search

DynamoRIO / drmemory

Memory Debugger for Windows, Linux, Mac, and Android
Other
2.41k stars 256 forks source link

Dr. Memory internal crash at PC 0x7383a079 , PC 0x0209a60a #1691

Open ifrh opened 9 years ago

ifrh commented 9 years ago

Just wanted to check my (32bit) program for memory leaks ( running inside WOW64-Subsystem off Win8.1):

Calling Dr.Memory and my Programm in "server-mode" doesnt'crash:


BEGIN one line
start cmd /k P:\tools\DrMemory-Windows-1.8.1-RC1\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -serverproxy pipenameR 979 cmd /k P:\tools\DrMemory-Windows-1.8.1-RC1\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -server -L 979
END one line

Calling Dr.Memory and my Programm in "client-mode" crashs:


BEGIN one line
start cmd /k P:\tools\DrMemory-Windows-1.8.1-RC1\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -clientproxy 127.0.0.1 pipenameR 978  cmd /k P:\tools\DrMemory-Windows-1.8.1-RC1\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -client 127.0.0.1 978
END one line

Dr Memory crashes with this Message:


Dr. Memory internal crash at PC 0x7383a079.
Please report this at http://drmemory.org/issues.
Program aborted.
0xc0000005 0x0000000 0x7383a079 0x7383a079 0x0000000 0x006d0036
Base: 0x727e0000
Registers: eax=0x192de88c ebx=0x192de9b4 
                 ecx=0x006d0032 edx=0xffffffff 
                 esi=0x192de8c0  edi=0x00006d24 
                 esp=0x192de85c ebp=0x006d0032
                 eflags=0x000
version 5.0.16470, custom build
-no_dynamic_options  -disasm_mask 8 -logdir 
'P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs\dynamorio'
-client_lib 'P:\tools\DrMemory-Windows-1.8.1-RC1\bin\release\drmemorylib.dll;0;
-logdir `P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs`
-symcache_dir `P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs\symcache`
-lib_blacklist C:\Windows*.d?? -resfile 2488' -code_api -probe
P:\tools\DrMemory-Windows-1.8.1-RC1\bin\release\drmemorylib.dll=0x73800000
P:\tools\DrMemory-Windows-1.8.1-RC1\bin\release/dbghelp.dll=0x72400000
c:\Windows/system32/msvcrt.dll=0x01e10000
c:\Windows/system32/kernel32.dll=0x01ee0000
c:\Windows/system32/KERNELBASE.dll=0x02020000

If I start MrMemory with the -light option, then I can see on console:


~~Dr.M~~
~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS beyond heap bounds: writing 0x0288d4ed-0
x0288d4ee 1 byte(s)

perhaps this is a problem in my program? perhaps my program runs without DrMemory just accidental?

If I replace the -light option with these options "-leaks_only -no_count_leaks -no_track_allocs" than my program starts but its child process doesn't get started

