使用嵌套异常时 std::runtime_error::what() 导致访问冲突

发布于 2024-11-04 01:52:36 字数 2809 浏览 1 评论 0原文

我并不是在寻找解决此问题的方法，只是为了了解其原因。一位同事向我展示了一些由 Visual Studio 2008 编译并在 Windows Mobile 6 ARMV4I 下运行时导致访问冲突的代码。这段代码在 x86 Windows 下运行良好，他声称它可以在 GCC 编译的 Linux 下运行（我尚未验证）。我将问题归结为下面的代码：

int main( int argc, char* argv[] )
{
    try
    {
        throw std::runtime_error( "a" );
    }
    catch( std::runtime_error& e1 )
    {
        try
        {
            try
            {
                throw std::runtime_error( "b" );
            }
            catch( std::runtime_error& e11 )
            {
                throw;
            }
        }
        catch( std::runtime_error& e12 )
        {
            e12.what(); // access violation
        }
    }
    return 0;
}

抛开这段代码是否合理的问题，任何人都可以解释调用 std::runtime_error::what() 时导致访问冲突的原因在上面的代码中？

谢谢， PaulH

编辑： 调用堆栈：

test.exe!wmain(int argc = 1, wchar_t** argv = 0x00040080) Line: 169, Byte Offsets: 0xd8 C++
_CallSettingFrame   
test.exe!CallCatchBlock(EHExceptionRecord* pExcept = 0x1803eb0c, unsigned long int* pRN = 0x1803fc18, _CONTEXT* pContext = 0x1803f014, _s_FuncInfo* pFuncInfo = 0x00023960, void* handlerAddress = 0x00011494, int CatchDepth = 0, unsigned long int NLGCode = 256) Line: 878, Byte Offsets: 0x258  C++
test.exe!__InternalCxxFrameHandler(EHExceptionRecord* pExcept = 0x1803eb0c, unsigned long int* pRN = 0x1803f2f8, _CONTEXT* pContext = 0x1803f014, _DISPATCHER_CONTEXT* pDC = 0x1803e824, _s_FuncInfo* pFuncInfo = 0x00023960, int CatchDepth = 0) Line: 179, Byte Offsets: 0xfc C++
test.exe!__CxxFrameHandler3(EHExceptionRecord* pExcept = 0x1803eb0c, unsigned long int* pRN = 0x1803f2f8, _CONTEXT* pContext = 0x1803f014, _DISPATCHER_CONTEXT* pDC = 0x1803e824) Line: 242, Byte Offsets: 0x54 C++
0xf000fffc

输出窗口：

RaiseException: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=03f91e7c(coredll.dll+0x00043e7c) RA=88037538(NK.EXE+0x00007538) BVA=00000000 FSR=00000000
RaiseException: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=03f91e7c(coredll.dll+0x00043e7c) RA=88037538(NK.EXE+0x00007538) BVA=00000000 FSR=00000000
RaiseException: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=03f91e7c(coredll.dll+0x00043e7c) RA=88037538(NK.EXE+0x00007538) BVA=00000000 FSR=00000000
Data Abort: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=000114ac(test.exe+0x000014ac) RA=0002095c(test.exe+0x0001095c) BVA=5061654c FSR=00000405
First-chance exception at 0x000114ac in test.exe: 0xC0000005: Access violation reading location 0x5061654c.

编辑2： 有一个 Microsoft Connect 中关于此问题的缺陷报告。

原文

I am not looking for a way to fix this issue, merely to understand the cause of it. A colleague showed me some code that was causing an Access Violation when compiled by Visual Studio 2008 to run under Windows Mobile 6 ARMV4I. This same code worked fine under x86 Windows and he claims it works under Linux compiled by GCC (I haven't verified that). I distilled the issue down to the code below:

int main( int argc, char* argv[] )
{
    try
    {
        throw std::runtime_error( "a" );
    }
    catch( std::runtime_error& e1 )
    {
        try
        {
            try
            {
                throw std::runtime_error( "b" );
            }
            catch( std::runtime_error& e11 )
            {
                throw;
            }
        }
        catch( std::runtime_error& e12 )
        {
            e12.what(); // access violation
        }
    }
    return 0;
}

Putting aside questions of whether or not this code is reasonable, can anybody explain what is causing the access violation when std::runtime_error::what() is called in the code above?

Thanks,
PaulH

Edit: The callstack:

test.exe!wmain(int argc = 1, wchar_t** argv = 0x00040080) Line: 169, Byte Offsets: 0xd8 C++
_CallSettingFrame   
test.exe!CallCatchBlock(EHExceptionRecord* pExcept = 0x1803eb0c, unsigned long int* pRN = 0x1803fc18, _CONTEXT* pContext = 0x1803f014, _s_FuncInfo* pFuncInfo = 0x00023960, void* handlerAddress = 0x00011494, int CatchDepth = 0, unsigned long int NLGCode = 256) Line: 878, Byte Offsets: 0x258  C++
test.exe!__InternalCxxFrameHandler(EHExceptionRecord* pExcept = 0x1803eb0c, unsigned long int* pRN = 0x1803f2f8, _CONTEXT* pContext = 0x1803f014, _DISPATCHER_CONTEXT* pDC = 0x1803e824, _s_FuncInfo* pFuncInfo = 0x00023960, int CatchDepth = 0) Line: 179, Byte Offsets: 0xfc C++
test.exe!__CxxFrameHandler3(EHExceptionRecord* pExcept = 0x1803eb0c, unsigned long int* pRN = 0x1803f2f8, _CONTEXT* pContext = 0x1803f014, _DISPATCHER_CONTEXT* pDC = 0x1803e824) Line: 242, Byte Offsets: 0x54 C++
0xf000fffc

