Is WinDbg able to detect memory heap corruption due to invalid downcasting?

Question

It was a bug that I just found! Hooray. The bug was due to an incorrect downcasting, and indeed I was using static_cast instead of dynamic_cast.

My application is pretty large and multithreaded and interacts with other applications. So debugging is very hard. I have tried to use WinDbg, GFlags, and Application Verifier without results. Certainly because I don't know how to use these tools.

Is it possible to find a memory heap corruption due to an invalid downcasting, with the use of tools like WinDbg? If yes, how?

What was a bug you just found? This post makes no sense at all. — Lightness Races in Orbit, Jan 05 '12 at 17:27
Really what? Your first two sentences make no sense. They talk about some bug that you haven't introduced into the question. What bug? — Lightness Races in Orbit, Jan 06 '12 at 15:19
@Lightness : Ok I see what you mean, sorry for my poor english. — Guillaume Paris, Jan 06 '12 at 15:30

score 13 · Accepted Answer · answered Jan 06 '12 at 08:58

Windbg !heap –s –v command can reveal a corrupt heap

0:008> !heap -s -v

  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
.ERROR: Block 001842e8 previous size 0 does not match previous block size 4
HEAP 00140000 (Seg 00140640) At 001842e8 Error: invalid block Previous

Mark B · Answer 2 · 2012-01-05T17:20:29.797

1

EDIT: Comments made it clear that non-Windows options aren't viable. In that case I've had good luck with Purify before, but unfortunately it's $$$. I'm not familiar with other Windows memory checking tools however.

In regards to this specific case, anytime you find yourself downcasting, spend at least a minute thinking about an alternate interface or design that could remove the need. Compiler errors and warnings, and a solid design can find a lot of bugs that would otherwise take hours to find.

edited Jan 05 '12 at 17:20

answered Jan 05 '12 at 16:14

Mark B

95,107
10
109
188

recommending valgrind for a windows user? – PlasmaHH Jan 05 '12 at 16:17
@Mark B: so you confirm it's possible with valgrind to have in input the dump of app when it crash and on output the line of code which cause the problem ? – Guillaume Paris Jan 05 '12 at 16:19
@PlasmaHH: yes indeed but I think there is the equivalent tool under windows – Guillaume Paris Jan 05 '12 at 16:20
I didn't see any indication in the question that running on an alternate platform was out of the question for debugging purposes. @Guillaume07 I don't think there's any program in the world that can take a core dump (or window equivalent) and tell you which line corrupted the heap. You have to run the program under the analysis tool to get useful information. – Mark B Jan 05 '12 at 17:18

Is WinDbg able to detect memory heap corruption due to invalid downcasting?

2 Answers2