Okay what I can get with -debug -dr_debug -pause_at_assert


<Starting application P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS\Socket2N
amedPipe.exe (4912)>
<Initial options = -no_dynamic_options -logdir 'P:\tools\DrMemory-Windows-1.8.1-
RC1\drmemory\logs\dynamorio' -client_lib 'P:\tools\DrMemory-Windows-1.8.1-RC1\bi
n\debug\drmemorylib.dll;0;`-pause_at_assert` -logdir `P:\tools\DrMemory-Windows-
1.8.1-RC1\drmemory\logs` -symcache_dir `P:\tools\DrMemory-Windows-1.8.1-RC1\drme
mory\logs\symcache` -lib_blacklist C:\Windows*.d?? -resfile 4912 ' -code_api -pr
obe_api -stack_size 56K -disable_traces -no_enable_traces -max_elide_jmp 0 -max_
elide_call 0 -max_bb_instrs 256 -no_shared_traces -bb_ibl_targets -bb_single_res
tore_prefix -no_shared_trace_ibl_routine -no_enable_reset -no_reset_at_switch_to
_os_at_vmm_limit -reset_at_vmm_percent_free_limit 0 -no_reset_at_vmm_full -reset
_at_commit_free_limit 0K -reset_every_nth_pending 0 -vm_size 262144K -no_inline_
ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_i
ndcall2direct -no_aslr_dr -pad_jmps_mark_no_trace >
~~Dr.M~~ Dr. Memory version 1.8.1
~~Dr.M~~ Running "P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS\Socket2Named
Pipe.exe -clientproxy 127.0.0.1 pipenameR 978 cmd /k P:\tools\DrMemory-Windows-1
.8.1-RC1\bin\drmemory.exe -debug -dr_debug -pause_at_assert -- P:\SocketANDNamed
Pipe\Socket2NamedPipe\Debug_SBCS\Socket2NamedPipe.exe -client 127.0.0.1 978"
Called with parameters:
<CURIOSITY : (total_len <= ave_len_threshold * num || ((((0x00000020) & (table->
table_flags)) != 0) && table->capacity <= 513)) && "hash table high average coll
ision length" in file d:\drmemory_package\dynamorio\core\hashtablex.h line 1845
version 5.0.16470, custom build
-no_dynamic_options -logdir 'P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs\d
ynamorio' -client_lib 'P:\tools\DrMemory-Windows-1.8.1-RC1\bin\debug\drmemorylib
.dll;0;`-pause_at_assert` -logdir `P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\
logs` -symcache_dir `P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs\symcache`
 -lib_blacklist C:\Windows*.d?? -resfile 4912 ' -code_api -pro
0x1fede88c 0x69640e2a
0x1fede95c 0x69646bc7
0x1fedea74 0x69646160
0x1fedeb10 0x69645760
0x1fedebac 0x6964364d
0x1feded60 0x696bac74
0x1fedee0c 0x696ba85f
0x1fedef18 0x696b6784
0x1fedeff4 0x1fea221c
0x0028ff08 0x004010fd
0x0028ff94 0x775db5af
0x0028ffdc 0x775db57a
0x0028ffec 0x00000000
P:\tools\DrMemory-Windows-1.8.1-RC1\bin\debug\drmemorylib.dll=0x01ec0000
P:\tools\DrMemory-Windows-1.8.1-RC1\bin\debug/dbghelp.dll=0x69490000
C:\Windows/system32/msvcrt.dll=0x02540000
C:\Windows/system32/kernel32.dll=0x02610000
C:\Windows/system32/KERNELBASE.dll=0x02750000>
"cmd" /k P:\tools\DrMemory-Windows-1.8.1-RC1\bin\drmemory.exe -debug -dr_debug -
pause_at_assert -- P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS\Socket2Name
dPipe.exe -client 127.0.0.1 978
<Application changing protections of system memory at least once (0x77683000-0x7
7686000)>

So which Application changes the protection of system memory ? And a Dr.Memory Crash-info pops up:


Dr. Memory internal crash at PC 0x0209a60a
Please report this at http://drmemory.org/issues.
Program aborted.
0xc0000005 0x0000000 0x0209a60a 0x0209a60a 0x0000000 0x006d0036
Base: 0x695b0000
Registers: eax=0x006d0032 ebx=0x00000000 
                 ecx=0x00000003 edx=0x1fedcec8 
                 esi=0x002b013  edi=0x00000002 
                 esp=0x1fedcaa4 ebp=0x1fedcb08
                 eflags=0x000
version 5.0.16470, custom build
-no_dynamic_options  -disasm_mask 8 -logdir 
'P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs\dynamorio'
-client_lib 'P:\tools\DrMemory-Windows-1.8.1-RC1\bin\release\drmemorylib.dll;0;
-logdir `P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs`
-symcache_dir `P:\tools\DrMemory-Windows-1.8.1-RC1\drmemory\logs\symcache`
-lib_blacklist C:\Windows*.d?? -resfile 4912' -code_api -pro
0x1fedcb08 0x020e473
0x1fedcf74 0x020dcf97

Except of using Dr.Memory with my Socket2NamedPipe program I hadn't problems in the past with your cool Dr.Memory. Very nice program. Thanks for that.

So I think the crash of Dr.Memory is caused by my program...

