It was a bug that I just found! Hooray. The bug was due to an incorrect downcasting, and indeed I was using static_cast instead of dynamic_cast.
My application is pretty large and multithreaded and interacts with other applications. So debugging is very hard. I have tried to use WinDbg, GFlags, and Application Verifier without results. Certainly because I don't know how to use these tools.
Is it possible to find a memory heap corruption due to an invalid downcasting, with the use of tools like WinDbg? If yes, how?
Detecting Memory Corruption. You can detect memory block overrun and underrun errors with either guard blocks or Red Zones. Select Guard allocated memory from Advanced Memory Debugging Options. With guards on, MemoryScape adds a small segment of memory before and after each block that you allocate.
Check for heap corruptionTry using the Global Flags Utility (gflags.exe) or pageheap.exe. See /windows-hardware/drivers/debugger/gflags-and-pageheap.
Heap corruption occurs when a program damages the allocator's view of the heap. The outcome can be relatively benign and cause a memory leak (where some memory isn't returned to the heap and is inaccessible to the program afterward), or it may be fatal and cause a memory fault, usually within the allocator itself.
Definition: Memory corruption can be described as the vulnerability that may occur in a computer system when its memory is altered without an explicit assignment. The contents of a memory location are modified due to programming errors which enable attackers to execute an arbitrary code.
Windbg !heap –s –v command can reveal a corrupt heap
0:008> !heap -s -v
Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast
(k) (k) (k) (k) length blocks cont. heap
-----------------------------------------------------------------------------
.ERROR: Block 001842e8 previous size 0 does not match previous block size 4
HEAP 00140000 (Seg 00140640) At 001842e8 Error: invalid block Previous
EDIT: Comments made it clear that non-Windows options aren't viable. In that case I've had good luck with Purify before, but unfortunately it's $$$. I'm not familiar with other Windows memory checking tools however.
In regards to this specific case, anytime you find yourself downcasting, spend at least a minute thinking about an alternate interface or design that could remove the need. Compiler errors and warnings, and a solid design can find a lot of bugs that would otherwise take hours to find.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With