cxbx-shogun icon indicating copy to clipboard operation
cxbx-shogun copied to clipboard

Published 20 hours ago verified publisher icon Echelon9

Crash after RtlReAllocateHeap()

Open Echelon9 opened this issue 10 years ago • 0 comments

A reproducible memory corruption crash has been observed following certain titles' call to RtlReAllocateHeap() when running with Cxbx Debug.

A typical call pattern will be as follows. Note it is not all calls to RtlReAllocateHeap() that trigger this bug. However it is reproducible with a particular set of RtlReAllocateHeap() call locations within a given title, with each indicating heap corruption.

It may be that the preceding items on the call stack are the atexit() function and its internals, in which case the underlying root case may have been detected elsewhere and a rapid path exit is simply crashing.

EmuXapi (0xA80): EmuRtlReAllocateHeap
(
   hHeap               : 0x018F0000
   dwFlags             : 0x00000000
   lpMem               : 0x01951D30
   dwBytes             : 0x00000200
);
pRet : 0x01952018
...
EmuXapi (0xA80): EmuRtlReAllocateHeap
(
   hHeap               : 0x018F0000
   dwFlags             : 0x00000000
   lpMem               : 0x01952018
   dwBytes             : 0x00000210
);
EmuMain (0xA80): Recieved Exception (Code := 0xC0000005)

 EIP := 0x100062E7 EFL := 0x00010202
 EAX := 0x6158756D EBX := 0x00000000 ECX := 0x0195200C EDX := 0x6158756D
 ESI := 0x0186FCF8 EDI := 0x0186FCE8 ESP := 0x0186FCA0 EBP := 0x0186FCA4
 CR2 := 0x00000000

  0: CxbxKrnl 0x100062E7 IsThisMemoryBlock+0x0017
  1: CxbxKrnl 0x100066D1 FindMemoryBlock+0x0031
  2: CxbxKrnl 0x10006542 CxbxRtlReallocDebug+0x0032
  3: CxbxKrnl 0x1002756C XTL::EmuRtlReAllocateHeap+0x00BC
  4: default  0x000F5DF9
  5: default  0x0006B9C8

Echelon9 avatar Jun 17 '14 11:06 Echelon9