Best regards, Robert

derekbruening commented 9 years ago

Dr. Memory shouldn't itself crash, regardless of what the application does, so this is a Dr. Memory bug.

% bin/symquery.exe -f -e bin/release/drmemorylib.dll -a 0x3a079
packed_callstack_to_symbolized+0x9
d:\drmemory_package\common\callstack.c:2096+0x4

Does the option -no_replace_malloc make your program in "client mode" work?

Would it be possible to get access to your program so that we can reproduce the bug locally?

ifrh commented 9 years ago

Do you want the binary of my program? Than I can send it tomorrow - today I can't get my hands on it. If you want access to the source code, well - than that is okay for me, but the code is currently under construction and at the moment not realy foreign-friendly oop-designed. I am now in refaktoring my code to fit this dirty prove of idee into a object oriented design.

derekbruening commented 9 years ago

Binary is sufficient.

ifrh commented 9 years ago

You ask if the option -no_replace_malloc make my program in "client mode" work. The answer is sadly "no", see screenshot. client_mode_crash_drmemory

In the screenshot you can see top-left the output of the batchfile: It first starts Dr.Memory with server-mode bottom-left and after the pause-Command it starts Dr.Memory with client-mode on the right side. You see the client-mode crashs.

How can I send You the executable of my Programm per Mail? Sadly the GMX-Webpage doesn't allow me to send a mail to the "Reply to"-Address: Reply-To: DynamoRIO/drmemory <reply+003aabbf17d9fc9a88be2ccf0de36442a6caea21b3c2722f92cf00000001111d922a92a169ce03a60821@reply.github.com> For GMX-Webpage this Address is not valid (or a bug in GMX site?).

ifrh commented 9 years ago

Okay I hope that I have used gist the right way: you should be able to get the executable and the batch file from here via git clone https://gist.github.com/a768dc33e6f2eb4d07ff.git

ifrh commented 9 years ago

I can see, that my report is labled with "Status-NeedInfo": What Info do you need? Could you recieve my executable for testing?

derekbruening commented 9 years ago

Yes, just have not had a chance to try to reproduce.

zhaoqin commented 9 years ago

I cannot reproduce the bug: In cmd window1: start server

C:\Workspace\DrMemory\i1691>start cmd /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -serverproxy pipenameR 979 cm
d /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -server -L 979

A new cmd is created:

...
Called with parameters:
"cmd" /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- C:\Workspace\DrMemory\i1961\Socket2NamedPipe.exe -server -L 979
"cmd" /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- C:\Workspace\DrMemory\i1961\Socket2NamedPipe.exe -server -L 979
CreatePipe: \\.\pipe\pipenameR
Pipe created
Waiting for connection: \\.\pipe\pipenameR

In cmd window1: start client

C:\Workspace\DrMemory\i1961>start cmd /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -clientproxy 127.0.0.1 pipena
meR 978 cmd /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- %CD%\Socket2NamedPipe.exe -client 127.0.0.1 978

A new cmd window with some error msg:

...
Called with parameters:
"cmd" /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- C:\Workspace\DrMemory\i1961\Socket2NamedPipe.exe -client 127.0.0.1 978
<Application changing protections of system memory at least once (0x77113000-0x77116000)>
Adresse FunktionsParameter theUser: 0028FBB0

