Heap Corruption?
Posted: Mon Jul 08, 2019 2:05 am
I think I'm seeing heap corruption with v2.88 when creating the Dynmaics world.
I first observed heap corruption when initializing the btDbvtBroadphase class when creating the dynamic world. After some debugging, I think it's the m_rayTestStacks member variable in the btDbvtBroadphase class that is causing the issue. Here is some code that shows the problem:
Using the MSVC memory debug window, I can view the memory at address 'mem'. It looks like this:
This seems to makes sense. The 'x's are the first members of the btDbvtBroadphase class, and the 'o's are where the m_rayTestStacks member will go. The '_' is memory that doesn't belong to the btDbvtBroadphase class . Everything seems to be making sense.
Then I call the constructor for btDbvtBroadphase.
Now lets view the memory after this call:
Whoa! The 10 bytes past the end of 'mem' have changed, but they shouldn't have. Stepping through the constructor, the memory changes inside the btAlignedObjectArray::Init() function. The 'this' pointer when the pc is in the Init() call is offset 0xA8 from the this pointer of. That's definitely more than the 0x9c that it should be, but also less than past the end of the class, 0xB0. Writing to this memory would definitely cause the heap corruption that I initially observed.
I'm running VS2017. This is also the first time I've used Bullet, so it's very probable that I'm doing something incorrectly. I just put the .vcproj files into my solution and then built them. The example applications are running fine, so I'm sure sure what's happening
Does anyone have any insight to what's going on?
_______
Update: It seems that if I force the alignment of class btAlignedObjectArray to be 16, the issue resolves itself. It seems the default alignment is 4, but something at runtime think it's is 16.
I'm compiling to a Win32 platform with VS2017, v15.8.1
I first observed heap corruption when initializing the btDbvtBroadphase class when creating the dynamic world. After some debugging, I think it's the m_rayTestStacks member variable in the btDbvtBroadphase class that is causing the issue. Here is some code that shows the problem:
Code: Select all
auto classSize = sizeof(btDbvtBroadphase); // return 0xB0
auto arrSize = sizeof(btAlignedObjectArray<btDbvtProxy*>); // returns 0x14
auto rayTestStacks_offset = offsetof(btDbvtBroadphase, m_rayTestStacks); // return 0x9c
char* mem = (char*)malloc(classSize);
btDbvtBroadphase* c = (btDbvtBroadphase*)mem;
memset(mem, 'x', classSize);
memset(mem + rayTestStacks_offset, 'o', arrSize);
memset(c + 1, '_', classSize); // yes, this stomps memory, but it's to make the memory display easier to read
Code: Select all
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxoooo
oooooooooooooooo________________
Then I call the constructor for btDbvtBroadphase.
Code: Select all
auto* pClass = new(c) btDbvtBroadphase();
Code: Select all
øo*.........ÿÿÿÿ........xxxx....
.........xxx........ÿÿÿÿ........
xxxx.............xxx............
¶u.xxxx........................
................................
.......ooooo@...@...ðß..._______
I'm running VS2017. This is also the first time I've used Bullet, so it's very probable that I'm doing something incorrectly. I just put the .vcproj files into my solution and then built them. The example applications are running fine, so I'm sure sure what's happening
Does anyone have any insight to what's going on?
_______
Update: It seems that if I force the alignment of class btAlignedObjectArray to be 16, the issue resolves itself. It seems the default alignment is 4, but something at runtime think it's is 16.
I'm compiling to a Win32 platform with VS2017, v15.8.1