delete causes crash with character arrays

GNU g++ 3.3.3, Cygwin


// Stuff

static char* mbuffer = NULL;

// Stuff

void doit()
{
// Stuff
mbuffer = new (nothrow) char [1001];
assert (mbuffer != NULL);

// Stuff

assert (mbuffer != NULL);
delete[] mbuffer; // Sometimes crashed here (not always).
mbuffer = NULL;

// Stuff

}

How can one detect what causes the crash?

--
Alex Vinokur
email: alex DOT vinokur AT gmail DOT com
http://mathforum.org/library/view/10978.html
http://sourceforge.net/users/alexvn

Alex Vinokur wrote:[color=blue]
> // Stuff
> mbuffer = new (nothrow) char [1001];
> assert (mbuffer != NULL);[/color]

What is nothrow?
[color=blue]
> delete[] mbuffer; // Sometimes crashed here (not always).
> mbuffer = NULL;[/color]

It looks like you're deleting memory allocated by placement new with a
"normal" delete. This is illegal IIRC. You will have to define your own
"placement delete" function.

--
Regards,
Matthias

"Matthias" <nospam@digitalraid.com> wrote in message news:cun9dp$fn0$05$1@news.t-online.com...[color=blue]
> Alex Vinokur wrote:[color=green]
> > // Stuff[/color][/color]
-------------------------------------------------[color=blue][color=green]
> > mbuffer = new (nothrow) char [1001][/color][/color]

// The program crashes at 'delete[] mbuffer' with the line below (instead of line above) too
mbuffer = new char [1001];
-------------------------------------------------[color=blue][color=green]
> > assert (mbuffer != NULL);[/color]
>
> What is nothrow?
>[color=green]
> > delete[] mbuffer; // Sometimes crashed here (not always).
> > mbuffer = NULL;[/color]
>
> It looks like you're deleting memory allocated by placement new with a
> "normal" delete. This is illegal IIRC. You will have to define your own
> "placement delete" function.
>
> --
> Regards,
> Matthias[/color]


--
Alex Vinokur
email: alex DOT vinokur AT gmail DOT com
http://mathforum.org/library/view/10978.html
http://sourceforge.net/users/alexvn

"Matthias" <nospam@digitalraid.com> wrote in message news:cun9dp$fn0$05$1@news.t-online.com...[color=blue]
> Alex Vinokur wrote:[color=green]
> > // Stuff
> > mbuffer = new (nothrow) char [1001];
> > assert (mbuffer != NULL);[/color]
>
> What is nothrow?[/color]

<QUOTE from http://groups-beta.google.com/group/...565d1c77795e52 >

If you want 'new' to return NULL instead of throwing an exception, use

int* p = new (nothrow) int[array_size];

</QUOTE>

[snip]


--
Alex Vinokur
email: alex DOT vinokur AT gmail DOT com
http://mathforum.org/library/view/10978.html
http://sourceforge.net/users/alexvn

"Alex Vinokur" <alexvn@big-foot.com> wrote in message
news:378dcgF59bc1uU1@individual.net...[color=blue]
> GNU g++ 3.3.3, Cygwin[/color]
....[color=blue]
> mbuffer = new (nothrow) char [1001];
> assert (mbuffer != NULL);
>
> // Stuff[/color]
Methinks this Stuff is what actually causes the crash.
[color=blue]
> assert (mbuffer != NULL);
> delete[] mbuffer; // Sometimes crashed here (not always).[/color]

Except if you somehow change the value of mbuffer,
some buffer overflow is most likely corrupting the heap
and causing the crash.

Most platforms have tools that can help you detect heap
corruption, or a debugging implementation of heap allocation
functions.
A poor man's first try could also be to do:
mbuffer = 1+new (nothrow) char [1001+2];
mbuffer[-1] = 0x77; //magic number to detect overwrite
mbuffer[1001] = 0x77;

//Stuff... <-- look for change of mbuffer[-1 or 1001]
// e.g. by inserting assertions..

delete[] (mbuffer-1);



--
http://ivan.vecerina.com/contact/?subject=NG_POST <- email contact form

Alex Vinokur wrote:[color=blue]
> "Matthias" <nospam@digitalraid.com> wrote in message news:cun9dp$fn0$05$1@news.t-online.com...
>[color=green]
>>Alex Vinokur wrote:
>>[color=darkred]
>>> // Stuff
>>> mbuffer = new (nothrow) char [1001];
>>> assert (mbuffer != NULL);[/color]
>>
>>What is nothrow?[/color]
>
>
> <QUOTE from http://groups-beta.google.com/group/...565d1c77795e52 >
>
> If you want 'new' to return NULL instead of throwing an exception, use
>
> int* p = new (nothrow) int[array_size];
>
> </QUOTE>
>
> [snip]
>
>[/color]

So your call to new is not a call to placement new, but to the normal
new with the option "don't throw bad_alloc exception" set?

