I've got some code that worked fine under Delphi 2007 but breaks under D2010. It involves passing in a string, converting it to a PWideChar (specifically, a WideString pointer, not a UnicodeString pointer), doing some processing, and then calling SysFreeString on it. It works fine until a blank string is passed in, then SysFreeString breaks. It calls a bunch of things that end up raising an Int 3 breakpoint inside NTDLL.DLL. Continuing past this point results in
Project raised exception class
$C0000005 with message 'access
violation at 0x7747206e: read of
address 0x539b8dba'.
Which, if you look closely, is not the standard Access Violation message.
The top of the stack trace when it hits the Int 3 looks like this:
:774e475d ; ntdll.dll
:774afad0 ; ntdll.dll
:774e5de9 ; ntdll.dll
:774a6dff ; ntdll.dll
:76fc1075 ; C:\Windows\system32\ole32.dll
:770e443a ; C:\Windows\system32\oleaut32.dll
:770e3ea3 oleaut32.SysFreeString + 0x4a
Does anyone have any idea what's going on here?
Edit (from the comments):
This isn't a WideString, though. It's
a PWideChar generated by
StringToOleStr, and there are no
double-free errors when a non-blank
string is passed in. Unfortunately, I
can't really post a code sample
because this is a third-party
component that's under copyright. (And
I can't ask them for support because
it's no longer supported. Basically,
the whole thing's one big mess.)
I'm going to try psychic debugging. You've got some kind of heap corruption in your application and SysFreeString is the unfortunate victim (it's hard to tell without OS symbols, you should probably install the MSFT symbol packages for your OS).
Try enabling application verifier (in particular pageheap) for your app and see if it crashes earlier.
It is hard to diagnose without seeing your actual code, however WideString automatically calls SysFreeString() when it goes out of scope. It sounds like your code may be making a second call to SysFreeString() on memory that has already been freed. WideString itself has not changed at all between D2007 and D2010, but other aspects of Delphi's string handling have. Maybe you are not managing the strings correctly. Can you please show your actual code?
A simple test shows that you need to be really careful on what you do in which order.
So: even though you cannot post a small example, can you indicate what you are doing in a bit more detail?
Bad debugging; ignore the things below; see comment.
The SysFreeString() is being called at the end of the the Allocate() call, even though it returns a PWideChar:
program ShowStringToOleStrBehaviourProject;
{$APPTYPE CONSOLE}
uses
SysUtils;
function Allocate(const Value: UnicodeString): PWideChar;
begin
Result := StringToOleStr(Value);
// implicit SysFreeString(WideChars);
end;
procedure Run;
var
WideChars: PWideChar;
begin
WideChars := Allocate('Foo');
Writeln(WideChars);
end;
begin
try
Run();
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
end.
Note the console still outputs 'Foo' because the memory has not been overwritten yet.
--jeroen
It can be different reasons of such kind of errors:
You try to free with SysFreeString a memory which are allocated not with SysAllocString, but for example with CoTaskMemAlloc.
You have heap correct.
Heap corruptions are difficult to localize. The function HeapSetInformation can be very helpful. For example you can use
HeapSetInformation(NULL,HeapEnableTerminationOnCorruption,NULL,0);
Other good way is usage of HeapValidate function. For example you can define a function which verify all heaps pf the process (code in C, which can be easy rewritten in Delphi):
BOOL MyHeapValidate (void)
{
HANDLE hProcessHeaps[1024];
DWORD i;
DWORD dwNumberOfHeaps;
BOOL bSuccess = FALSE;
dwNumberOfHeaps = GetProcessHeaps (sizeof(hProcessHeaps)/sizeof(hProcessHeaps[0]),
hProcessHeaps);
if (dwNumberOfHeaps > sizeof(hProcessHeaps)/sizeof(hProcessHeaps[0])) {
MessageBox(NULL, TEXT("GetProcessHeaps()"),
TEXT("Error in MyHeapValidate()"), MB_OK);
return FALSE;
}
for (i=0; i<dwNumberOfHeaps; i++) {
bSuccess = HeapValidate (hProcessHeaps[i], 0, NULL);
if (!bSuccess)
return bSuccess;
}
return bSuccess;
}
The usage of this function can be like following:
void BadFunction(BSTR bstr)
{
LPOLESTR psz = OLESTR("Test12");
lstrcpy (bstr, psz);
}
int main()
{
LPOLESTR psz = OLESTR("Test");
BSTR bstr = SysAllocString (psz);
// verify that before call of BadFunction() all process heaps are OK!
