From 5c3ba7b00addc042150cab27ac5bd168d8b3d576 Mon Sep 17 00:00:00 2001 From: javeme Date: Mon, 27 Jun 2016 01:06:35 +0800 Subject: [PATCH] Program crashes when receiving a message due to memory corruption crashes due to the wrong way using aligned_storage. Steps to reproduce: 1. Start a consumer channel.consume(queue, tag).onMessage(msgCallback) 2. Send a message to the consumer 3. The program crashes Environment: Windows 7 / VS2010 The reason: The Windows prompted to memory corruption, I found some strange phenomenon about stack_ptr, such as: 1.sizeof(stack_ptr) is equal to 2 2.stack_ptr._initialized becomes true after construct() called (actually, it never has been assigned true, please see [1]) Finally I found that the root cause was stack_ptr._data, we directly used aligned_storage rather than aligned_storage::type[2] as the type of _data. so the _data was just an empty struct, and subsequent operations were performed in illegal memory. It eventually led to the crash. This patch we fixed the bug and add "_initialized = true" at the end of the method stack_ptr::construct(). [1] https://github.com/CopernicaMarketingSoftware/AMQP-CPP/blob/master/include/stack_ptr.h#L83 [2] http://www.cplusplus.com/reference/type_traits/aligned_storage/ --- include/stack_ptr.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/stack_ptr.h b/include/stack_ptr.h index 1383127..a58f6fa 100644 --- a/include/stack_ptr.h +++ b/include/stack_ptr.h @@ -29,7 +29,8 @@ private: * Storage for the object * @var std::aligned_storage */ - std::aligned_storage _data; + typedef typename std::aligned_storage::type Type; + Type _data; /** * Is the pointer initialized? @@ -87,6 +88,7 @@ public: // initialize new object new (&_data) T(std::forward(parameters)...); + _initialized = true; } /**