0028FB74

~~Dr.M~~
~~Dr.M~~ Error #1: UNADDRESSABLE ACCESS beyond heap bounds: writing 0x02f9b314-0x02f9b318 4 byte(s)
~~Dr.M~~ # 0 replace_memmove                [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:740]
~~Dr.M~~ # 1 secureMoveMemory               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:351]
~~Dr.M~~ # 2 moveSecUserData                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:595]
~~Dr.M~~ # 3 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:993]
~~Dr.M~~ # 4 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:799]
~~Dr.M~~ # 5 fillUserdata                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2229]
~~Dr.M~~ # 6 ProxyClient                    [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 7 main                           [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:06.735 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: refers to 0 byte(s) beyond last valid byte in prior malloc
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    %edx -> (%eax)
~~Dr.M~~
~~Dr.M~~ Error #2: UNADDRESSABLE ACCESS beyond heap bounds: writing 0x02f9b324-0x02f9b328 4 byte(s)
~~Dr.M~~ # 0 replace_memmove                [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:740]
~~Dr.M~~ # 1 secureMoveMemory               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:351]
~~Dr.M~~ # 2 moveSecUserData                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:597]
~~Dr.M~~ # 3 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:993]
~~Dr.M~~ # 4 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:799]
~~Dr.M~~ # 5 fillUserdata                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2229]
~~Dr.M~~ # 6 ProxyClient                    [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 7 main                           [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:07.375 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    %edx -> (%eax)
~~Dr.M~~
~~Dr.M~~ Error #3: UNADDRESSABLE ACCESS beyond heap bounds: writing 0x02f9b334-0x02f9b335 1 byte(s)
~~Dr.M~~ # 0 replace_memmove                [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:746]
~~Dr.M~~ # 1 secureMoveMemory               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:351]
~~Dr.M~~ # 2 moveSecUserData                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:597]
~~Dr.M~~ # 3 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:993]
~~Dr.M~~ # 4 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:799]
~~Dr.M~~ # 5 fillUserdata                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2229]
~~Dr.M~~ # 6 ProxyClient                    [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 7 main                           [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:08.047 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    %dl -> (%eax)
~~Dr.M~~
~~Dr.M~~ Error #4: UNADDRESSABLE ACCESS beyond heap bounds: writing 0x02f9b348-0x02f9b349 1 byte(s)
~~Dr.M~~ # 0 replace_memmove                [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:751]
~~Dr.M~~ # 1 secureMoveMemory               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:351]
~~Dr.M~~ # 2 moveSecUserData                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:599]
~~Dr.M~~ # 3 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:993]
~~Dr.M~~ # 4 getSecUserInfo                 [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:799]
~~Dr.M~~ # 5 fillUserdata                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2229]
~~Dr.M~~ # 6 ProxyClient                    [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 7 main                           [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:08.718 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    %dl -> (%eax)
~~Dr.M~~
~~Dr.M~~ Error #5: UNADDRESSABLE ACCESS beyond heap bounds: writing 0x02f9b34c-0x02f9b350 4 byte(s)
~~Dr.M~~ # 0 replace_memmove               [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:740]
~~Dr.M~~ # 1 ntdll.dll!RtlCopySid         +0x21     (0x77071ea2 <ntdll.dll+0x61ea2>)
~~Dr.M~~ # 2 KERNELBASE.dll!CopySid       +0x13     (0x76605fc4 <KERNELBASE.dll+0x15fc4>)
~~Dr.M~~ # 3 moveSecUserData               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:601]
~~Dr.M~~ # 4 getSecUserInfo                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:993]
~~Dr.M~~ # 5 getSecUserInfo                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:799]
~~Dr.M~~ # 6 fillUserdata                  [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2229]
~~Dr.M~~ # 7 ProxyClient                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 8 main                          [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:09.297 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    %edx -> (%eax)
0028FB74

