I have a custom class TraceInfo that I construct using std::make_shared. The construction led to a crash on one occasion with the following stack trace
00 00000099`1bb8d108 000007ff`8953129e ntdll!ZwWaitForMultipleObjects+0xa [e:\obj.amd64fre\minkernel\ntdll\daytona\objfre\amd64\usrstubs.asm @ 884]
01 00000099`1bb8d110 000007ff`8977c37a KERNELBASE!WaitForMultipleObjectsEx+0xe5 [d:\win8_gdr\minkernel\kernelbase\synch.c @ 1471]
02 (Inline Function) --------`-------- kernel32!WaitForMultipleObjects+0x1e [d:\win8_gdr\base\win32\client\synch.c @ 260]
03 00000099`1bb8d3f0 000007ff`8977c14e kernel32!WerpReportFaultInternal+0x245 [d:\win8_gdr\windows\feedback\faultrep\faultrep.cpp @ 490]
04 00000099`1bb8d490 000007ff`8959d6d4 kernel32!WerpReportFault+0x76 [d:\win8_gdr\windows\feedback\faultrep\faultrep.cpp @ 707]
05 00000099`1bb8d4c0 000007ff`8c404797 KERNELBASE!UnhandledExceptionFilter+0x23a [d:\win8_gdr\minkernel\kernelbase\xcpt.c @ 614]
06 00000099`1bb8d5c0 000007ff`8c404b4d ntdll!TppExceptionFilter+0x1f [d:\win8_ldr\minkernel\threadpool\ntdll\tp.c @ 115]
07 00000099`1bb8d5f0 000007ff`8c40a3a8 ntdll!TppWorkerpInnerExceptionFilter+0x15 [d:\win8_ldr\minkernel\threadpool\ntdll\worker.c @ 101]
08 00000099`1bb8d620 000007ff`8c32ad8e ntdll!TppWorkerThread$filt$5+0x19 [d:\win8_ldr\minkernel\threadpool\ntdll\worker.c @ 1073]
09 00000099`1bb8d660 000007ff`8c40880a ntdll!__C_specific_handler+0x8e [d:\win8_ldr\minkernel\crts\crtw32\misc\amd64\chandler.c @ 168]
0a 00000099`1bb8d6d0 000007ff`8c32a3ed ntdll!__GSHandlerCheck_SEH+0x76 [d:\win8_ldr\minkernel\crts\crtw32\misc\amd64\gshandlerseh.c @ 102]
0b 00000099`1bb8d700 000007ff`8c32b420 ntdll!RtlpExecuteHandlerForException+0xd [d:\win8_ldr\minkernel\ntos\rtl\amd64\xcptmisc.asm @ 131]
0c 00000099`1bb8d730 000007ff`8c314b7a ntdll!RtlDispatchException+0x392 [d:\win8_ldr\minkernel\ntos\rtl\amd64\exdsptch.c @ 456]
0d 00000099`1bb8de40 000007f7`d182fe18 ntdll!KiUserExceptionDispatch+0x2e [d:\win8_ldr\minkernel\ntos\rtl\amd64\trampoln.asm @ 609]
0e (Inline Function) --------`-------- Service!std::_Ptr_base<Service::Common::TraceInfo>::{ctor}+0x5 [d:\dbs\cxcache\.visualcpp.corext.0lxpiyeuee2pj95cxybknw\include\memory @ 279]
0f (Inline Function) --------`-------- Service!std::shared_ptr<Service::Common::TraceInfo>::{ctor}+0x5 [d:\dbs\cxcache\.visualcpp.corext.0lxpiyeuee2pj95cxybknw\include\memory @ 475]
10 00000099`1bb8e570 000007f7`d1846188 Service!std::make_shared<Service::Common::TraceInfo,apsdk::CustomLogID const & __ptr64,char const (& __ptr64)[19],std::basic_string<char,std::char_traits<char>,std::allocator<char> > const & __ptr64,std::shared_ptr<Service::Common::TraceInfo> const & __ptr64>+0x68 [d:\dbs\cxcache\.visualcpp.corext.0lxpiyeuee2pj95cxybknw\include\memory @ 1005]
11 00000099`1bb8e5d0 000007f7`d1c64520 Service!ns::Wrapper::MappingClient::EnumerateDirectory+0x78 [d:\dbs\sh\cs\0918_125500_0\cmd\1\Service\core\nswrapper\native\lib\nsMappingClient.cpp @ 3659]
12 00000099`1bb8e730 000007f7`d1c63710 Service!Service::Core::StoreManager::SeEnumerateDirectoryWithPaging+0xdd0 [d:\dbs\sh\cs\0918_125500_0\cmd\2\Service\core\lib\seenumeratedirectory.cpp @ 584]
