Can an access violation be a disguised out-of-memory error?

Question

I'm debugging a 64-bit C++ (managed) crash dump (access violation).

The dump has a total size of 32.374.535 kb.

The application is multi-threaded, and the corresponding call stack only mentions mscvrt.dll!memcpy (I don't know which other thread is creating this one). Obviously there is no corresponding source code.

The Visual Studio Locals window is empty.

The unhandled exception mentions Access violation writing location 0x000000F02A6BB000, but on that location, there seems to be nothing:

0x000000F02A6BAF84  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ..............................................................
0x000000F02A6BAFC2  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ..............................................................
0x000000F02A6BB000  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  .............................................................. <= here it is.
0x000000F02A6BB03E  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  ..............................................................

I don't see any reason why the writing on this memory location would cause any problem, therefore I believe (based on the size of the dump) that I'm dealing with a memory error (meaning it would impossible to copy something into memory, because so many memory is already used that there's no room left). However, if this would be true, shouldn't there be some information in that memory location?

Does anybody have an idea about this?

Answer 1

Intuitively, it does not look to me like an out of memory error. Memory allocation system services on some poorly designed operating systems will return successfully values when they have failed to allocate the memory. As many flaws as Windows has, I do not believe it is such a system. If you were running on a system that does do some kind of delayed allocation, then I'd suspect what you suspect.

I think that you are getting a memory overrun that is causing a write to a page that has not been mapped into the address space.