if (!MyHeapValidate()) {
_tprintf(TEXT("heap is corrupted after the step 1.\n"));
return 1;
}
BadFunction(bstr);
if (!MyHeapValidate()) {
_tprintf(TEXT("heap is corrupted after the step 1.\n"));
return 1;
}
SysFreeString (bstr);
return 0;
}
With respect of inserting MyHeapValidate() in different suspected places you can very quickly local the place of corruption.
+1 for Larry Osterman's answer.
Some Windows memory functions behave slightly different under debugger: if they detect some kind of misuse - they trigger breakpoint to notify debugger. So, basically, your code is doing something wrong.
You can install hooks on SysAllocString/SysFreeString and redirect them to your memory manager (which should be in full debug mode) to collect more info. Or you can just pass these calls through to original functions, installing only a filter, which watches for memory actions.
And you can install debug symbols to get more info too (I'm not sure if Delphi debugger can use it, but Process Explorer - can. You can connect it to your process and see call stack).
Related
I'm using openCV with Go and have this function:
func ConvertMatToSlice(c_Mat *CMatrix) []float32 {
c_output := C.Convert(c_Mat.CType)
h := &reflect.SliceHeader{
Data: uintptr(unsafe.Pointer(c_output.val)),
Len: int(c_output.length),
Cap: int(c_output.length),
}
return *(*[]float32)(unsafe.Pointer(h))
}
When I run go vet ./... it gives me:
opencv_wrapper.go:31:7: unsafeptr: possible misuse of reflect.SliceHeader (govet)
h := &reflect.SliceHeader{
^
Is there any other way to get the slice because I'm sure go-vet has its reasons to complain about this.
See Go Issue #40701. A safer alternative would be the following:
func ConvertMatToSlice(c_Mat *CMatrix) []float32 {
c_output := C.Convert(c_Mat.CType)
result := make([]float32, c_output.length)
sh := (*reflect.SliceHeader)(unsafe.Pointer(&result))
sh.Data = uintptr(unsafe.Pointer(c_output.val))
return result
}
I've made a test program mocking the behaviour of your code without using cgo. So let's place it in a directory and do some escape analysis with go build -gcflags "-m -m".
What we're interested is making sure that the slice (slice header) we return is allocated on the heap, and that so is the pointer which it points to in the Data field. As we can see from the escape analysis, b escapes and so does the slice allocation:
./main.go:10:6: b escapes to heap:
./main.go:10:6: flow: {storage for &Output literal} = &b:
./main.go:10:6: from &b (address-of) at ./main.go:17:38
[...]
./main.go:25:16: make([]float32, c_output.length) escapes to heap:
./main.go:25:16: flow: {heap} = &{storage for make([]float32, c_output.length)}:
./main.go:25:16: from make([]float32, c_output.length) (non-constant size) at ./main.go:25:16
In your case, you'll have to make sure yourself from the C code that the pointer is allocated on the heap.
In general, the rule that can be taken from the discussion on the Go issue I've referenced is to never create SliceHeaders yourself. They might work but they can and will lead to memory corruption, creating difficult and hard-to-debug situations in your code. If you do need to get access to a slice yourself, do so either by using make or by using reflect.MakeSlice which are guaranteed to work and will cooperate with the GC properly, and then make the necessary changes to the slice header.
I have to access several functions of a DLL written in c from Delphi (currently Delphi7).
I can do it without problems when the parameters are scalar
(thanks to the examples found in this great site!), but I have been stuck for some time when in the parameters there is a pointer to an array of Longs.
This is the definition in the header file of one of the functions:
BOOL __stdcall BdcValida (HANDLE h, LPLONG opcl);
(opcl is an array of longs)
And this is a portion of my Delphi code:
type
TListaOpciones= array of LongInt; //I tried with static array too!
Popcion = ^LongInt; //tried with integer, Cardinal, word...
var
dllFunction: function(h:tHandle; opciones:Popcion):boolean;stdcall;
arrayOPciones:TListaOpciones;
resultado:boolean;
begin
.....
