BUG: Memory Access Violation Uses Repeated Realloc's For Small Blocks

ID: Q225099


The information in this article applies to:


SYMPTOMS

Under certain rare circumstances Realloc a Small Block causes access violation with VC6 Small-block Allocator if the total small-block memory pool exceeds 16 MB.


CAUSE

Memory access violation occurs inside __sbh_free_block() due to a bug in the implementation of _realloc_base().


RESOLUTION

  1. Following is one possible workaround:

    Replace:
    __sbh_free_block(pHeader, pBlock); 
    With:
    pHeader = __sbh_find_block(pBlock);
    __sbh_free_block(pHeader, pBlock); 
    In the following code block in Realloc.c:
    
    //  if the new size is not over __sbh_threshold, attempt
    //  to reallocate within the small-block heap
    if (newsize <= __sbh_threshold)
    {
       if (__sbh_resize_block(pHeader, pBlock, newsize))
          pvReturn = pBlock;
       else if ((pvReturn = __sbh_alloc_block(newsize)) != NULL)
       {
          oldsize = ((PENTRY)((char *)pBlock -
                             sizeof(int)))->sizeFront - 1;
          memcpy(pvReturn, pBlock, __min(oldsize, newsize));
          __sbh_free_block(pHeader, pBlock);
       }
    } 
    And rebuild CRT.

    NOTE: If you are rebuilding the DLL version of CRT, the new DLL name should not start with msvc.



  2. The second workaround suggestion is to implement your own Realloc() to avoid using the CRT implementation.



STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

Steps to Reproduce Behavior

Build the following .cpp file as a console application and run it under the debugger. You will get an access violation error.

//main.cpp

#include "stdio.h"
#include "stdlib.h"

int main()
{
	char* pData;

	for( int i=0; i< 70000; i++ )
	{
            pData = (char*)malloc( 32 );
            pData = (char*)realloc( pData, 290 );  //access violation in small-block allocator 
	}	

	return(0);
} //end main 

Additional query words: realloc small-block heap memory unhandled exception


Keywords          : kbCRT kbVC600QFE 
Version           : winnt:6.0
Platform          : winnt 
Issue type        : kbbug 

Last Reviewed: April 12, 1999