Weird heap corruption in event queue (Win32)

Do you have a question about makefiles, a compiler or IDE you are using and need to know how to set it up for wxWidgets or why it doesn't compile but other IDE's do ? Post your questions here.
Post Reply
jaytee
In need of some credit
In need of some credit
Posts: 2
Joined: Wed Aug 30, 2006 3:48 pm

Weird heap corruption in event queue (Win32)

Post by jaytee » Wed Aug 30, 2006 4:08 pm

Hi,
I have a really odd problem with wxWidgets 2.7.0 (as well as 2.6.2 and 2.6.3).

Noticing rare crash behaviour especially when doing Show/Raise on a Window I have now narrowed the problem down to a stress test which involves 4 threads all posting an event to the main GUI frame.

The design of the program is that diffrent threads posts custom wxCommandEvents to the main thread which handles them and does the actual GUI work.

My DebugThread:

Code: Select all

DWORD DebugThread (void *_pArg)
{
	while (true)
	{
		UserInterface::MainDialog::ChannelBar::SetText ("testing");
		Sleep (20);
	}
}
The threads are started using CreateThread.

UserInterface::MainDialog::ChannelBar::SetText code:

Code: Select all

void UserInterface::MainDialog::ChannelBar::SetText (UICHAR *_pstrText)
{
	wxString str = _pstrText;
	wxCommandEvent ev(wxEVT_MY_CUSTOM_COMMAND);
	ev.SetId(EVENT_ID_CHANNELBAR_SET_TEXT);
	ev.SetString(str);

	wxPostEvent (s_MainFrame, ev);
}
Finally the events are handled in the main frame code:

Code: Select all

void MainFrame::OnUserInterfaceCalls(wxCommandEvent& event)
{
	switch(event.GetId())
	{

		case EVENT_ID_CHANNELBAR_SET_TEXT:
		{	
			JDEBUGPrintf ("%s: (%u) STRING: %s\n", __FUNCTION__, GetCurrentThreadId (), event.GetString().c_str ());
			//GetChannelBar()->SetText(event.GetString());
		}
		break;
  }
}
The event handler is defined using macros as:

Code: Select all

BEGIN_EVENT_TABLE(MainFrame, wxFrame) 
	EVT_PAINT(OnPaint)
	EVT_CLOSE(OnClose)
	EVT_ERASE_BACKGROUND(OnEraseBackground)
	EVT_SIZE(OnSize)
	//EVT_ICONIZE(OnIconize) 
	EVT_MY_CUSTOM_COMMAND (-1, OnUserInterfaceCalls)
END_EVENT_TABLE()
My binary as well as wxWidgets is compiled as "Multithreaded Debug" for Debug profile using Visual Studio 2005 Professional.

The problem:
I run my application and JDEBUGPrintf writes the debug output to a Windows console window (error happens without it). After a while either the debug output shows that the string has invalid content such as 0xee or one of the free_dbg functions usually in wxString or wxObjects fails with a heap corruption assertion. Sometimes the application dies of general protection fault (0xc0000005). And sometimes it dies when freeing the event in the ProcessEvent function inside wxWidgets.

Typical crash stack trace:

Code: Select all

 	ntdll.dll!7c901230() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]	
 	ntdll.dll!7c96c943() 	
 	ntdll.dll!7c949eb9() 	
 	ntdll.dll!7c915b4f() 	
 	ntdll.dll!7c94a1f5() 	
 	ntdll.dll!7c91b686() 	
 	ntdll.dll!7c91b686() 	
 	ntdll.dll!7c915a00() 	
 	ntdll.dll!7c915a65() 	
 	ntdll.dll!7c915041() 	
 	ntdll.dll!7c915152() 	
 	ntdll.dll!7c96d6aa() 	
 	ntdll.dll!7c91b686() 	
 	ntdll.dll!7c96d886() 	
 	ntdll.dll!7c949d18() 	
 	ntdll.dll!7c96d886() 	
 	ntdll.dll!7c96d886() 	
 	ntdll.dll!7c949d18() 	
 	ntdll.dll!7c91b686() 	
 	ntdll.dll!7c96d886() 	
 	ntdll.dll!7c949d18() 	
 	ntdll.dll!7c91b686() 	
 	ntdll.dll!7c915a00() 	
 	ntdll.dll!7c915a65() 	
 	ntdll.dll!7c915a00() 	
 	ntdll.dll!7c91b298() 	
 	ntdll.dll!7c91b686() 	
>	E-SportClient.exe!wxStringData::Unlock()  Line 233 + 0x2b bytes	C++
 	E-SportClient.exe!_heap_alloc_base(unsigned int size=0x00000044)  Line 105 + 0x28 bytes	C
 	E-SportClient.exe!_heap_alloc_dbg(unsigned int nSize=0x00000020, int nBlockUse=0x00000001, const char * szFileName=0x00000000, int nLine=0x00000000)  Line 409 + 0x9 bytes	C++
 	E-SportClient.exe!_nh_malloc_dbg(unsigned int nSize=0x00000020, int nhFlag=0x00000000, int nBlockUse=0x00000001, const char * szFileName=0x00000000, int nLine=0x00000000)  Line 266 + 0x15 bytes	C++
 	E-SportClient.exe!malloc(unsigned int nSize=0x00000020)  Line 152 + 0x15 bytes	C++
 	E-SportClient.exe!wxStringBase::AllocBuffer(unsigned int nLen=0x00000005)  Line 244 + 0x20 bytes	C++
 	E-SportClient.exe!wxStringBase::InitWith(const char * psz=0x00a03fec, unsigned int nPos=0x00000000, unsigned int nLength=0x00000005)  Line 202 + 0xc bytes	C++
 	E-SportClient.exe!wxStringBase::wxStringBase(const char * psz=0x00a03fec)  Line 361 + 0x37 bytes	C++
 	E-SportClient.exe!wxString::wxString(const char * psz=0x00a03fec)  Line 692 + 0x4d bytes	C++
 	E-SportClient.exe!UserInterface::MainDialog::ChannelBar::SetText(char * _pstrText=0x00a03fec)  Line 135 + 0xc bytes	C++
 	E-SportClient.exe!DebugThread(void * _pArg=0x00000000)  Line 1108 + 0xd bytes	C++
 	kernel32.dll!7c80b683() 	

The test is performed by simply starting the application without any other threads it usually has running, no initialization what so ever except for wx GUI and the DebugThreads.

My application links to:
wxmsw27d_core.lib wxmsw27d_html.lib wxbase27d.lib wxpngd.lib wxzlibd.lib wsock32.lib dsound.lib dxguid.lib dxerr9.lib libspeexd.lib winmm.lib Crypt32.lib comctl32.lib Rpcrt4.lib Iphlpapi.lib Ws2_32.lib pthreadvc2.lib dinput8.lib libjpeg.lib

(without any conflicting run-time libraries)

I suspect some compiler, run-time, build setup issues but I haven't managed to indentify such. wxUSE_THREADS is defined as 1 and I've validated that the critical sections are actually being executed.

I am getting desperate about this, what to do?

//Regards Jonas T

jaytee
In need of some credit
In need of some credit
Posts: 2
Joined: Wed Aug 30, 2006 3:48 pm

Post by jaytee » Thu Aug 31, 2006 10:54 pm

After compiling with wxUSE_STD_STRING and wxUSE_STL the corruption errors has disappeared.

What can we conclude out of that?
//Regards JT

Post Reply