrUnloadDll+0x62
KERNELBASE!FreeLibrary+0x15
STORAGE!LS19xUnload+0x38
STORAGE!CLLStorageSampleDlg::OnDestroy+0xc
STORAGE!CWnd::OnWndMsg+0x8bb
Posted by Aaron Wishnick on 7/26/2013 at 2:20 PM
If it's helpful, here's my call stack:

    ntdll.dll!NtWaitForKeyedEvent()    Unknown
    ntdll.dll!RtlAcquireSRWLockExclusive()    Unknown
    ntdll.dll!RtlFlsFree()    Unknown
    KernelBase.dll!FlsFree()    Unknown
>    MyProject.dll!__crtFlsFree(unsigned long dwFlsIndex) Line 377    C
    MyProject.dll!_mtterm() Line 169    C
    MyProject.dll!_CRT_INIT$fin$0() Line 205    C
    MyProject.dll!__C_specific_handler(_EXCEPTION_RECORD * ExceptionRecord, void * EstablisherFrame, _CONTEXT * ContextRecord, _DISPATCHER_CONTEXT * DispatcherContext) Line 283    C
    ntdll.dll!RtlpExecuteHandlerForUnwind()    Unknown
    ntdll.dll!RtlUnwindEx()    Unknown
    ntdll.dll!__C_specific_handler()    Unknown
    ntdll.dll!RtlpExecuteHandlerForException()    Unknown
    ntdll.dll!RtlDispatchException()    Unknown
    ntdll.dll!KiUserExceptionDispatch()    Unknown
    MyProject.dll!_freefls(void * data) Line 410    C
    ntdll.dll!RtlFlsFree()    Unknown
    KernelBase.dll!FlsFree()    Unknown
    MyProject.dll!__crtFlsFree(unsigned long dwFlsIndex) Line 377    C
    MyProject.dll!_mtterm() Line 169    C
    MyProject.dll!_CRT_INIT(void * hDllHandle, unsigned long dwReason, void * lpreserved) Line 187    C
    MyProject.dll!__DllMainCRTStartup(void * hDllHandle, unsigned long dwReason, void * lpreserved) Line 390    C
    MyProject.dll!_DllMainCRTStartup(void * hDllHandle, unsigned long dwReason, void * lpreserved) Line 332    C
    ntdll.dll!LdrpUnloadDll()    Unknown
    ntdll.dll!LdrUnloadDll()    Unknown
    KernelBase.dll!FreeLibrary()    Unknown
Posted by Aaron Wishnick on 7/26/2013 at 2:14 PM
This bug is impacting me by causing a deadlock when calling FreeLibrary(), and does not appear to have been fixed in either VS2012 Update 3, or the VS2013 preview. The deadlock appears to be because _mtterm() calls __crtFlsFree(), which calls RtlFlsFree(). RtlFlsFree() holds a lock by calling RtlAcquireSRWLockExclusive(). Then, while holding that lock, RtlFlsFree() calls _freefls(), which triggers an access violation because the heap has been destroyed. That access violation ends up being caught in the __finally block, back in _CRT_INIT(), which calls _mtterm() re-entrantly on line 205. That once again ends up in RtlFlsFree(), which attempts to acquire that same lock with RtlAcquireSRWLockExclusive(), which causes the deadlock.

Is there any workaround you can suggest in the meantime? And is there any chance of some sort of patch to VS2012 that could resolve this issue? Thank you very much.
Posted by Microsoft on 2/17/2013 at 11:29 PM
Hello,

Thank you for reporting this issue! We have fixed this bug and the fix will be available in the next release of our Visual C++ libraries.

Note: Connect doesn't notify me about comments. If you have any further questions, please feel free to e-mail me.

James McNellis
Visual C++ Libraries
james.mcnellis@microsoft.com
Posted by Microsoft on 12/4/2012 at 7:40 PM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by Microsoft on 12/4/2012 at 2:51 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.