C++ malloc/memcpy/free crash

Question

I'am really stuck with this C++ error:

    template<typename T>
    void Shift(T* Data, const ulong& Length, long Offset) const
    {
        if((!Data) || (!Length))
            return;

        if(Offset < 0)
            Offset = (Length-1) - ((-Offset-1) % Length);
        else
            Offset %= Length;

        if(!Offset)
            return;

        int TSize = sizeof(T);

        T* Shifter = new T[Length];

        if(Shifter)
        {
            memcpy(Shifter, Data + TSize * Offset, TSize * (Length - Offset));
            memcpy(Shifter + TSize * (Length - Offset), Data, TSize * Offset); //fails
            memcpy(Data, Shifter, TSize * Length);

            delete[] Shifter;
        }
    }

Well, fail is:

77CD0575 ntdll!TpWaitForAlpcCompletion() (C:\Windows\system32\ntdll.dll:??)

0028D640 ?? () (??:??)

77CB57C2 ntdll!RtlLargeIntegerDivide() (C:\Windows\system32\ntdll.dll:??)

003E1030 ?? () (??:??)

77C92A8A ntdll!RtlCopyExtendedContext() (C:\Windows\system32\ntdll.dll:??)

?? ?? () (??:??)

T is either byte of short, btw.

This code is evil, but if you comment out the memcpys one at a time you might find what's cuasing the problem — doctorlove, Dec 13 '13 at 12:27
That `reinterpret_cast` is also wrong (should be `static_cast`) — MSalters, Dec 13 '13 at 12:27
@MSalters why reinterpret_cast is wrong? I thought static_cast is weaker ... — Liviu, Dec 13 '13 at 12:34
@MSalters Nevermind, I found this http://stackoverflow.com/questions/6855686/what-is-the-difference-between-static-cast-and-reinterpret-cast — Liviu, Dec 13 '13 at 12:39
@AndreyMironov: Try `reinterpret_cast(3.5)`. Not so powerful, eh? — MSalters, Dec 13 '13 at 12:50
casting: http://www.youtube.com/watch?v=lglGKxNrLgM http://www.youtube.com/watch?v=UfrR1nNfoeY — Andrey Mironov, Dec 13 '13 at 12:52

score 8 · Accepted Answer · answered Dec 13 '13 at 12:30

8

You got the pointer arithmetics wrong. Let's say:

T* p = new T[10];

To get to the n'th element, you have to use

T* nth = p + n;

In your memcpy arguments you use it like

T* nth = p + sizeof(T) * n;

which will obviously be out of bounds at times.

answered Dec 13 '13 at 12:30

Timbo

27,472
11
50
75

But he can also convert the data and shifter pointer to void* as malloc and memcpy use void* in their prototypes. less expressive than C++ but... – alexbuisson Dec 13 '13 at 12:35
1

@alexbuisson Not to void but to some byte-sized type, yes. void* does not allow pointer arithmetics. – Timbo Dec 13 '13 at 12:36

score 3 · Answer 2 · answered Dec 13 '13 at 12:37

in memcpy you are using Data + Offset*TSize which is incorrect when you say Data + 1 on case of an int the it actually takes 4 bytes, so you dont have to specify Tsize in case of pointer. Modify your memcpy code like this

memcpy(Shifter, Data + Offset, TSize * (Length - Offset));
memcpy(Shifter + (Length - Offset), Data, TSize * Offset); //fails if TSize is greater than 1
memcpy(Data, Shifter, TSize * Length);

Better explained by Timbo

C++ malloc/memcpy/free crash

2 Answers2