Re: Haunting free(): invalid pointer 0x8a11604!

[David Sugar]

In fact, I will go a step further...Thread() is built with a virtual 
destructor...it appears to me that virtual destructors are not working 
correcting on your compiler.  This would explain the memory offset of 
the delete free() operation in Thread::close, which I am guessing is 
likely the offset position of the "Thread" object within the derived 
class.  Again re-ordering the classes to assure Thread is always first 
may help since most C++ compilers do create the objects in memory based 
on their order.  Those that don't probably do handle virtual destructors 
correctly.

Rami Saarinen wrote:
> Hello again, 
>
> Ia currently doing some restructuring on the program that I had probelms
> with few moths ago. I just poke my editor into some very nasty stuff and
> I'd like to ask if any of you have any idea why I do get a buch of Invalid
> pointer error messages. 
>
> The program is heavily threaded "MessageDispatch" style of client/server
> program. The proble is in the server. The server also uses xerces-c++ and
> sqlite3. 
>
> I just updated common c++ form 1.0.9 to 1.3.1. None of the threads have
> final() method defined and the threads are detached() and *not* started().
>
> The invalid pointer error does not appear on 1.0.9 version. 
>
> I have been using valgrind (altought it's pthread support is incomplete)
> to find another proble that will crash the program when it tries to create
> XercesDOMParser. I think these problems *may* be interlinked as the crash
> occurs in malloc() -> so maybe the TCPSession + other thread stuff messes
> the memory so that malloc fails.
>
> Anyway when the  free(): invalid pointer 0xxxxxxxxx! appears Valgrind will
> display quite many of Invalid read messages like: 
>
> ==3015== Invalid read of size 4
> ==3015==    at 0x1BD0E831: ost::Thread::close() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0FA0E:
> ost::ThreadImpl::ThreadExecHandler(ost::Thread*) (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0E90E: (within /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BCCD847: thread_wrapper (vg_libpthread.c:867)
> ==3015==  Address 0x1BF65B98 is 240 bytes inside a block of size 416
> free'd
> ==3015==    at 0x1B90313F: operator delete(void*)
> (vg_replace_malloc.c:156)
> ==3015==    by 0x8057F87:
> TCPSessionThread<AgentContainer*>::~TCPSessionThread()
> (AgentContainer.cpp:125)
> ==3015==    by 0x8057539: ost::TCPSession::final() (socket.h:1725)
> ==3015==    by 0x1BD0E804: ost::Thread::close() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
>
>
> and invalid write messages like: 
>
> ==3015== Thread 4:
> ==3015== Invalid write of size 4
> ==3015==    at 0x1BD0E2EB: ost::Thread::~Thread() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0E82E: ost::Thread::close() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0FA0E:
> ost::ThreadImpl::ThreadExecHandler(ost::Thread*) (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0E90E: (within /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==  Address 0x1BF65B34 is 140 bytes inside a block of size 416
> free'd
> ==3015==    at 0x1B90313F: operator delete(void*)
> (vg_replace_malloc.c:156)
> ==3015==    by 0x8057F87:
> TCPSessionThread<AgentContainer*>::~TCPSessionThread()
> (AgentContainer.cpp:125)
> ==3015==    by 0x8057539: ost::TCPSession::final() (socket.h:1725)
> ==3015==    by 0x1BD0E804: ost::Thread::close() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==
>
>
> But the most interesting bit is: 
>
> ==3015== Thread 4:
> ==3015== Invalid free() / delete / delete[]
> ==3015==    at 0x1B90313F: operator delete(void*)
> (vg_replace_malloc.c:156)
> ==3015==    by 0x1BD0E320: ost::Thread::~Thread() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0E82E: ost::Thread::close() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==    by 0x1BD0FA0E:
> ost::ThreadImpl::ThreadExecHandler(ost::Thread*) (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==  Address 0x1BF65B34 is 140 bytes inside a block of size 416
> free'd
> ==3015==    at 0x1B90313F: operator delete(void*)
> (vg_replace_malloc.c:156)
> ==3015==    by 0x8057F87:
> TCPSessionThread<AgentContainer*>::~TCPSessionThread()
> (AgentContainer.cpp:125)
> ==3015==    by 0x8057539: ost::TCPSession::final() (socket.h:1725)
> ==3015==    by 0x1BD0E804: ost::Thread::close() (in
> /usr/lib/libccgnu2-1.3.so.0.0.1)
> ==3015==
>
>
> I am not reserving or freeing any memory (well I do create a new srting
> that will be deleted elsewhere). Any Ideas? Am I just doing All Things
> Wrong? Should I consider a career change? 
>
> I'll provide any additional information you need. 
>
> Thanks again!
>
> --
> Rami Saarinen
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
>
> _______________________________________________
> Bug-commoncpp mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/bug-commoncpp

dyfet.vcf
Description: Vcard