I give values to aHandle and array arrayOPciones
.....
resultado:=dllFunction(aHandle, #arrayopciones[0]);
end;
The error message when executing it is:
"Project xxx raised too many consecutive exceptions: access violation
at 0x000 .."
What is the equivalent in Delhpi for LPLONG? Or am I calling the function in an incorrect way?
Thank you!
LONG maps to Longint, and LPLONG maps to ^Longint. So, you have translated that type correctly.
You have translated BOOL incorrectly though. It should be BOOL or LongBool in Delphi. You can use either, the former is an alias for the latter.
Your error lies in code or detail we can't see. Perhaps you didn't allocate an array. Perhaps the array is incorrectly sized. Perhaps the handle is not valid. Perhaps earlier calls to the DLL failed to check for errors.
Currently need to use Delphi to write a DLL, so that the main program calls to the specified place in the removable disk in a file,
Main program designed to VC + +, so use Strut way to call the DLL's data as round!!
Current problems encountered when the main program calls my DLL, the incoming group A Record, and other functions has been dealt with, to return the group B Record,
But using Delphi written DLL, can receive group A Record, but returned group B, but always errors!!
The following is the code for the DLL function, would like to ask if anyone encountered such problems can help point to mention turned a deaf ear
Thanks! !
enter code here
library usbdll;
uses
Windows,
SysUtils,
Classes;
{$R *.res}
Type
p_fin=^TSfin;
TSfin = record //A group of Record is the main program calls incoming Record Type
ST_act:Integer;
pathlen:Integer;//Pass true path length, so that I can get to the far left pathlen, then to remove the rear garbled
Id_hand:Integer;
Id_tail:Integer;
path: PWideChar://The reason why the file path Pwidechar do use guidelines because another branch dll is passed to the main program main program <file path + unicode>, is behind the path and dragging a bunch of gibberish characters
Type
p_out=^TRfout;//B Record is set to return to the main program of the Record Type
TRfout= Record
ST_act:Integer;
ST_move:Integer;
Revis:Integer;
Crchk:Integer;
end;
//The following is my comment out.
// The use of the test in two ways, directly back to the group B Record, does not receive group A Record,A group that does not receive Record, when the main program a call, immediately return the relevant data, the results are normal.
(*
function RFoutEt(test:p_out):Boolean;stdcall; //ok Function writing mode
begin
test^.ST_act:=14;
test^.ST_move:=10;
test^.Revis:=12;
test^.Crchk:=8;end;exports RFoutEt;
procedure RFoutE(out Result:TRfout);cdecl; //ok Procedure writing mode
begin
Result.ST_act:=14;
Result.ST_move:=10;
Result.Revis:=12;
Result.Crchk:=8;end;exports RFoutEt;
*)
// Actually, I need to charge the main program to my group A Record datain order to deal with post-op, get really want to move the file to specify the true path,and ultimately return to group B Record.
function RFoutE(ap_sendin:p_fin;num:Integer):TRfout;stdcall; //error
var
str_tmp,str_tmp2,temi_diry:string;
i,copyNum:Integer;
arr: array[0..100] of Char;
begin
//Program by adding the following {} after paragraph, Result is not an empty value is displayed to access illegal address,causing abnormal program termination.
{
StrCopy(arr,Pchar(ap_sendin^.path));
repeat
str_tmp:=temi_diry;//Use the file path string char array A group referred to in the PWidechar removed
str_tmp2:=arr[i];
Inc(i);
until i>=ap_sendin.pathlen;
copyNum:=Prs_Filecopy(temi_diry;ap_sendin^.path);//A group of Record with associated data to complete the move of the specified file
}
Result.ST_act:=4;//The following four lines of words alone are able to return data
Result.ST_move:=0;
Result.Revis:=2;
Result.Crchk:=copyNum;end;
PS. Following is a test using VC + + to try more than one function is normal demand
struct Sfin{
int ST_act;
int pathlen;
int Id_hand;
int Id_tail;
wchar_t *path;
};
struct Rfout{
int ST_act;
int ST_move;
int Revis;
int Crchk;
};
Rfout RFoutE(struct Sfin *a, int num)
{
int ret = 1;
Rfout OutStruct;
copyNum = Prs_Filecopy(temi_diry, inAnow, Anow->path);
ret=1;
if(ret==1){
OutStruct.ST_act =14;
OutStruct.ST_move =10;
OutStruct.Revis = 12;
OutStruct.Crchk = 8;
Anow = freeA(Anow);
}
return OutStruct;
}
There is no standard ABI for larger than machine word sized return values. And Delphi uses a different ABI from any other compiler that I've encountered so you'll have no luck returning large records that way.
