 |
BorlandTalk.com
Borland discussion newsgroups
|
| View previous topic :: View next topic |
| Author |
Message |
miab
Guest
|
 Posted: Mon Mar 20, 2006 9:03 am Post subject: Pierre, Is that error in BDS2006sp1? |
 |
|
<cy>
Posted By: pierre_le_riche
Date: 2006-02-22 06:02
Summary: Critical Bugfix
There was a bug that may cause an access violation inside the MoveX16L4
routine when reallocating a memory block under certain rare circumstances.
Even if you have never encountered this bug, it is strongly recommended that
you update to version 4.62 or later to prevent future trouble. It can only
occur if the Align16Bytes option is disabled and the
UseCustomVariableSizeMoveRoutines option is enabled. (Thanks to Jud Cole for
tracking it down.)
The symptom is an exception of the form "Access Violation: Invalid read of
address XXXX0000" where XXXX is a non-zero number. It occurs on the line
"mov eax, [eax + ecx + 8]" inside the MoveX16L4 routine.
</cy>
http://sourceforge.net/forum/forum.php?forum_id=543225
miab |
|
| Back to top |
|
 |
Pierre le Riche
Guest
|
| Posted: Mon Mar 20, 2006 10:03 pm Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
Hi miab,
| Quote: | There was a bug that may cause an access violation inside the MoveX16L4
routine when reallocating a memory block under certain rare circumstances.
|
Yes, but it has of course already been fixed for update 2 (which should be
out soon). In the meantime the workaround is to force 16-byte alignment by
calling "SetMinimumBlockAlignment(mba16Byte)" somewhere in your
application's startup code.
It's a rare bug, so unless you have actually seen a read access violation at
address XXXX0000 (where XXXX is non-zero) I wouldn't worry about it too
much. I certainly have never encountered the bug except in the manufactured
test case, and the only encounter "in the wild" that I know of was in a
memory manager test suite.
Regards,
Pierre |
|
| Back to top |
|
|
Atmapuri
Guest
|
| Posted: Tue Mar 21, 2006 9:03 am Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
Hi!
| Quote: | out soon). In the meantime the workaround is to force 16-byte alignment by
calling "SetMinimumBlockAlignment(mba16Byte)" somewhere in your
application's startup code.
|
I thought that memory allocations were already 16byte alligned by default.
What is the default byte allignment for arrays? 8 bytes? (len and ref fields
have 4 bytes, together 8 and you cant allign to more than  .
Thanks!
Atmapuri |
|
| Back to top |
|
|
Pierre le Riche
Guest
|
| Posted: Tue Mar 21, 2006 10:03 am Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
Hi Atmapuri,
| Quote: | I thought that memory allocations were already 16byte alligned by default.
|
The default alignment is 8 bytes.
| Quote: | What is the default byte allignment for arrays? 8 bytes? (len and ref
fields
have 4 bytes, together 8 and you cant allign to more than .
|
Correct. 16 byte alignment is useful when you use SSE, but it doesn't help
much other than that.
Regards,
Pierre |
|
| Back to top |
|
|
Johan Nilsson
Guest
|
| Posted: Wed Mar 22, 2006 8:03 am Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
| Quote: | I certainly have never encountered the bug except in the manufactured
test case, and the only encounter "in the wild" that I know of was in a
memory manager test suite.
|
Hi Pierre!
I use XML-interfaces a lot, and I've been experiencing this bug a lot in one
manufactured application.
That application imports a lot of XML-documents.
When I stress-test the application, the AV is raised at random, but always
when less than 5 % of the imports are completed.
After adding the SetMinimumBlockAlignment(mba16Byte); line, the AV is never
raised.
The address is always the same, but not on the format (XXXX0000) as you
described.
---------------------------
Debugger Exception Notification
---------------------------
Project OrderImport.exe raised exception class EAccessViolation with message
'Access violation at address 00401DE5 in module 'OrderImport.exe'. Write of
address 00000000'.
