mimalloc
mimalloc copied to clipboard
microsoft
mi_free_size: pointer might not point to a valid heap region
Error:
mimalloc: warning: thread 0xDAB926C000: mi_free_size: pointer might not point to a valid heap region: 0x020000431230
(this may still be a valid very large allocation (over 64MiB))
mimalloc: error: thread 0xDAB926C000: mi_free_size: pointer does not point to a valid heap space: 0x020000431230
mimalloc: assertion failed: at "Z:\project\src\manual\mimalloc\src\free.c":343, mi_free_size assertion: "p == NULL || size <= _mi_usable_size(p,"mi_free_size")"
OS: Windows 11 Pro x64 #include <mimalloc-new-delete.h> defined in main.cpp.
MyDLL is my library that I compile and use mimalloc in it. I inject MyDLL into target software that does NOT use mimalloc and for which I have NO source code. After many initializations and releasing std::string in the code of my injected MyDLL library in the target software, this error occurs.
The error occurs when calling the delete operator in std::basic_string.
What could be the problem?
mimalloc v2.0.1 Generated solution for VS C++
cmake -G "Visual Studio 17 2022" -S . -B vsbuild
mimalloc-static buiit with default parameters for Debug configuration, the only thing added is the parameter:
Multi-threaded Debug (/MTd)
MyDLL compiled with MSVC: C++ params:
/ifcOutput "MyDLL.dir\Debug\" /GS /W1 /Zc:wchar_t /I"Z:\projects\src\MyDLL\src\common" /I"Z:\projects\src\MyDLL\src\MyDLL" /I"Z:\projects\src\MyDLL\dependencies\manual\mimalloc\include" /I"Z:\projects\src\MyDLL\dependencies\manual\json" /Zi /Od /Ob0 /Fd"MyDLL.dir\Debug\vc143.pdb" /Zc:inline /fp:precise /D "_WINDLL" /D "_UNICODE" /D "UNICODE" /D "WIN32" /D "_WINDOWS" /D "_LOG" /D "LOG_SWAP_STACK" /D "MyDLL" /D "MyDLL_EXPORTS" /D "MyDLLLIB_EXPORTS" /D "_DEBUG" /D "_USRDLL" /D "X64" /D "CMAKE_INTDIR=\"Debug\"" /D "MyDLL_EXPORTS" /errorReport:prompt /WX- /Zc:forScope /RTC1 /Gd /Oy- /MTd /std:c++17 /Fa"MyDLL.dir\Debug\" /EHsc /nologo /Fo"MyDLL.dir\Debug\" /Fp"MyDLL.dir\Debug\MyDLL.pch" /diagnostics:column
Linked params:
/OUT:"Z:\projects\src\MyDLL\build\Windows\AMD64\out\Debug\MyDLL.dll" /MANIFEST /NXCOMPAT /PDB:"C:/0my/projects/my/MyDLL/build/Windows/AMD64/out/Debug/MyDLL.pdb" /DYNAMICBASE "Z:\projects\src\MyDLL\build\Windows\AMD64\out\Debug\MyAnalyzer.lib" "mimalloc-static.lib" "capstone.lib" "DbgHelp.lib" "ntdll.lib" "Crypt32.lib" "ws2_32.lib" "winmm.lib" "wldap32.lib" "kernel32.lib" "user32.lib" "gdi32.lib" "winspool.lib" "comdlg32.lib" "advapi32.lib" "shell32.lib" "ole32.lib" "oleaut32.lib" "uuid.lib" "odbc32.lib" "odbccp32.lib" /IMPLIB:"C:/0my/projects/my/MyDLL/build/Windows/AMD64/out/Debug/MyDLL.lib" /DEBUG /DLL /MACHINE:X64 /OPT:NOREF /INCREMENTAL /PGD:"Z:\projects\src\MyDLL\build\Windows\AMD64\out\Debug\MyDLL.pgd" /SUBSYSTEM:CONSOLE /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /ManifestFile:"MyDLL.dir\Debug\MyDLL.dll.intermediate.manifest" /LTCGOUT:"MyDLL.dir\Debug\MyDLL.iobj" /OPT:NOICF /ERRORREPORT:PROMPT /ILK:"MyDLL.dir\Debug\MyDLL.ilk" /NOLOGO /LIBPATH:"C:/0my/projects/my/MyDLL/build/Windows/AMD64/out" /LIBPATH:"C:/0my/projects/my/MyDLL/build/Windows/AMD64/out/Debug" /LIBPATH:"C:/0my/projects/my/MyDLL/dep/mimalloc/vsbuild/Debug" /LIBPATH:"C:/0my/projects/my/MyDLL/dep/mimalloc/vsbuild/Debug/Debug" /LIBPATH:"C:/0my/projects/my/MyDLL/dep/capstone/vsbuild/Debug" /LIBPATH:"C:/0my/projects/my/MyDLL/dep/capstone/vsbuild/Debug/Debug" /TLBID:1
Stacktrace:
0:005> kn
# Child-SP RetAddr Call Site
00 000000da`b99fd258 00007ffe`80bdfd8e ntdll!NtTerminateProcess+0x14
01 000000da`b99fd260 00007ffe`7f6918ab ntdll!RtlExitUserProcess+0x11e
02 000000da`b99fd290 00007ffd`6cf1bb7a KERNEL32!ExitProcessImplementation+0xb
03 000000da`b99fd2c0 00007ffd`6cf1bb12 MyDLL!exit_or_terminate_process+0x3a [minkernel\crts\ucrt\src\appcrt\startup\exit.cpp @ 138]
04 000000da`b99fd2f0 00007ffd`6cf1be89 MyDLL!common_exit+0x92 [minkernel\crts\ucrt\src\appcrt\startup\exit.cpp @ 274]
05 000000da`b99fd350 00007ffd`6ceaa7cb MyDLL!_exit+0x19 [minkernel\crts\ucrt\src\appcrt\startup\exit.cpp @ 293]
06 000000da`b99fd380 00007ffd`6cb35139 MyDLL!abort+0x7b [minkernel\crts\ucrt\src\appcrt\startup\abort.cpp @ 90]
