none
Suspected bug in Windows's HeapFree/RtlFreeHeap RRS feed

  • Question

  • I suspect that I've found a bug in the HeapFree implementation (RtlFreeHeap) that causes an exception when a program is running under the debugger.

    Specifically, if the maximum size of a heap given to HeapCreate is exactly a multiple of 4 GB (*), and a debugger is present, RtlFreeHeap will cause a breakpoint under the false belief that the pointer given is invalid.  Since the heap is 4 GB, this means I'm referring to 64-bit programs.

    The following program demonstrates this bug:

    #define _WIN32_WINNT 0x0501
    #include <Windows.h>
    
    extern "C" int __cdecl wmain()
    {
    	HANDLE heap = HeapCreate(HEAP_GENERATE_EXCEPTIONS, 0, 0x100000000ULL);
    
    	void *memory = HeapAlloc(heap, HEAP_ZERO_MEMORY | HEAP_GENERATE_EXCEPTIONS, 1234);
    	HeapFree(heap, 0, memory);
    
    	return 0;
    }
    
    

    When run under a debugger, the following exception is reported:

    HEAP[MakeHeap.exe]: Invalid address specified to RtlFreeHeap( 000000013FF50000, 000000013FF50A90 )
    
    

    This occurs in both Visual Studio and WinDbg.  Without being under a debugger, the program works fine, and in fact, HeapFree returns TRUE.

    OS Version: Windows 7 SP1, newest patches installed.

    (*) More precisely, when the maximum size when rounded up to the next 64K is a multiple of 4 GB.  So 0xFFFFFFFF crashes, too.

    Wednesday, November 23, 2011 9:14 PM

All replies

  • I don't know much about this, so I'll just tell you that you can post your bug report @ connect.microsoft.com.  You can then post the URL of the report here so people can vote it up.
    Jose R. MCP
    Wednesday, November 23, 2011 9:28 PM
  • Windows itself doesn't appear on the list.  I've heard that you have to pay for support in order to file a bug report in Windows.
    Wednesday, November 23, 2011 9:32 PM
  • Interesting.  You can probably file it under Visual Studio since it contains the debugger that causes the issue.  Let them decide if it is OK or not.
    Jose R. MCP
    Wednesday, November 23, 2011 9:37 PM
  • I suspect that I've found a bug in the HeapFree implementation (RtlFreeHeap) that causes an exception when a program is running under the debugger.

    Specifically, if the maximum size of a heap given to HeapCreate is exactly a multiple of 4 GB (*), and a debugger is present, RtlFreeHeap will cause a breakpoint under the false belief that the pointer given is invalid.  Since the heap is 4 GB, this means I'm referring to 64-bit programs.

    I agree with Jose, try reporting a bug against Visual Studio on the MS
    connect site and hopefully they'll be able to forward it to the
    relevant group at MS.

    Dave

    Wednesday, November 23, 2011 11:18 PM