You'll need to return the record as an out parameter rather than a function return value. Once you make that change, all will be well.
It also looks like your C++ functions use cdecl rather than stdcall.
I'm working on an Xbox1 emulator in Delphi, and because I run the games on the local CPU I have to create a failsafe for ring0 instructions that can occur inside the game-code.
To be able to trap these instructions, I've learned that SetUnhandledExceptionFilter can register a function that's going to be called on non-Delphi exceptions (provided I set JITEnable to a value above 0). The signature of the registered callback function reads :
function ExceptionFilter(E: LPEXCEPTION_POINTERS): Integer; stdcall;
Inside that function, I can test for illegal instructions like this :
// STATUS_PRIVILEGED_INSTRUCTION = $C0000096
if E.ExceptionRecord.ExceptionCode = STATUS_PRIVILEGED_INSTRUCTION then
One of the offending instructions is WVINDB ($0F,$09) which I can detect like this :
// See if the instruction pointer is a WBINVD opcode :
if (PAnsiChar(E.ExceptionRecord.ExceptionAddress)[0] = #$0F)
and (PAnsiChar(E.ExceptionRecord.ExceptionAddress)[1] = #$09) then
This all works (provided I run this outside the debugger) but I can't get the code to execute beyond the failing instruction - I tried it like this:
begin
// Skip the WBINVD instruction, and continue execution :
Inc(DWORD(E.ExceptionRecord.ExceptionAddress), 2);
Result := EXCEPTION_CONTINUE_EXECUTION;
Exit;
end;
Alas, that doesn't work. Actually, I would have used the real instruction pointer (E.ContextRecord.Eip), but somehow the entire ContextRecord doesn't seem populated.
What can I do so this does work as intended?
PS: When running with the debugger, I would expect this code to end up in my ExceptionFilter routine, but it doesn't - it only works without the debugger; Why's that?
DebugHook := 0; // Act as if there's no debugger
// Trigger a privileged instruction exception via this ring0 instruction :
asm
WBINVD
end;
// Prove that my exception-filter worked :
ShowMessage('WBINVD succesfully ignored!');
SetUnhandledExceptionFilter seems to be some kind of Delphi wrapper, maybe you have more luck if you do it directly?
You can register your own Exception handler with AddVectoredExceptionHandler, this will call a callback function that gives you an EXCEPTION_POINTERS structure. The Context member of that structure returns ao EIP which you can modify.
If you return EXCEPTION_CONTINUE_EXECUTION in the Callback execution continues at the given EIP.
If I declare
PSomeStruct = ^TSomeStruct;
TSomeStruct = record
s1 : string;
end;
and I run the following code:
var
p: PSomeStruct;
begin
new(p);
p^.s1:= 'something bla bla bla';
dispose(p);
the FastMM 4 memory manager reports that there was a memory leak (type: string, data dump: "something bla bla bla"). However, if I do set the s1 string to empty before calling dispose it's OK.
The second way I found is to change from record type to class, then instead of new I'm creating the instance, and instead of dispose I'm calling instance.Free(). It works without manually cleaning the strings.
Is there a way to make Delphi automatically clean my strings when I call dispose?
Is FastMM the first unit used in your .dpr? Otherwise it could be finalized too early, reporting false memoryleaks.
And does this simplified codesample also generate the same memoryleak as when you use your JvSimpleXML? When it's not, there is probably more going on then you suspect.
In my opinion: when FastMM reports a memory leak, there is a memoryleak.
You are already doing the correct thing. If FastMM says that string has leaked, then FastMM is wrong, or it's reporting a different string from the one you think it is. The Dispose procedure releases strings from records.
In this particular case, there shouldn't have been any memory allocated for that string anyway. It's a string literal, so I'd expect the compiler to assign that literal; its reference count should be -1 and FastMM never should have seen it.