Happenned again - this time I let it continue and straight away got a second
chance exception.
(ee8.9f4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000002 ebx=07f00ec4 ecx=04a107d8 edx=0c169140 esi=7c911583
edi=00000000
eip=10032ff1 esp=0834fee4 ebp=0834ff1c iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010206
sipPhone!poll_iocp+0xd1:
10032ff1 8b4214 mov eax,dword ptr [edx+14h]
ds:0023:0c169154=????????
0:009> g
(ee8.9f4): Access violation - code c0000005 (!!! second chance !!!)
eax=00000002 ebx=07f00ec4 ecx=04a107d8 edx=0c169140 esi=7c911583
edi=00000000
eip=10032ff1 esp=0834fee4 ebp=0834ff1c iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
sipPhone!poll_iocp+0xd1:
10032ff1 8b4214 mov eax,dword ptr [edx+14h]
ds:0023:0c169154=????????
0:009> k
ChildEBP RetAddr
0834ff1c 10032d14 sipPhone!poll_iocp+0xd1
[d:\pjsip1.8.10vxi-2012-03-10\src\pjsip\pjlib\src\pj\ioqueue_winnt.c @ 702]
0834ff44 101cfcb0 sipPhone!pj_ioqueue_poll+0x64
[d:\pjsip1.8.10vxi-2012-03-10\src\pjsip\pjlib\src\pj\ioqueue_winnt.c @ 917]
0834ff6c 10005bea sipPhone!pjsip_endpt_handle_events2+0xb0
[d:\pjsip1.8.10vxi-2012-03-10\src\pjsip\pjsip\src\pjsip\sip_endpoint.c @
719]
0834ff90 10004ab4 sipPhone!pjsua_handle_events+0x3a
[d:\pjsip1.8.10vxi-2012-03-10\src\pjsip\pjsip\src\pjsua-lib\pjsua_core.c @
1769]
0834ffa0 10027680 sipPhone!worker_thread+0x14
[d:\pjsip1.8.10vxi-2012-03-10\src\pjsip\pjsip\src\pjsua-lib\pjsua_core.c @
792]
0834ffb4 7c80b729 sipPhone!thread_main+0x40
[d:\pjsip1.8.10vxi-2012-03-10\src\pjsip\pjlib\src\pj\os_core_win32.c @ 435]
0834ffec 00000000 kernel32!BaseThreadStart+0x37
0:009> dt pov
Local var @ 0x834ff08 Type generic_overlapped*
0x0c169140
+0x000 overlapped : _OVERLAPPED
+0x014 operation : ??
Memory read error 0c169154
0:009> !heap -p -a 0x0c169140
address 0c169140 found in
_DPH_HEAP_ROOT @ 2811000
in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr
VirtSize)
c029e10: c169000
4000
7c927573 ntdll!RtlFreeHeap+0x000000f9
78134c39 MSVCR80!free+0x000000cd
100320d8 sipPhone!default_block_free+0x00000038
1002e7f8 sipPhone!reset_pool+0x00000078
1002e775 sipPhone!pj_pool_reset+0x00000015
101e2c7f sipPhone!udp_on_read_complete+0x0000020f
10033042 sipPhone!poll_iocp+0x00000122
10032d14 sipPhone!pj_ioqueue_poll+0x00000064
101cfcb0 sipPhone!pjsip_endpt_handle_events2+0x000000b0
10005bea sipPhone!pjsua_handle_events+0x0000003a
10004ab4 sipPhone!worker_thread+0x00000014
10027680 sipPhone!thread_main+0x00000040
7c80b729 kernel32!BaseThreadStart+0x00000037
Same story as before.
Regards,
Anshuman
----- Original Message -----
From: "Anshuman S. Rawat" <arawat@xxxxxxxxxxx>
To: "pjsip list" <pjsip at lists.pjsip.org>
Sent: Thursday, June 14, 2012 10:21 PM
Subject: Re: pjsip crash (possible heap corruption?)
> Hi Ming,
>
> Thanks for replying.
>
> Are you implying that this FCE is being handled in code somewhere? I
> actually wanted to catch (or be notified) about these FCEs as things
> appeared to crash here and there.
> From this FCE, it appears that there is a serious problem. Am I missing
> something here?
>
> Regards,
> Anshuman
>
>
> ----- Original Message -----
> From: "Ming" <ming@xxxxxxxxx>
> To: "pjsip list" <pjsip at lists.pjsip.org>
> Sent: Thursday, June 14, 2012 5:03 PM
> Subject: Re: pjsip crash (possible heap corruption?)
>
>
> Hi Anshuman,
>
> About first-chance exceptions, I don't think it means that there is
> any problem with the application, espesially if later you don't get
> any second chance exceptions.