13 00000099`1bb8f630 000007f7`d1ae9cef Service!Service::Core::StoreManager::SeEnumerateDirectoryChunkEx+0xa0 [d:\dbs\sh\cs\0918_125500_0\cmd\2\Service\core\lib\seenumeratedirectory.cpp @ 409]
14 00000099`1bb8f6d0 000007f7`d1aea244 Service!<lambda_d669c1bdedc796f719caaf1d82dc1df7>::operator()+0x8f [d:\dbs\sh\cs\0918_125500_0\cmd\1\Service\service\lib\Service.cpp @ 568]
15 (Inline Function) --------`-------- Service!std::_Func_class<void>::operator()+0x16 [d:\dbs\cxcache\.visualcpp.corext.0lxpiyeuee2pj95cxybknw\include\functional @ 315]
16 00000099`1bb8f940 000007f7`d1a0cb2b Service!<lambda_d81057a01a156b9bef2b713ff248a780>::operator()+0x124 [d:\dbs\sh\cs\0918_125500_0\cmd\1\Service\service\lib\requestscheduler.h @ 218]
17 00000099`1bb8f9b0 000007f7`d1a7ac18 Service!Service::Service::HandleException<Service::Protocol::EnumerateDirectoryResponse,<lambda_d81057a01a156b9bef2b713ff248a780> >+0x2b [d:\dbs\sh\cs\0918_125500_0\cmd\1\Service\service\lib\requestscheduler.h @ 60]
18 (Inline Function) --------`-------- Service!Service::Service::RequestScheduler::RequestThreadPoolCallback+0x2c [d:\dbs\sh\cs\0918_125500_0\cmd\1\Service\service\lib\requestscheduler.h @ 211]
19 00000099`1bb8fa40 000007ff`8c322253 Service!Service::Service::RequestScheduler::RequestThreadPoolCallbackW<Service::Protocol::EnumerateDirectoryChunkExRequest,Service::Protocol::EnumerateDirectoryResponse>+0x48 [d:\dbs\sh\cs\0918_125500_0\cmd\1\Service\service\lib\requestscheduler.h @ 199]
1a 00000099`1bb8fa90 000007ff`8c3172f8 ntdll!TppWorkpExecuteCallback+0x103 [d:\win8_ldr\minkernel\threadpool\ntdll\work.c @ 706]
1b 00000099`1bb8fbe0 000007ff`896e1842 ntdll!TppWorkerThread+0x604 [d:\win8_ldr\minkernel\threadpool\ntdll\worker.c @ 1070]
1c 00000099`1bb8fe80 000007ff`8c34d421 kernel32!BaseThreadInitThunk+0x1a [d:\win8_gdr\base\win32\client\thread.c @ 65]
1d 00000099`1bb8feb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d [d:\win8_ldr\minkernel\ntdll\rtlstrt.c @ 1021]
In particular, note that the function that triggered the crash was
[d:\dbs\cxcache.visualcpp.corext.0lxpiyeuee2pj95cxybknw\include\memory @ 279]
Here is the text of that function
!analyze -v in windbg tells me that this was an INVALID_POINTER_WRITE.
What could have caused an invalid pointer write in std::make_shared?
Here is a snippet of the constructor of the TraceInfo class
TraceInfo::TraceInfo(
LogInfo logInfo,
std::string functionName,
std::string correlation,
const std::shared_ptr<TraceInfo>& parent,
std::string instance
):
m_logInfo(std::move(logInfo)),
m_functionName(std::move(functionName)),
m_correlation(std::move(correlation)),
m_parent(parent),
m_Id(NewGuid()),
m_instance(std::move(instance)),
m_work(std::numeric_limits<uint64_t>::max()),
m_maxExpectedLatency(std::numeric_limits<uint64_t>::max()),
m_error(CsError_OK),
m_latencyInfo(std::make_unique<LatencyInfo>()),
m_callInfo(m_parent == nullptr ? std::make_shared<CallInfo>() : m_parent->m_callInfo)
{
Aucun commentaire:
Enregistrer un commentaire