On Wed, 2 Feb 2005, David Berry wrote:
> > calls astStore
> > (could be line: axis_attrib=astStore(NULL,attrib,len+4))
> > call memcpy
> > and down it goes with an EXCEPTION_ACCESS_VIOLATION,
> > which probably means the memory is unwritable.
>
> Hmm, the memcpy in this case will be *reading* from memory locations which
> have not been allocated. That is, the astStore call will malloc (len+4)
> bytes ("len" is the length of the string pointed to by "attrib") and then
> copy (len+4) bytes starting at the address given by "attrib". But when
> "attrib" is allocated it is only allocated as "len" bytes long, so the
> above call to astStore will be reading up to 4 bytes beyond the end of the
> allocated "attrib" memory.
>
> I'll change this ASAP, but similar things could be occurring at other
> places, so it may take me a minute to track them down.
David (& Mark),
well so far so good, it hasn't crashed using the same conditions as
before. I'll do some more testing before feeling too certain.
Checking the Microsoft site for EXCEPTION_ACCESS_VIOLATION (c0000005),
says: it occurs when a pointer is dereferenced and the pointer points to
inaccessible memory or a write operation is attempted on read-only memory.
So unless stepping just beyond attrib goes into "inaccessible memory"
(maybe that's just above the stack), I'm still confused.
Cheers,
Peter.
|