Heap Storage Corruption
-
Hi I have the following code which I basically take a hex array and convert it to a ascii char * e.g 0X47F0F01A so the array becomes 303770307030316500 I marked off where I get dialogbox message from CRT and I cannt for the life of me figure out why the memcpy where I mark off the string with a null is 8 bytes into the 70 bytes allocated
// converts character array
// to string and returns it
char* convertToString(unsigned char* a, int size)
{
int i;
char ch;
char getch(char);
char* t = new char[70];
char* k = t;
char thenullptr = 0x00;
char* s;
if (size == 80)
__debugbreak();
for (i = 0; (i < size && i < 62); i++) {
ch = a[i];
ch = ch >> 4;
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;
ch = a[i];
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;} if (i >= 62) { s = new char\[63\]; ::memcpy(s, t, 62); k = s + 62; ::memcpy(k, &thenullptr, 1); <------- call which causes read exception or overwrite delete t; return s; } ::memcpy(k, &thenullptr, 1); s = new char(strlen(t) + 1);;
::memcpy(s, t, strlen(t) + 1);
delete t;
return s;
}char getch(char ch)
{if (ch <= 0x09) ch += 48; else ch += 55; return ch;}
ForNow wrote:
s = new char\[63\]; ::memcpy(s, t, 62); k = s + 62; ::memcpy(k, &thenullptr, 1); <------- call which causes read exception or overwritewhy are you doing it so complicated? Why not just
s = new char[63] {0};
::memcpy(s, t, 62);and you won't need to copy the terminated 0x00 byte. Or just set it form the very begin:
s = new char[63];
s[62] = '\0';
::memcpy(s, t, 62); -
ForNow wrote:
s = new char\[63\]; ::memcpy(s, t, 62); k = s + 62; ::memcpy(k, &thenullptr, 1); <------- call which causes read exception or overwritewhy are you doing it so complicated? Why not just
s = new char[63] {0};
::memcpy(s, t, 62);and you won't need to copy the terminated 0x00 byte. Or just set it form the very begin:
s = new char[63];
s[62] = '\0';
::memcpy(s, t, 62); -
Ok let me redo it thanks for responding thing is it doesn’t happen the first time the sub gets called only after a number if calls Thank you again
That would suggest you probably have a bug elsewhere in you program. Maybe a buffer overflow or an uninitialized variable is writing where it shouldn't. If you haven't already, turn up the warning level on the compiler, and then fix everything it flags. If this still happens, you'll need to dig into your debugger and look into watch points and the like.
Keep Calm and Carry On
-
Hi I have the following code which I basically take a hex array and convert it to a ascii char * e.g 0X47F0F01A so the array becomes 303770307030316500 I marked off where I get dialogbox message from CRT and I cannt for the life of me figure out why the memcpy where I mark off the string with a null is 8 bytes into the 70 bytes allocated
// converts character array
// to string and returns it
char* convertToString(unsigned char* a, int size)
{
int i;
char ch;
char getch(char);
char* t = new char[70];
char* k = t;
char thenullptr = 0x00;
char* s;
if (size == 80)
__debugbreak();
for (i = 0; (i < size && i < 62); i++) {
ch = a[i];
ch = ch >> 4;
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;
ch = a[i];
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;} if (i >= 62) { s = new char\[63\]; ::memcpy(s, t, 62); k = s + 62; ::memcpy(k, &thenullptr, 1); <------- call which causes read exception or overwrite delete t; return s; } ::memcpy(k, &thenullptr, 1); s = new char(strlen(t) + 1);;
::memcpy(s, t, strlen(t) + 1);
delete t;
return s;
}char getch(char ch)
{if (ch <= 0x09) ch += 48; else ch += 55; return ch;}
You are using
new[], so you must use a matchingdelete[]:char* t = new char[70];
// do stuff with t
delete[] t;
This might not be the cause of the problem you are having, but it will cause problems.
-
You are using
new[], so you must use a matchingdelete[]:char* t = new char[70];
// do stuff with t
delete[] t;
This might not be the cause of the problem you are having, but it will cause problems.
