Home Dashboard Directory Help
Search

Debug CRT writes to a freed block when _CrtSetDbgFlag(_CRTDBG_LEAK_CHECK_DF) is used by Vladimir2013


Status: 

Closed
 as Duplicate Help for as Duplicate


1
0
Sign in
to vote
Type: Bug
ID: 780768
Opened: 3/6/2013 2:06:50 AM
Access Restriction: Public
0
Workaround(s)
view
0
User(s) can reproduce this bug

Description

When DLL with statically linked debug CRT, which called _CrtSetDbgFlag(_CRTDBG_LEAK_CHECK_DF ) exits, CRT code will write to a freed heap block. This will be caught by the page heap or some other heap debugger and potentially can lead to a memory corruption.

The problem is that __freeCrtMemory() from crt0dat.c will be called twice (stack traces attached) and it will 2 times decrese the reference for __ptmbcinfo (line 495):

if (InterlockedDecrement(&(__ptmbcinfo->refcount)) == 0 && __ptmbcinfo != &__initialmbcinfo)
    {
        _free_crt(__ptmbcinfo);
        __ptmbcinfo = &__initialmbcinfo;
    }

This structure was allocated at mbctype.cpp:600 and it has recount 2 since it is also stored in _getptd() data.


Details
Sign in to post a comment.
Posted by Microsoft on 3/11/2013 at 4:01 PM
Hello,

Thank you for reporting this bug. This issue was first reported to us a few months ago (see http://connect.microsoft.com/VisualStudio/feedback/details/773459/dllcrt0-c-corrupts-heap). We have fixed this bug and the fix will be available in the next release of our Visual C++ libraries.

Note: Connect doesn't notify me about comments. If you have any further questions, please feel free to e-mail me.

James McNellis
Visual C++ Libraries
james.mcnellis@microsoft.com

Posted by Microsoft on 3/6/2013 at 9:32 PM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by Microsoft on 3/6/2013 at 2:49 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.
File Name Submitted By Submitted On File Size  
stacktrace.txt (restricted) 3/6/2013 -
CRTHeap.zip (restricted) 3/6/2013 -