07 000000da`b99fd3c0 00007ffd`6cb29b3f MyDLL!_mi_assert_fail+0x79 [Z:\projects\src\manual\mimalloc\src\options.c @ 480]
08 000000da`b99fd420 00007ffd`6cb0e54e MyDLL!mi_free_size+0x4f [Z:\projects\src\manual\mimalloc\src\free.c @ 343]
09 000000da`b99fd450 00007ffd`6cae4f89 MyDLL!operator delete+0x1e [Z:\projects\src\manual\mimalloc\include\mimalloc-new-delete.h @ 47]
0a 000000da`b99fd480 00007ffd`6cae58e9 MyDLL!std::_Deallocate<16>+0x39 [C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\14.42.34433\include\xmemory @ 258]
0b 000000da`b99fd4b0 00007ffd`6cae540e MyDLL!std::allocator<char>::deallocate+0xa9 [C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\14.42.34433\include\xmemory @ 949]
0c 000000da`b99fd4f0 00007ffd`6cae56cb MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Deallocate_for_capacity+0x2e [C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\14.42.34433\include\xstring @ 833]
0d 000000da`b99fd520 00007ffd`6cae510a MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Tidy_deallocate+0x5b [C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\14.42.34433\include\xstring @ 3062]
0e 000000da`b99fd570 00007ffd`6cb12bdf MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::~basic_string<char,std::char_traits<char>,std::allocator<char> >+0x2a [C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\14.42.34433\include\xstring @ 1372]
0f 000000da`b99fd5d0 00007ffe`80b0814b MyDLL!MyFuncUsesMenyStrings+0x2af
It looks like std::string doesn't use the mimalloc allocator when creating string, but uses mi_free_size to release memory.
MyDLL!MyFuncUsesMenyStrings+0x269:
00007ffd`74ef9d59 e81276fcff call MyDLL!ILT+875(?c_str?$basic_stringDU?$char_traitsDstdV?$allocatorD (00007ffd`74ec1370)
0:005> bp 00007ffd`74ef9d5e
0:005> t
MyDLL!ILT+875(?c_str?$basic_stringDU?$char_traitsDstdV?$allocatorD:
00007ffd`74ec1370 e97bb50000 jmp MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str (00007ffd`74ecc8f0)
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str:
00007ffd`74ecc8f0 48894c2408 mov qword ptr [rsp+8],rcx ss:00000005`805fd3f0=00000005805fd498
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0x5:
00007ffd`74ecc8f5 57 push rdi
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0x6:
00007ffd`74ecc8f6 4883ec20 sub rsp,20h
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0xa:
00007ffd`74ecc8fa 488b442430 mov rax,qword ptr [rsp+30h] ss:00000005`805fd3f0=00000005805fd498
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0xf:
00007ffd`74ecc8ff 488bc8 mov rcx,rax
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0x12:
00007ffd`74ecc902 e85d5bffff call MyDLL!ILT+5215(?_Myptr?$_String_valU?$_Simple_typesDstdstdQEBAPEBDXZ) (00007ffd`74ec2464)
0:005>
MyDLL!ILT+5215(?_Myptr?$_String_valU?$_Simple_typesDstdstdQEBAPEBDXZ):
00007ffd`74ec2464 e957a10000 jmp MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr (00007ffd`74ecc5c0)
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr:
00007ffd`74ecc5c0 48894c2408 mov qword ptr [rsp+8],rcx ss:00000005`805fd3c0=cccccccccccccccc
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x5:
00007ffd`74ecc5c5 57 push rdi
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x6:
00007ffd`74ecc5c6 4883ec30 sub rsp,30h
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0xa:
00007ffd`74ecc5ca 488b442440 mov rax,qword ptr [rsp+40h] ss:00000005`805fd3c0=00000005805fd498
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0xf:
00007ffd`74ecc5cf 4883c008 add rax,8
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x13:
00007ffd`74ecc5d3 4889442420 mov qword ptr [rsp+20h],rax ss:00000005`805fd3a0=0000000000000001
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x18:
00007ffd`74ecc5d8 488b4c2440 mov rcx,qword ptr [rsp+40h] ss:00000005`805fd3c0=00000005805fd498
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x1d:
00007ffd`74ecc5dd e89b72ffff call MyDLL!ILT+10360(?_Large_mode_engaged?$_String_valU?$_Simple_typesDstdstdQEBA_NXZ) (00007ffd`74ec387d)
0:005>
MyDLL!ILT+10360(?_Large_mode_engaged?$_String_valU?$_Simple_typesDstdstdQEBA_NXZ):