-
C doesn't have new/delete at all - you are writing C++
-
Hi I have the following code which I basically take a hex array and convert it to a ascii char * e.g 0X47F0F01A so the array becomes 303770307030316500 I marked off where I get dialogbox message from CRT and I cannt for the life of me figure out why the memcpy where I mark off the string with a null is 8 bytes into the 70 bytes allocated
// converts character array
// to string and returns it
char* convertToString(unsigned char* a, int size)
{
int i;
char ch;
char getch(char);
char* t = new char[70];
char* k = t;
char thenullptr = 0x00;
char* s;
if (size == 80)
__debugbreak();
for (i = 0; (i < size && i < 62); i++) {
ch = a[i];
ch = ch >> 4;
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;
ch = a[i];
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;} if (i >= 62) { s = new char\[63\]; ::memcpy(s, t, 62); k = s + 62; ::memcpy(k, &thenullptr, 1); <------- call which causes read exception or overwrite delete t; return s; } ::memcpy(k, &thenullptr, 1); s = new char(strlen(t) + 1);;
::memcpy(s, t, strlen(t) + 1);
delete t;
return s;
}char getch(char ch)
{if (ch <= 0x09) ch += 48; else ch += 55; return ch;}
As far as I know it is not a good idea to allocate memory using a runtime (the DLL's one) and releasing it using another one (the application linking with the DLL). See, for instance: Potential Errors Passing CRT Objects Across DLL Boundaries | Microsoft Learn[^].
"In testa che avete, Signor di Ceprano?" -- Rigoletto
-
As far as I know it is not a good idea to allocate memory using a runtime (the DLL's one) and releasing it using another one (the application linking with the DLL). See, for instance: Potential Errors Passing CRT Objects Across DLL Boundaries | Microsoft Learn[^].
"In testa che avete, Signor di Ceprano?" -- Rigoletto
-
that's is my scenario I pass a hex array pointer to DLL function and allocate the storage there and pass the pointer back to the application I have to read what you sent I have Dr appointment in 15 min but thanks for the info
-
Hi I have the following code which I basically take a hex array and convert it to a ascii char * e.g 0X47F0F01A so the array becomes 303770307030316500 I marked off where I get dialogbox message from CRT and I cannt for the life of me figure out why the memcpy where I mark off the string with a null is 8 bytes into the 70 bytes allocated
// converts character array
// to string and returns it
char* convertToString(unsigned char* a, int size)
{
int i;
char ch;
char getch(char);
char* t = new char[70];
char* k = t;
char thenullptr = 0x00;
char* s;
if (size == 80)
__debugbreak();
for (i = 0; (i < size && i < 62); i++) {
ch = a[i];
ch = ch >> 4;
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;
ch = a[i];
ch = ch & 0x0f;
ch = getch(ch);
memcpy(k, &ch, 1);
k++;} if (i >= 62) { s = new char\[63\]; ::memcpy(s, t, 62); k = s + 62; ::memcpy(k, &thenullptr, 1); <------- call which causes read exception or overwrite delete t; return s; } ::memcpy(k, &thenullptr, 1); s = new char(strlen(t) + 1);;
::memcpy(s, t, strlen(t) + 1);
delete t;
return s;
}char getch(char ch)
{if (ch <= 0x09) ch += 48; else ch += 55; return ch;}
If I got you, the code should return the hexadecimal representation of a bunch of bytes. In order to avoid CRT-conflicts, you have to make the caller responsible of the output buffer allocation/deallocation. Something like this
#include #include using namespace std;
// in [INPUT] - the binary array we wish to represent with an hex string
// size_in [INPUT] - the size (bytes) of the binary array
// out [OUTPUT] - the buffer receiving the hexadecimal representation of the binary data
// out_size [INPUT] - the size of the buffer. It should be at least (size_in*2+1) in order ot represent all the input data
size_t to_hex( unsigned char in[], size_t size_in, char out[], size_t size_out)
{
size_t n;
for (n=0; (n < size_in) && (n < (size_out-1)b/2); ++n)
{
unsigned char nibble;
nibble = (in[n] >> 4); // the MSB nibble
out[2*n] = nibble < 10 ? nibble + '0' : nibble - 10 + 'A';
nibble = (in[n] & 15); // the LSB nibble
out[2*n+1] = nibble < 10 ? nibble + '0' : nibble - 10 + 'A';
}if ( 2*n < size_out)
out[2*n] = '\0';return n;
}// a little test
int main()
{
unsigned char small[] = { 0x25, 0x37, 0x48, 0x42, 0x42 };char buffer[41];
size_t size = to_hex( small, sizeof(small), buffer, sizeof(buffer));
cout << "converted bytes " << size << ", hex string " << buffer << "\n";unsigned char large[256];
for (size_t n=0; n<256; ++n)
{
large[n] = n;
}size = to_hex( large, sizeof(large), buffer, sizeof(buffer));
cout << "converted bytes " << size << ", hex string " << buffer << "\n";
}"In testa che avete, Signor di Ceprano?" -- Rigoletto
