Clever Geek Handbook

Void * pointer returned by Function - Heap Corruption

I used to just look at these types of __out function parameters with malloc, but I'm trying to change my paths.

As a concrete example in a class for handling original input, GetRawInputDeviceInfo () is prototyped as such:

UINT GetRawInputDeviceInfo(HANDLE, UINT, LPVOID, PUINT)

LPVOID is a pointer to a buffer containing the information I need. PUINT is a pointer to a UINT containing the size of the data contained in the buffer pointed to by LPVOID.

Usually I would (fill out the PUINT once):

PUINT cbSize; // assume it is sized correctly and contains the proper
              // length of data

LPVOID buffer = (LPVOID)malloc(sizeof(&cbSize));
GetRawInputDeviceInfo(XXX.handle, RIDI_DEVICENAME, buffer, cbSize);
//do something w/buffer
free(buffer);

Now, trying to do this without malloc, I would write: (sorry, I am printing this from work, so I can do this from memory)

PUINT cbsize; // assume it is sized correctly and contains the proper
              // length of data

1 of the following description and usage examples: LPVOID unique_ptr:

std::unique_ptr<LPVOID> buffer;
GetRawInputDeviceInfo(xxx.handle, RIDI_DEVICENAME, buffer.get(),
                      cbSize);

UINT unique_ptr:

std::unique_ptr<UINT> buffer;
GetRawInputDeviceInfo(xxx.handle, RIDI_DEVICENAME,
                      (LPVOID)buffer.get(), cbSize);

Raw UINT Pointer:

UINT *buffer = NULL;
GetRawInputDeviceInfo(xxx.handle, RIDI_DEVICENAME,
                      (LPVOID)buffer, cbSize);

Then reading the buffer:

OutputDebugString((LPCSTR)buffer) //add .get() for unique_ptr

The point is, the buffer contains the information I want and it is outputted the way it should be! However, when unique_ptr goes out of scope and is removed (or UINT * is removed), I get a "Heap fix" exception. I went through the code and what happens when the GetRawInputDeviceInfo function is run is all my class level containers / variables overwrite their data. For example, the above sequence appears in a for loop, and my iterator goes from 0 (first iteration) to 80837436 (or so) and all other local variables are messed up.

So how can I get the information in the buffer without screwing everything else in? And preferably without using malloc / free and with the spirit of RAII :)

+1


source to share


1 answer


The correct way to use GetRawInputDeviceInfo is

  • Get the number of characters containing a name

    UINT char_count;
GetRawInputDeviceInfo(xxx.handle, RIDI_DEVICENAME, NULL, &char_count);

  • Allocate a long enough buffer and get a name

    std::unique_ptr<wchar_t[]> buf (new wchar_t[char_count]);
GetRawInputDeviceInfo(xxx.handle, RIDI_DEVICENAME, buf.get(), &char_count);


Your example code will not cause heap corruption. Probably your real code is using uninitialized buffer

which caused GetRawInputDeviceInfo to write data to some unintended location.

+3


source






More articles:


All Articles