BUG: Memory Access Violation Uses RepeatRealloc's For Sm. Blocks

-------------------------------------------------------------------------------
The information in this article applies to:

 - The C Run-Time (CRT), included with:
    - Microsoft Visual C++, 32-bit Editions, version 6.0 
-------------------------------------------------------------------------------

SYMPTOMS
========

Under certain circumstances, Realloc a Small Block causes access violation with
VC6 Small-block Allocator if the total small-block memory pool exceeds 16 MB.

CAUSE
=====

Memory access violation occurs inside __sbh_free_block() due to a bug in the
implementation of _realloc_base().

RESOLUTION
==========

There are several ways to work around this problem:

1. Replace:

   __sbh_free_block(pHeader, pBlock);

   with:

   pHeader = __sbh_find_block(pBlock);
   __sbh_free_block(pHeader, pBlock);

   In the following code block in Realloc.c:

   //  if the new size is not over __sbh_threshold, attempt
   //  to reallocate within the small-block heap
   if (newsize <= __sbh_threshold)
   {
      if (__sbh_resize_block(pHeader, pBlock, newsize))
         pvReturn = pBlock;
      else if ((pvReturn = __sbh_alloc_block(newsize)) != NULL)
      {
         oldsize = ((PENTRY)((char *)pBlock -
                            sizeof(int)))->sizeFront - 1;
         memcpy(pvReturn, pBlock, __min(oldsize, newsize));
         __sbh_free_block(pHeader, pBlock);
      }
   }

   And rebuild CRT. NOTE: If you are rebuilding the DLL version of CRT, the new
   DLL name should not start with msvc.

2. Implement your own Realloc() to avoid using the CRT implementation.

3. Use _set_sbh_threshold(0) function to avoid the use of small block heap. Both
   NT 4.0 SP4 and Windows 2000 have an efficient OS-level heap implementation.
   May have performance problem on Windows9x as its OS heap implementation is
   not as efficient as the one on NT.

STATUS
======

Microsoft has confirmed this to be a bug in the Microsoft products listed at the
beginning of this article.

MORE INFORMATION
================

Steps to Reproduce Behavior
---------------------------

Build the following .cpp file as a console application and run it under the
debugger. You will get an access violation error.

   //main.cpp

   #include "stdio.h"
   #include "stdlib.h"

   int main()
   {
     char* pData;

     for( int i=0; i< 70000; i++ )
     {
               pData = (char*)malloc( 32 );
               pData = (char*)realloc( pData, 290 );  //access violation in small-block allocator 
     }  

     return(0);
   } //end main

REFERENCES
==========

For additional information, please click the article numbers below to view the
articles in the Microsoft Knowledge Base:

   Q195008 Heap Manager Change in Service Pack 4 and Windows 2000

   Q234622 PRB: VC++ 6.0 Setup Does Not Copy the CRT Make Files





Manual:





Knowledge Base Article
======================
For the full contents of the article for this hotfix, visit 
http://www.microsoft.com/kb/ and query the Knowledge Base for the 
title listed at the top of this document.


The disk and software contained on it, including any
accompanying documentation ("the Software"), are provided to
you at no additional charge.  Microsoft Corporation owns all
right, title and interest to the Software.  TO THE MAXIMUM
EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS
DISCLAIM ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTBILITY AND
FITNESS FOR A PARTICULAR PURPOSE, WITH REGARD TO THE SOFTWARE.
The Software is provided with RESTRICTED RIGHTS.  Use,
duplication, or disclosure by the Government is subject to
restrictions set forth in subparagraph (c)(1)(ii) of the
Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial
Computer Software--Restricted Rights at 48 CFR 52.227-19, as
applicable.   Manufacturer is Microsoft Corporation, One
Microsoft Way, Redmond, WA 98052-6399.  Any transfer of this
Software must be accompanied by this statement and may only be
transferred if first approved by Microsoft.

(c) 1995-1997 Microsoft Corporation, All Rights Reserved.
