none
VS2010 and above causing heap curruption in RPC client call RRS feed

  • Question

  • I got heap corruption in test program as below in VS2010 (it worked fine in VS2008). It happens in last COM call before returning. In VS2010 I can switch platform toolset from v90 to v100 to reproduce this problem in debug/release mode. The same problem exists with VS2019 as well. I can't find any place leading to this corruption. Can anyone help? Thanks!

    #pragma once #include <tchar.h> #include <comdef.h> #include <comcat.h> #include <atlcomcli.h> #include "opccomn_i.c" #include "OpcEnum_i.c" #include "opchda.h" int _tmain(int argc, _TCHAR* argv[]) { CoInitializeEx(NULL, COINIT_MULTITHREADED); CLSID serverCLSID; CLSIDFromString(CComBSTR("{6A5EEDEC-1509-4627-997F-993CCB65AB7C}"), &serverCLSID); COSERVERINFO cInfo = { 0 }; cInfo.pwszName = L"localhost"; MULTI_QI cResults = { 0 }; cResults.pIID = &IID_IOPCHDA_Server; HRESULT hr = CoCreateInstanceEx(serverCLSID, NULL, CLSCTX_LOCAL_SERVER | CLSCTX_REMOTE_SERVER, &cInfo, 1, &cResults); if (FAILED(hr))
       return EXIT_FAILURE;

    CComPtr<IOPCHDA_Server> server; server.p = (IOPCHDA_Server*)cResults.pItf; OPCHANDLE* hServerItem = NULL; OPCHANDLE hClientItem = 1; HRESULT* pErrors = NULL; LPWSTR pszItemID = L"Static Data/Square [15 min]"; hr = server->GetItemHandles(1, &pszItemID, &hClientItem, &hServerItem, &pErrors); if (FAILED(hr))
      return EXIT_FAILURE;

    OPCHDA_TIME start, end; start.bString = true; start.szTime = L"NOW-18MO"; end.bString = true; end.szTime = L"NOW"; CComPtr<IOPCHDA_SyncRead> ipOPCHDA_SyncRead; hr = server->QueryInterface(IID_IOPCHDA_SyncRead, (void**)& ipOPCHDA_SyncRead); if (FAILED(hr))
      return EXIT_FAILURE;

    OPCHDA_ITEM* pItemValues = NULL; HRESULT* pErrors1 = NULL; hr = ipOPCHDA_SyncRead->ReadRaw(&start, &end, 10, true, 1, hServerItem, &pItemValues, &pErrors1); //CoUninitialize(); return(EXIT_SUCCESS); }



    JH


    • Edited by Jiyang Friday, June 14, 2019 8:32 PM
    Friday, June 14, 2019 7:08 PM

Answers

  • Yes! After I dynamically assigned enough space for that LPWSTR, heap corruption is gone! Thanks!

    JH

    Kindly mark the suggestion to use CoTaskMemAlloc as the answer to close the thread.

    That way anybody searching on the same problem will know there was a solution.

    • Marked as answer by Jiyang Friday, June 14, 2019 10:22 PM
    • Unmarked as answer by Jiyang Friday, June 14, 2019 10:22 PM
    • Marked as answer by Jiyang Friday, June 14, 2019 10:23 PM
    Friday, June 14, 2019 10:12 PM

All replies

  • Does your Queryinterface return a valid object? Can you check  'hr'  ? 

    hr = server->QueryInterface(IID_IOPCHDA_SyncRead, (void**)& ipOPCHDA_SyncRead);

     -Seetharam

    Friday, June 14, 2019 8:20 PM
  • Yes, I checked hr in every call and they are fine.

    JH

    Friday, June 14, 2019 8:25 PM
  • Does the IDL for the IOPCHDA_Syncread::ReadRaw  method attribute any of the parameters as [in,out] ?  If so, which ones?
    • Edited by RLWA32 Friday, June 14, 2019 9:36 PM typo
    Friday, June 14, 2019 9:32 PM
  • HRESULT ReadRaw(
    		[in, out]                   OPCHDA_TIME*  htStartTime,
    		[in, out]                   OPCHDA_TIME*  htEndTime,
    		[in]                        DWORD	      dwNumValues,
    		[in]                        BOOL	      bBounds,
    		[in]                        DWORD	      dwNumItems,
    		[in, size_is(dwNumItems)]   OPCHANDLE*    phServer, 
    		[out, size_is(,dwNumItems)] OPCHDA_ITEM** ppItemValues,
    		[out, size_is(,dwNumItems)] HRESULT**     ppErrors
    	);
    typedef struct tagOPCHDA_TIME 
    {
    	         BOOL	  bString;
    	[string] LPWSTR	  szTime;
    	         FILETIME ftTime;
    } 
    OPCHDA_TIME;
    
    typedef struct tagOPCHDA_ITEM
    {
    					   OPCHANDLE hClient;
    					   DWORD 	 haAggregate;
    					   DWORD	 dwCount;
    	[size_is(dwCount)] FILETIME* pftTimeStamps;
    	[size_is(dwCount)] DWORD*    pdwQualities;
    	[size_is(dwCount)] VARIANT*  pvDataValues;
    } 
    OPCHDA_ITEM;



    JH


    • Edited by Jiyang Friday, June 14, 2019 9:44 PM
    Friday, June 14, 2019 9:38 PM
  • HRESULT ReadRaw(
    		[in, out]                   OPCHDA_TIME*  htStartTime,
    		[in, out]                   OPCHDA_TIME*  htEndTime,
    		[in]                        DWORD	      dwNumValues,
    		[in]                        BOOL	      bBounds,
    		[in]                        DWORD	      dwNumItems,
    		[in, size_is(dwNumItems)]   OPCHANDLE*    phServer, 
    		[out, size_is(,dwNumItems)] OPCHDA_ITEM** ppItemValues,
    		[out, size_is(,dwNumItems)] HRESULT**     ppErrors
    	);


    JH

    From the little information provided, I think that [in,out] on the OPCHDA_TIME structs is a problem.  I'm betting that the szTime member is declared as LPWSTR.  So in the posted code these pointers don't reference memory that should be altered.   If you don't need to change the struct then use [in].  If you do need to change it then use CoTaskMemAlloc to allocate the memory for the szTime pointer.



    • Edited by RLWA32 Friday, June 14, 2019 9:58 PM added observation
    Friday, June 14, 2019 9:43 PM
  • Yes! After I CoTaskMemAlloc() enough space for that LPWSTR, heap corruption is gone! Thanks!

    JH


    • Edited by Jiyang Friday, June 14, 2019 10:23 PM
    Friday, June 14, 2019 10:05 PM
  • Yes! After I dynamically assigned enough space for that LPWSTR, heap corruption is gone! Thanks!

    JH

    Kindly mark the suggestion to use CoTaskMemAlloc as the answer to close the thread.

    That way anybody searching on the same problem will know there was a solution.

    • Marked as answer by Jiyang Friday, June 14, 2019 10:22 PM
    • Unmarked as answer by Jiyang Friday, June 14, 2019 10:22 PM
    • Marked as answer by Jiyang Friday, June 14, 2019 10:23 PM
    Friday, June 14, 2019 10:12 PM