Debug CRT writes to a freed block when _CrtSetDbgFlag(_CRTDBG_LEAK_CHECK_DF) is used - by Vladimir2013

Status : 

  Duplicate<br /><br />
		This item appears to be a duplicate of another existing Connect or internal item.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 780768 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 3/6/2013 2:06:50 AM
Access Restriction Public


When DLL with statically linked debug CRT,  which called _CrtSetDbgFlag(_CRTDBG_LEAK_CHECK_DF ) exits, CRT code will write to a freed heap block. This will be caught by the page heap or some other heap debugger and potentially can lead to a memory corruption.

The problem is that __freeCrtMemory() from crt0dat.c will be called twice (stack traces attached) and it will 2 times decrese the reference for __ptmbcinfo (line 495):

if (InterlockedDecrement(&(__ptmbcinfo->refcount)) == 0 && __ptmbcinfo != &__initialmbcinfo)
        __ptmbcinfo = &__initialmbcinfo;

This structure was allocated at mbctype.cpp:600 and it has recount 2 since it is also stored in _getptd() data.

Sign in to post a comment.
Posted by Microsoft on 3/11/2013 at 4:01 PM

Thank you for reporting this bug. This issue was first reported to us a few months ago (see We have fixed this bug and the fix will be available in the next release of our Visual C++ libraries.

Note: Connect doesn't notify me about comments. If you have any further questions, please feel free to e-mail me.

James McNellis
Visual C++ Libraries

Posted by Microsoft on 3/6/2013 at 9:32 PM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by Microsoft on 3/6/2013 at 2:49 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(