> (Ref: http://blogs.msdn.com/b/davidklinems/archive/2005/07/12/438061.aspx
> Here's how to disable the FCE: http://www.helixoft.com/blog/archives/24)
>
> Regards,
> Ming
>
> On Thu, Jun 14, 2012 at 6:07 PM, Anshuman S. Rawat <arawat at 3clogic.com>
> wrote:
>> Hi,
>>
>> I am using PJSIP with UDP on Windows XP and am repeatedly seeing crashes
>> all
>> over the place. Actually this started happening after I increased
>> PJSIP_POOL_RDATA_LEN and PJSIP_POOL_RDATA_INC size to 8000 (I have
>> reverted
>> it for now).
>>
>> I tried to debug using WinDbg and this is what I get:
>>
>> (668.ea8): Access violation - code c0000005 (first chance)
>> First chance exceptions are reported before any exception handling.
>> This exception may be expected and handled.
>> eax=00000002 ebx=07f00ec4 ecx=04a10858 edx=0be3e1a0 esi=7c911583
>> edi=00000000
>> eip=10032ff1 esp=0834fee4 ebp=0834ff1c iopl=0 nv up ei pl nz na pe
>> nc
>> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
>> efl=00010206
>> sipPhone!poll_iocp+0xd1:
>> 10032ff1 8b4214 mov eax,dword ptr [edx+14h]
>> ds:0023:0be3e1b4=????????
>> 0:009> k
>> ChildEBP RetAddr
>> 0834ff1c 10032d14 sipPhone!poll_iocp+0xd1
>> [d:\src\pjsip\pjlib\src\pj\ioqueue_winnt.c @ 702]
>> 0834ff44 101cfcb0 sipPhone!pj_ioqueue_poll+0x64
>> [d:\src\pjsip\pjlib\src\pj\ioqueue_winnt.c @ 917]
>> 0834ff6c 10005bea sipPhone!pjsip_endpt_handle_events2+0xb0
>> [d:\src\pjsip\pjsip\src\pjsip\sip_endpoint.c @ 719]
>> 0834ff90 10004ab4 sipPhone!pjsua_handle_events+0x3a
>> [d:\pjsip\pjsip\src\pjsua-lib\pjsua_core.c @ 1769]
>> 0834ffa0 10027680 sipPhone!worker_thread+0x14
>> [d:\src\pjsip\pjsip\src\pjsua-lib\pjsua_core.c @ 792]
>> 0834ffb4 7c80b729 sipPhone!thread_main+0x40
>> [d:\src\pjsip\pjlib\src\pj\os_core_win32.c @ 435]
>> 0834ffec 00000000 kernel32!BaseThreadStart+0x37
>> Line 702 in ioqueue_winnt.c:
>>
>> switch (pOv->operation) {
>> ......
>>
>> Checking for pOv on Windbg reveals:
>>
>> 0:009> dt pov
>> Local var @ 0x834ff08 Type generic_overlapped*
>> 0x0be3e1a0
>> +0x000 overlapped : _OVERLAPPED
>> +0x014 operation : ??
>> Memory read error 0be3e1b4
>> Checking for 0x0be3e1a0 in heap revevals:
>>
>> 0:009> !heap -p -a 0x0be3e1a0
>> address 0be3e1a0 found in
>> _DPH_HEAP_ROOT @ 2811000
>> in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr
>> VirtSize)
>> c04ad38: be3e000
>> 5000
>> 7c927573 ntdll!RtlFreeHeap+0x000000f9
>> 78134c39 MSVCR80!free+0x000000cd
>> 100320d8 sipPhone!default_block_free+0x00000038
>> 1002e7f8 sipPhone!reset_pool+0x00000078
>> 1002e775 sipPhone!pj_pool_reset+0x00000015
>> 101e2c7f sipPhone!udp_on_read_complete+0x0000020f
>> 10033042 sipPhone!poll_iocp+0x00000122
>> 10032d14 sipPhone!pj_ioqueue_poll+0x00000064
>> 101cfcb0 sipPhone!pjsip_endpt_handle_events2+0x000000b0
>> 10005bea sipPhone!pjsua_handle_events+0x0000003a
>> 10004ab4 sipPhone!worker_thread+0x00000014
>> 10027680 sipPhone!thread_main+0x00000040
>> 7c80b729 kernel32!BaseThreadStart+0x00000037
>> Looks like heap corruption. This shouldn't be happenning. Any pointers on
>> how to go about fixing this?
>>
>> Thanks,
>> Anshuman
>>
>> PS: I am working for pjsip 1.8.10
>>
>> _______________________________________________
>> Visit our blog: http://blog.pjsip.org
>>
>> pjsip mailing list
>> pjsip at lists.pjsip.org
>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>>
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
>
> --------------------------------------------------------------------------------
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.930 / Virus Database: 2433.1.1/5069 - Release Date: 06/14/12
> 12:04:00
>
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.930 / Virus Database: 2433.1.1/5069 - Release Date: 06/14/12
12:04:00