Adresse FunktionsParameter theUser: 0028FBB0

~~Dr.M~~
~~Dr.M~~ Error #6: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b324-0x02f9b328 4 byte(s)
~~Dr.M~~ # 0 replace_memmove               [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:740]
~~Dr.M~~ # 1 fillUserdata                  [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2249]
~~Dr.M~~ # 2 ProxyClient                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                          [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:09.625 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    (%ecx) -> %edx
~~Dr.M~~
~~Dr.M~~ Error #7: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b314-0x02f9b318 4 byte(s)
~~Dr.M~~ # 0 replace_memmove               [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:740]
~~Dr.M~~ # 1 fillUserdata                  [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2272]
~~Dr.M~~ # 2 ProxyClient                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                          [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:09.906 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: refers to 0 byte(s) beyond last valid byte in prior malloc
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    (%ecx) -> %edx
~~Dr.M~~
~~Dr.M~~ Error #8: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b318-0x02f9b319 1 byte(s)
~~Dr.M~~ # 0 replace_memmove               [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\drmemory\replace.c:746]
~~Dr.M~~ # 1 fillUserdata                  [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2272]
~~Dr.M~~ # 2 ProxyClient                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                          [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:10.187 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: refers to 4 byte(s) beyond last valid byte in prior malloc
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    (%ecx) -> %dl
~~Dr.M~~
~~Dr.M~~ Error #9: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34c-0x02f9b34d 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlValidSid                     +0x1b     (0x770662bb <ntdll.dll+0x562bb>)
~~Dr.M~~ # 1 ntdll.dll!RtlConvertSidToUnicodeString    +0x27     (0x77067a38 <ntdll.dll+0x57a38>)
~~Dr.M~~ # 2 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 3 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 4 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:10.484 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    (%ecx) -> %al
~~Dr.M~~
~~Dr.M~~ Error #10: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34d-0x02f9b34e 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlValidSid                     +0x27     (0x770662c7 <ntdll.dll+0x562c7>)
~~Dr.M~~ # 1 ntdll.dll!RtlConvertSidToUnicodeString    +0x27     (0x77067a38 <ntdll.dll+0x57a38>)
~~Dr.M~~ # 2 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 3 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 4 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:10.766 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    0x01(%ecx) -> %al
~~Dr.M~~
~~Dr.M~~ Error #11: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b364-0x02f9b368 4 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlValidSid                     +0x39     (0x770662d9 <ntdll.dll+0x562d9>)
~~Dr.M~~ # 1 ntdll.dll!RtlConvertSidToUnicodeString    +0x27     (0x77067a38 <ntdll.dll+0x57a38>)
~~Dr.M~~ # 2 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 3 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 4 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:11.047 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    0x04(%ecx,%eax,4) -> %eax
~~Dr.M~~
~~Dr.M~~ Error #12: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34c-0x02f9b34d 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x30     (0x77067a40 <ntdll.dll+0x57a40>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:11.328 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: cmp    (%edi) %al
~~Dr.M~~
~~Dr.M~~ Error #13: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34e-0x02f9b34f 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x58     (0x77067a68 <ntdll.dll+0x57a68>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:11.625 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: cmp    0x02(%edi) $0x00
~~Dr.M~~
~~Dr.M~~ Error #14: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34f-0x02f9b350 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x62     (0x77067a72 <ntdll.dll+0x57a72>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:11.906 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: cmp    0x03(%edi) $0x00
~~Dr.M~~
~~Dr.M~~ Error #15: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b350-0x02f9b351 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x6c     (0x77067a7c <ntdll.dll+0x57a7c>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:12.187 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: movzx  0x04(%edi) -> %ecx
~~Dr.M~~
~~Dr.M~~ Error #16: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b351-0x02f9b352 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x75     (0x77067a85 <ntdll.dll+0x57a85>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:12.469 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: movzx  0x05(%edi) -> %eax
~~Dr.M~~
~~Dr.M~~ Error #17: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b352-0x02f9b353 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x7e     (0x77067a8e <ntdll.dll+0x57a8e>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:12.765 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: movzx  0x06(%edi) -> %eax
~~Dr.M~~
~~Dr.M~~ Error #18: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b353-0x02f9b354 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x87     (0x77067a97 <ntdll.dll+0x57a97>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:13.047 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: movzx  0x07(%edi) -> %eax
~~Dr.M~~
~~Dr.M~~ Error #19: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34d-0x02f9b34e 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0xa8     (0x77067ab8 <ntdll.dll+0x57ab8>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:13.344 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: cmp    0x01(%edi) %bl
~~Dr.M~~
~~Dr.M~~ Error #20: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b354-0x02f9b358 4 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0xef     (0x77067aff <ntdll.dll+0x57aff>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:13.625 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: mov    0x08(%edi,%ecx,4) -> %ecx
~~Dr.M~~
~~Dr.M~~ Error #21: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x02f9b34d-0x02f9b34e 1 byte(s)
~~Dr.M~~ # 0 ntdll.dll!RtlConvertSidToUnicodeString    +0x103    (0x77067b13 <ntdll.dll+0x57b13>)
~~Dr.M~~ # 1 fillUserdata                               [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:2285]
~~Dr.M~~ # 2 ProxyClient                                [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4035]
~~Dr.M~~ # 3 main                                       [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:13.922 in thread 3804
~~Dr.M~~ Note: next higher malloc: 0x02f9b390-0x02f9b3e4
~~Dr.M~~ Note: prev lower malloc:  0x02f9b310-0x02f9b314
~~Dr.M~~ Note: instruction: cmp    %bl 0x01(%edi)
~~Dr.M~~
~~Dr.M~~ Error #22: UNINITIALIZED READ: reading 0x02b8835d-0x02b8835e 1 byte(s) within 0x02b88350-0x02b88370
~~Dr.M~~ # 0 system call NtFsControlFile parameter #6
~~Dr.M~~ # 1 KERNELBASE.dll!WaitNamedPipeW                         +0x191    (0x766478a2 <KERNELBASE.dll+0x578a2>)
~~Dr.M~~ # 2 KERNEL32.dll!WaitNamedPipeA                           +0x23     (0x76813404 <KERNEL32.dll+0x43404>)
~~Dr.M~~ # 3 ProxyClient                                            [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:4051]
~~Dr.M~~ # 4 main                                                   [P:\SocketANDNamedPipe\Socket2NamedPipe\Debug_SBCS/../RHProxy.cpp:5157]
~~Dr.M~~ Note: @0:00:16.593 in thread 3804
Connected to NamedPipe: \\127.0.0.1\pipe\pipenameR
Lan Workgroup: WORKGROUP
Lan ComputerName: WIN8-X64
Logon Domain: WIN8-X64
User Name: qin
User SID: S-1-5-21-2488738430-2695052325-2420952003-1001
sending User-Information ...
registering to WinSock Library
The Winsock 2.2 dll was found okay
WinSock registered: done...
Socket erstellt!
checkPipeFailedProc: pipe is there ... sleep
checkPipeFailedProc: pipe is there ... sleep
binding Socket to 127.0.0.1 : 978

