jsoncpp icon indicating copy to clipboard operation
jsoncpp copied to clipboard
verified publisher icon open-source-parsers

Crash on Value::releasePayload()

Open PredatorMF opened this issue 5 years ago • 4 comments

Describe the bug Random crash when parsing a document. This happens once in a while on a dozens of remote clients. Almost exact stack trace can be seen with v.0.7.0

To Reproduce

  1. I couldn't reproduce with any json.

Expected behavior No crash.

Desktop (please complete the following information):

  • OS: Windows 7
  • Visual Studio 2019

Additional context

Crash reason:  EXCEPTION_ACCESS_VIOLATION_READ
Crash address: 0xf56bfd4
Assertion: Unknown assertion type 0x00000000
Process uptime: 64714 seconds

Thread 9 (crashed)
 0  ntdll.dll + 0x51ffe
 1  ntdll.dll + 0x51faf
 2  ucrtbase.dll + 0x2ec4b
 3  ucrtbase.dll + 0x2ec18
 4  runner.exe!operator delete(void *,unsigned int) [delete_scalar_size.cpp : 31 + 0x8]
 5  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 745 + 0x27]
 6  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
 7  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
 8  runner.exe!Json::Value::releasePayload() [json_value.cpp : 1021 + 0x13]
 9  runner.exe!Json::Value::~Value() [json_value.cpp : 442 + 0x5]
10  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 745 + 0x17]
11  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
12  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
13  runner.exe!Json::Value::releasePayload() [json_value.cpp : 1021 + 0x13]
14  runner.exe!Json::Value::~Value() [json_value.cpp : 442 + 0x5]
15  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 745 + 0x17]
16  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
17  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
18  runner.exe!Json::Value::releasePayload() [json_value.cpp : 1021 + 0x13]
19  runner.exe!Json::Value::~Value() [json_value.cpp : 442 + 0x5]
20  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 745 + 0x17]
21  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
22  runner.exe!Json::Value::releasePayload() [json_value.cpp : 1021 + 0x13]
23  runner.exe!Json::Value::~Value() [json_value.cpp : 442 + 0x5]
24  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 745 + 0x17]
25  runner.exe!Json::Value::releasePayload() [json_value.cpp : 1021 + 0x13]
26  runner.exe!Json::Value::~Value() [json_value.cpp : 442 + 0x5]
27  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 745 + 0x17]
28  runner.exe!std::_Tree_val<std::_Tree_simple_types<std::pair<Json::Value::CZString const ,Json::Value> > >::_Erase_tree<std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > >(std::allocator<std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> > &,std::_Tree_node<std::pair<Json::Value::CZString const ,Json::Value>,void *> *) [xtree : 744 + 0xb]
29  runner.exe!Json::Value::releasePayload() [json_value.cpp : 1021 + 0x13]
30  runner.exe!Json::Value::~Value() [json_value.cpp : 442 + 0x5]
31  runner.exe!Json::Reader::readObject(Json::Reader::Token &) [json_reader.cpp : 495 + 0x59]
32  runner.exe!Json::Reader::readValue() [json_reader.cpp : 170 + 0xb]
33  runner.exe!Json::Reader::parse(char const *,char const *,Json::Value &,bool) [json_reader.cpp : 130 + 0x7]
34  runner.exe!Json::Reader::parse(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,Json::Value &,bool) [json_reader.cpp : 96 + 0x14]
35  runner.exe!DataInterface::ParseTask::DoWork() [DataProvider.cpp : 153 + 0x1e]
36  runner.exe!platform::Thread::ThreadMain() [thread_win.cpp : 108 + 0x8]
37  runner.exe!static unsigned long platform::ThreadFunc(void *) [platform_thread.cpp : 49 + 0xa]
38  kernel32.dll + 0x51174
39  ntdll.dll + 0x5b3f5
40  ntdll.dll + 0x5b3c8

PredatorMF avatar Jun 28 '20 22:06 PredatorMF

It would be very helpful if you provide a minimal working example that triggers this crash so that others be able to reproduce it.

dota17 avatar Jul 07 '20 03:07 dota17

19.....nineteen. That is all.

On Mon, Jul 6, 2020, 8:24 PM Chen [email protected] wrote:

It would be very helpful if you provide a minimal working example that triggers this crash so that others be able to reproduce it.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/open-source-parsers/jsoncpp/issues/1196#issuecomment-654575943, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJKTDOZ7Y5VD5VVH4W2BX5DR2KIN7ANCNFSM4OKXDPJA .

yuwishc13 avatar Jul 10 '20 14:07 yuwishc13 


// My main thread has this:
class MyExample {
...
// lock to protect Json::Value access
std::mutex lock_;
Json::Value json_;
bool valid_communication_;
bool parse_done_;
};

// Worker thread executes this:
bool DoWork() {
  Json::Reader reader;
  {
    const std::lock_guard<std::mutex> lock(owner_->lock_);
    if (!reader.parse(http_task_->GetContent(), owner_->json_, false))
      owner_->valid_communication_ = false;
    else 
      owner_->valid_communication_ = true;
    parse_done_ = true;
  }
}

The stack trace above is happening on the worker thread DoWork() function, the main thread in my program is not executing anything related to json parsing or processing, in fact it is in a different state every time I see this crash, so I assume there's something wrong in the parsing. I will try to extract the exact json data when this happens and create a working example.

PredatorMF avatar Aug 02 '20 10:08 PredatorMF 

// My main thread has this:
class MyExample {
...
// lock to protect Json::Value access
std::mutex lock_;
Json::Value json_;
bool valid_communication_;
bool parse_done_;
};

// Worker thread executes this:
bool DoWork() {
  Json::Reader reader;
  {
    const std::lock_guard<std::mutex> lock(owner_->lock_);
    if (!reader.parse(http_task_->GetContent(), owner_->json_, false))
      owner_->valid_communication_ = false;
    else 
      owner_->valid_communication_ = true;
    parse_done_ = true;
  }
}

The stack trace above is happening on the worker thread DoWork() function, the main thread in my program is not executing anything related to json parsing or processing, in fact it is in a different state every time I see this crash, so I assume there's something wrong in the parsing. I will try to extract the exact json data when this happens and create a working example.

I'm running into similar issues on iOS. Have u solved this?

HJWAJ avatar Apr 07 '22 18:04 HJWAJ