Re: Problem with linked list

From: Peter Wieland [MSFT] (peterwie_at_online.microsoft.com)
Date: 08/13/04 

Date: Fri, 13 Aug 2004 13:06:46 -0700

i have plenty of ideas - they all boil down to the same thing:

DEBUG YOUR OWN CODE.

nothing in this thread indicates that you've done much to figure out what's
wrong besides look at the bugcheck screen. It's very likely that you've
told something to copy N+M bytes into a buffer of length N (for any N and a
non-zero M).

hook up a kernel debugger. Take a look at the corrupted pool block with
!pool (the bugcheck tells you where it is) and see what piece of memory has
been overwritten, and whether the piece of memory before that is one you
allocated (thankfully you tag your allocations). Start allocating
additional memory for that object and put a watchpoint on the extra space to
see who's writing to far. Or just turn on the driver verifier and see if it
can figure out where you're corrupting memory.

this isn't to say you shouldn't ask questions. But it's sort of frustrating
to be on a windows driver support newsgroup where the questions are about
basic C functionality like not writing past the ends of buffers.

good luck.

-p 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Peter Schmitz" <PeterSchmitz@discussions.microsoft.com> wrote in message 
news:9BD03C3F-B3D2-4820-BE73-CE0078DBEDAD@microsoft.com...
> Thanks for both answers!
>
> It's true that I forgot to include the LIST_ENTRY size (now I know what 
> few
> sleep and lots of coffee can cause....), but anyway, adding this
> unfortunately doesn't solve the problem.
> The buffer is filled the following way:
> //this is an excerpt of the function that fills MYSTRUCT a with data
>
> NdisAllocateMemoryWithTag(&a->buffer,numbertoread,'HASA');
> UTILReadOnPacket(packet,a->buffer,numbertoread,0,&BytesRead);
>
> The second function is one of pcausa (thanks, by the way) and can be found 
> at
> http://www.ndis.com/papers/ndispacket/ndispacket1.htm
>
> numbertoread contains the complete size of the ethernet packet (14bytes 
> for
> the ethernet frame and the ip header length field).
>
> Any ideas?
>
> Peter
>
>
>
>
>
> "Peter Wieland [MSFT]" wrote:
>
>> probably because you have a bug that's causing pool corruption.
>>
>> what's in the [...] section of MYSTRUCT (which you don't appear to have
>> accounted for in your calculation of the size?).
>> have you considered adding enough memory to your allocation of MYLIST to
>> include the LIST_ENTRY?
>>
>> perhaps (sizeof(MYLIST) + a.bufferlen) would be a more sensible way to
>> determine the size of the buffer than adding up the individual structure
>> elements.
>>
>> -p
>>
>>
>>
>> -- 
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>> "Peter Schmitz" <mosquitooth@gmx.net> wrote in message
>> news:O9a21iUgEHA.3192@tk2msftngp13.phx.gbl...
>> > Hi again,
>> >
>> > I implemented the following double linked list stuff:
>> >
>> > typedef struct __MYSTRUCT {
>> > UINT t;
>> > [...]
>> > UINT bufferlen; //length of buffer
>> > BYTE *buffer;
>> > }MYSTRUCT;
>> >
>> > typedef struct __MYLIST{
>> > MYSTRUCT mystr;
>> > LIST_ENTRY linkfield;
>> > }MYLIST, *PMYLIST;
>> >
>> > LIST_ENTRY DoubleHead;
>> > -------------------------------------------------------
>> > [...]
>> > MYSTRUCT a; //filled with data
>> >
>> > /*The size of all the entries is dynamic, that's why the size of the
>> > structure is allocated again every time*/
>> > UINT structsize = sizeof(UINT) + sizeof(UINT) + sizeof(a.buffer) +
>> > a.bufferlen;
>> >
>> > PMYLIST psElement = (PMYLIST)
>> > ExAllocatePoolWithTag(PagedPool,structsize,'HASA'); //here we CRASH!!!
>> >
>> > if(psElement == NULL)
>> > {
>> >    DBGPRINT(("Allocatepool failed!"));
>> > }
>> > else
>> > {
>> >    psElement->mystr = a;
>> >
>> >    NdisAcquireSpinLock(&GlobalLock);
>> >    if(numberofentries <= MAX_LIST_ENTRIES) //limit for #elements
>> >    {
>> > InsertTailList(&DoubleHead,&psElement->linkfield);
>> > numberofentries = numberofentries + 1;
>> >    }
>> >    NdisReleaseSpinLock(&GlobalLock);
>> > }
>> >
>> > When I execute the code above, the computer crashes:
>> > DRIVER_CORRUPTED_EXPOOL, with an error in the marked line above.
>> >
>> > Any ideas why?
>> >
>> > Thanks
>> > Peter
>>
>>
>>

Relevant Pages

  • Re: [PATCH 3/4] myri10ge - Driver core
    ... + * Set of routunes to get a new receive buffer. ... * memory allocator works by powers of 2, ... You go to a lot of trouble to align things. ... It sounds like your small allocations will be only aligned to 16 bytes. ...
    (Linux-Kernel)
  • Re: vfprintf() has a 4096-byte memory leak?
    ... />>/be a memory leak in vfprintf. ... > This is probably the buffer which stdio uses for all I/O. ... test1 memory debug output: ... 1059825156: 1: top 10 allocations: ...
    (freebsd-current)
  • Re: Questions about memory management
    ... length line from a file using dynamic memory so as not to have any ... resulting from buffer overrun could result in your program executing ... program it frees any unfreed memory and destroys any allocations that ... compiler is obliged to assume that exit returns an int. ...
    (comp.lang.c.moderated)
  • Re: Memory alloc/dealloc performance
    ... > memory management tutorials? ... vectorbuffer; ... By removing memory allocations from inner loops, ... allocations using some kind of memory pool. ...
    (microsoft.public.vc.language)
  • Re: Discovering variable types...
    ... >- but I suppose MS expect us to use wrappers ... memory allocations for your variables from disk as well. ... >They most certainly are of fixed size, changing the size of a String ... >>me to keep buffer size and current postion right in the memory block. ...
    (comp.lang.pascal.delphi.misc)