---------------------------
Break Continue Help
---------------------------
/Johan |
|
| Back to top |
|
|
Pierre le Riche
Guest
|
| Posted: Wed Mar 22, 2006 9:03 am Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
Hi Johan,
| Quote: | The address is always the same, but not on the format (XXXX0000) as you
described.
Project OrderImport.exe raised exception class EAccessViolation with
message 'Access violation at address 00401DE5 in module 'OrderImport.exe'.
Write of address 00000000'.
|
The bug causes a *read* access violation, and always at a an address that is
nonzero, but with zeroes in the last four digits. Your A/V is on a write and
the address is zero, so it is not due to this bug. I can't explain why your
application seems to work with 16 byte alignment but not 8 byte alignment.
Regards,
Pierre |
|
| Back to top |
|
|
Johan Nilsson
Guest
|
| Posted: Wed Mar 22, 2006 12:03 pm Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
I should also add, that this isn't the original code, but code I've been
testing on. |
|
| Back to top |
|
|
Johan Nilsson
Guest
|
| Posted: Wed Mar 22, 2006 12:03 pm Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
You're right. It seems I'm responsible for the AV, when sharing data between
apps.
I never spent much time investigating it, since it's an old app, that uses
the NexusDB-Memory Manager, where the AV never occures.
The code below shows the problem, and one solution for it:
var
tCDS : TCopyDataStruct;
tParam : string;
tParamArray : array of Char;
begin
tParam := '64530;64791';
// Array-Buffer
SetLength(tParamArray, Length(tParam) + 1);
StrLCopy(PChar(tParamArray), PChar(tParam), Length(tParam));
tParamArray[Length(tParam) + 1] := #0;
// CopyData
tCDS.dwData := WM_MY_COPYID;
tCDS.cbData := Length(tParam);
// With this line it always works OK (and does not require
anyArray-Buffer):
// tCDS.lpData := PChar(tParam);
// This line seems to be the cause to the AV. Though it never failes when
using mba16Byte:
tCDS.lpData := tParamArray;
// SendMessage
Result := SendMessage(AHandle, WM_COPYDATA, 0, LParam(@tCDS));
end;
Changing the Arrar-Byffer to:
SetLength(tParamArray, Length(tParam));
StrLCopy(PChar(tParamArray), PChar(tParam), Length(tParam));
or
SetLength(tParamArray, Length(tParam) + 2);
StrLCopy(PChar(tParamArray), PChar(tParam), Length(tParam));
tParamArray[Length(tParam) + 1] := #0;
tParamArray[Length(tParam) + 2] := #0;
also makes the AVs go away.
/Johan |
|
| Back to top |
|
|
Johan Nilsson
Guest
|
| Posted: Wed Mar 22, 2006 4:03 pm Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
Thanks!
/Johan |
|
| Back to top |
|
|
Pierre le Riche
Guest
|
| Posted: Wed Mar 22, 2006 4:03 pm Post subject: Re: Pierre, Is that error in BDS2006sp1? |
|
|
Hi Johan,
| Quote: | // Array-Buffer
SetLength(tParamArray, Length(tParam) + 1);
StrLCopy(PChar(tParamArray), PChar(tParam), Length(tParam));
tParamArray[Length(tParam) + 1] := #0;
|
There is a memory overwrite bug here. Dynamic array indexes are 0-based, so
you are writing past the end of allocated memory. The last line should be:
tParamArray[Length(tParam)] := #0;
| Quote: | Changing the Arrar-Byffer to:
SetLength(tParamArray, Length(tParam));
StrLCopy(PChar(tParamArray), PChar(tParam), Length(tParam));
|
This could also overwrite memory. You should allocate an extra byte for the
trailing #0.
| Quote: | SetLength(tParamArray, Length(tParam) + 2);
StrLCopy(PChar(tParamArray), PChar(tParam), Length(tParam));
tParamArray[Length(tParam) + 1] := #0;
tParamArray[Length(tParam) + 2] := #0;
|
Same error. The last line overwrites memory.
Regards,
Pierre |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