00007ffd`74ec387d e9fe8c0000 jmp MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged (00007ffd`74ecc580)
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged:
00007ffd`74ecc580 48894c2408 mov qword ptr [rsp+8],rcx ss:00000005`805fd380=0000000000000000
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x5:
00007ffd`74ecc585 57 push rdi
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x6:
00007ffd`74ecc586 4883ec10 sub rsp,10h
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0xa:
00007ffd`74ecc58a 488b442420 mov rax,qword ptr [rsp+20h] ss:00000005`805fd380=00000005805fd498
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0xf:
00007ffd`74ecc58f 488378200f cmp qword ptr [rax+20h],0Fh ds:00000005`805fd4b8=000000000000001f
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x14:
00007ffd`74ecc594 7609 jbe MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x1f (00007ffd`74ecc59f) [br=0]
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x16:
00007ffd`74ecc596 c7042401000000 mov dword ptr [rsp],1 ss:00000005`805fd360=00000000
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x1d:
00007ffd`74ecc59d eb07 jmp MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x26 (00007ffd`74ecc5a6)
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x26:
00007ffd`74ecc5a6 0fb60424 movzx eax,byte ptr [rsp] ss:00000005`805fd360=01
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x2a:
00007ffd`74ecc5aa 4883c410 add rsp,10h
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x2e:
00007ffd`74ecc5ae 5f pop rdi
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged+0x2f:
00007ffd`74ecc5af c3 ret
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x22:
00007ffd`74ecc5e2 0fb6c0 movzx eax,al
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x25:
00007ffd`74ecc5e5 85c0 test eax,eax
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x27:
00007ffd`74ecc5e7 7413 je MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x3c (00007ffd`74ecc5fc) [br=0]
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x29:
00007ffd`74ecc5e9 488b442440 mov rax,qword ptr [rsp+40h] ss:00000005`805fd3c0=00000005805fd498
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x2e:
00007ffd`74ecc5ee 488b4808 mov rcx,qword ptr [rax+8] ds:00000005`805fd4a0=0000020000431230
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x32:
00007ffd`74ecc5f2 e82376ffff call MyDLL!ILT+11285(??$_UnfancyDstdYAPEADPEADZ) (00007ffd`74ec3c1a)
0:005>
MyDLL!ILT+11285(??$_UnfancyDstdYAPEADPEADZ):
00007ffd`74ec3c1a e911850000 jmp MyDLL!std::_Unfancy<char> (00007ffd`74ecc130)
0:005>
MyDLL!std::_Unfancy<char>:
00007ffd`74ecc130 48894c2408 mov qword ptr [rsp+8],rcx ss:00000005`805fd380=00000005805fd498
0:005>
MyDLL!std::_Unfancy<char>+0x5:
00007ffd`74ecc135 57 push rdi
0:005>
MyDLL!std::_Unfancy<char>+0x6:
00007ffd`74ecc136 488b442410 mov rax,qword ptr [rsp+10h] ss:00000005`805fd380=0000020000431230
0:005>
MyDLL!std::_Unfancy<char>+0xb:
00007ffd`74ecc13b 5f pop rdi
0:005>
MyDLL!std::_Unfancy<char>+0xc:
00007ffd`74ecc13c c3 ret
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x37:
00007ffd`74ecc5f7 4889442420 mov qword ptr [rsp+20h],rax ss:00000005`805fd3a0=00000005805fd4a0
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x3c:
00007ffd`74ecc5fc 488b442420 mov rax,qword ptr [rsp+20h] ss:00000005`805fd3a0=0000020000431230
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x41:
00007ffd`74ecc601 4883c430 add rsp,30h
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x45:
00007ffd`74ecc605 5f pop rdi
0:005>
MyDLL!std::_String_val<std::_Simple_types<char> >::_Myptr+0x46:
00007ffd`74ecc606 c3 ret
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0x17:
00007ffd`74ecc907 4883c420 add rsp,20h
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0x1b:
00007ffd`74ecc90b 5f pop rdi
0:005>
MyDLL!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::c_str+0x1c:
00007ffd`74ecc90c c3 ret
Is the std::string in question passed across DLL boundaries?
In that case, the string was most likely allocated not using mimalloc.