--
Regards,
Matthias

"Ivan Vecerina" <INVALID_use_webform_instead@vecerina.com> wrote in message news:cunf2u$j3a$1@news.hispeed.ch...[color=blue]
> "Alex Vinokur" <alexvn@big-foot.com> wrote in message
> news:378dcgF59bc1uU1@individual.net...[color=green]
> > GNU g++ 3.3.3, Cygwin[/color]
> ...[color=green]
> > mbuffer = new (nothrow) char [1001];
> > assert (mbuffer != NULL);
> >
> > // Stuff[/color]
> Methinks this Stuff is what actually causes the crash.
>[color=green]
> > assert (mbuffer != NULL);
> > delete[] mbuffer; // Sometimes crashed here (not always).[/color]
>
> Except if you somehow change the value of mbuffer,
> some buffer overflow is most likely corrupting the heap
> and causing the crash.
>
> Most platforms have tools that can help you detect heap
> corruption, or a debugging implementation of heap allocation
> functions.
> A poor man's first try could also be to do:
> mbuffer = 1+new (nothrow) char [1001+2];
> mbuffer[-1] = 0x77; //magic number to detect overwrite
> mbuffer[1001] = 0x77;
>
> //Stuff... <-- look for change of mbuffer[-1 or 1001]
> // e.g. by inserting assertions..
>
> delete[] (mbuffer-1);
>
>
>
> --
> http://ivan.vecerina.com/contact/?subject=NG_POST <- email contact form
>
>[/color]

Ivan,
I started to apply your method and while analyzing the code I found out the cause of the problem.
Of course, it was trampling memory.

infile.read (mbuffer, infile_size); // infile_size was greater than mbuffer size.

Thank you very much.

--
Alex Vinokur
email: alex DOT vinokur AT gmail DOT com
http://mathforum.org/library/view/10978.html
http://sourceforge.net/users/alexvn

"Matthias" <nospam@digitalraid.com> wrote in message news:cunfmj$aus$00$1@news.t-online.com...[color=blue]
> Alex Vinokur wrote:[color=green]
> > "Matthias" <nospam@digitalraid.com> wrote in message news:cun9dp$fn0$05$1@news.t-online.com...
> >[color=darkred]
> >>Alex Vinokur wrote:
> >>
> >>> // Stuff
> >>> mbuffer = new (nothrow) char [1001];
> >>> assert (mbuffer != NULL);
> >>
> >>What is nothrow?[/color]
> >
> >
> > <QUOTE from http://groups-beta.google.com/group/...565d1c77795e52 >
> >
> > If you want 'new' to return NULL instead of throwing an exception, use
> >
> > int* p = new (nothrow) int[array_size];
> >
> > </QUOTE>
> >
> > [snip]
> >
> >[/color]
>
> So your call to new is not a call to placement new, but to the normal
> new with the option "don't throw bad_alloc exception" set?[/color]

[snip]

Yes. It is not a call to placement new, it is the normal new with the option that returns NULL if failed.

--
Alex Vinokur
email: alex DOT vinokur AT gmail DOT com
http://mathforum.org/library/view/10978.html
http://sourceforge.net/users/alexvn

Matthias wrote:
[color=blue]
> It looks like you're deleting memory allocated by placement new with a
> "normal" delete. This is illegal IIRC. You will have to define your own
> "placement delete" function.
>[/color]

Defining a placement delete function won't help (if you mean defining
a deallocation function: operator delete). The placement delete deallocator
is only called if an exception happens during placement construction.

You need to do an explicit destructor call (if necessary for your type) and
then call the whatever deallocation is appropriate.

Ron Natalie wrote:[color=blue]
> You need to do an explicit destructor call (if necessary for your type) and
> then call the whatever deallocation is appropriate.[/color]

Does that mean, placement new doesn't allocate memory in the first
place? And what would be a proper deallocation?

--
Regards,
Matthias

Matthias wrote:[color=blue]
>
> Ron Natalie wrote:[color=green]
> > You need to do an explicit destructor call (if necessary for your type) and
> > then call the whatever deallocation is appropriate.[/color]
>
> Does that mean, placement new doesn't allocate memory in the first
> place?[/color]

Exactly that
[color=blue]
> And what would be a proper deallocation?[/color]

Whatever is the opposite of the allocation strategy you used
for providing the memory.

The whole point of placement new is that 'new' no longer cares
to reserve some memory, but it is the job of the programmer
to allocate (or don't allocate at all) it. 'placement new' simply
takes the raw memory you give to it and turn it into an object
(by calling a constructor). Everything else is the responsibility
of the programmer.


--
Karl Heinz Buchegger
kbuchegg@gascad.at