No crash is seen.

zhaoqin commented 9 years ago

ifrh, might I know how to terminate the client or server process without direct kill so Dr.Memory can perform the leak scan?

zhaoqin commented 9 years ago

Using DrMemory-Windows-1.8.1-RC1 portable from https://bintray.com/bruening/DrMemory/DrMemory-Windows-portable-old/1.8.1-RC1/view, still cannot reproduce, runs fine in my VM Win-8.1Pro.

ifrh commented 9 years ago

Hi there,

Unfortunately the ServerProxy-Process has a While-True-Loop, which is waiting for a new Connection to the NamedPipe after a previos connection has been closed.

It seems that on your Win8.1 installation the client-proxy gets started. The client proxy connects the the NamedPipe and it create and open a local Socket. Now it waits for the client-Application (which should connect to this local socket) , in your concrete situation the client-Application is: => "cmd" /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- C:\Workspace\DrMemory\i1961\Socket2NamedPipe.exe -client 127.0.0.1 978".

After the client-proxy had connected to the NamedPipe (in your posting it had), the server-proxy should start the the server-application in a new cmd-Window: In Your case => "cmd" /k C:\Workspace\DrMemory\build_x86_drm_dbg.git\bin\drmemory.exe -- C:\Workspace\DrMemory\i1961\Socket2NamedPipe.exe -server -L 979

Then again there should be an next cmd-Window for the client-Application started by client-proxy. In this you can enter some words and you recieves the echos.

Message-Transmission is like this way: client <=localSocket=> client-proxy <=NamedPipe=> server-proxy <=localSocket=> server

If you close the client "Socket2NamedPipe.exe -client" via ^C or ^Z, then client-proxy and server should close independent from each other themself. Only server-proxy should stay alive - the server-proxy is not designed to become closed, I should remember and think about it at the time I create a Windows-Service out of it.

Hope that help.

Is your Win8.1 (64bit) or (32bit) ?

Best regards, Robert

zhaoqin commented 9 years ago

My Win8.1 is 64-bit, as you suggest you are running the WoW. Could you please try the latest Dr.Memory and see if it still crash?