The Output Window:

RaiseException: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=03f91e7c(coredll.dll+0x00043e7c) RA=88037538(NK.EXE+0x00007538) BVA=00000000 FSR=00000000
RaiseException: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=03f91e7c(coredll.dll+0x00043e7c) RA=88037538(NK.EXE+0x00007538) BVA=00000000 FSR=00000000
RaiseException: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=03f91e7c(coredll.dll+0x00043e7c) RA=88037538(NK.EXE+0x00007538) BVA=00000000 FSR=00000000
Data Abort: Thread=96ec78d0 Proc=80096c70 'test.exe'
AKY=00000801 PC=000114ac(test.exe+0x000014ac) RA=0002095c(test.exe+0x0001095c) BVA=5061654c FSR=00000405
First-chance exception at 0x000114ac in test.exe: 0xC0000005: Access violation reading location 0x5061654c.

Edit2:
There is a defect report in Microsoft Connect regarding this issue.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

夜雨飘雪 2024-11-11 01:52:36

这不是一个答案，而是一个列表太长，无法发表评论。

我查找了有问题代码的发布版本的程序集。见下文。我将 AV 标记在正确的指令行上，距底部 5 行。

int _tmain(int argc, _TCHAR* argv[])
{
000116E8  mov         r12, sp 
000116EC  stmdb       sp!, {r11, r12, lr} 
000116F0  add         r11, sp, #0xC 
000116F4  sub         sp, sp, #0x98 
000116F8  ldr         r3, [pc, #0x10C] 
000116FC  ldr         r3, [r3] 
00011700  str         r3, [r11, #-0x10] 
    try
    {
        throw std::runtime_error( "a" );
00011704  mov         r2, #0 
00011708  mov         r1, #0 
0001170C  sub         r0, r11, #0x84 
00011710  bl          |std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Tidy ( 11118h )| 
00011714  ldr         r1, [pc, #0xEC] 
00011718  mov         r2, #1 
0001171C  sub         r0, r11, #0x84 
00011720  bl          |std::basic_string<char,std::char_traits<char>,std::allocator<char> >::assign ( 114d0h ) 
00011724  sub         r1, r11, #0x84 
00011728  sub         r0, r11, #0x68 
0001172C  bl          |std::runtime_error::runtime_error ( 115ach )| 
00011730  ldr         r1, [pc, #0xC4] 
00011734  sub         r0, r11, #0x68 
00011738  bl          000118F0 
    return 0;
0001173C  ldr         r0, [r11, #-0x10] 
00011740  bl          00011C70 
00011744  mov         r0, #0 
}
00011748  sub         sp, r11, #0xC 
0001174C  ldmia       sp, {r11, sp, pc} 
00011750  andeq       r3, r1, r8, ror r0 
00011754  andeq       r4, r1, r0, ror #3 
            }
            catch( std::runtime_error& e11 )
00011758  str         lr, [sp, #-4]! 
            {
                throw;
0001175C  mov         r1, #0 
00011760  mov         r0, #0 
00011764  bl          000118F0 
00011768  andeq       r3, r1, r8, ror r0 
0001176C  andeq       r4, r1, r0, ror #3 
            }
        }
        catch( std::runtime_error& e12 )
00011770  str         lr, [sp, #-4]! 
        {
            e12.what(); // access violation
00011774  ldr         r0, e12, #-0xA4 
00011778  ldr         r3, [r0]         // AV
0001177C  mov         lr, pc 
00011780  ldr         pc, [r3, #4] 
00011784  ldr         r0, [pc, #0x78] 
00011788  ldr         pc, [sp], #4

This is not an answer, but a listing too long to be in a comment.

I looked up the assembly for Release build of the offending code. See below. I marked the AV on the correct instruction line 5 lines from the bottom.

int _tmain(int argc, _TCHAR* argv[])
{
000116E8  mov         r12, sp 
000116EC  stmdb       sp!, {r11, r12, lr} 
000116F0  add         r11, sp, #0xC 
000116F4  sub         sp, sp, #0x98 
000116F8  ldr         r3, [pc, #0x10C] 
000116FC  ldr         r3, [r3] 
00011700  str         r3, [r11, #-0x10] 
    try
    {
        throw std::runtime_error( "a" );
00011704  mov         r2, #0 
00011708  mov         r1, #0 
0001170C  sub         r0, r11, #0x84 
00011710  bl          |std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Tidy ( 11118h )| 
00011714  ldr         r1, [pc, #0xEC] 
00011718  mov         r2, #1 
0001171C  sub         r0, r11, #0x84 
00011720  bl          |std::basic_string<char,std::char_traits<char>,std::allocator<char> >::assign ( 114d0h ) 
00011724  sub         r1, r11, #0x84 
00011728  sub         r0, r11, #0x68 
0001172C  bl          |std::runtime_error::runtime_error ( 115ach )| 
00011730  ldr         r1, [pc, #0xC4] 
00011734  sub         r0, r11, #0x68 
00011738  bl          000118F0 
    return 0;
0001173C  ldr         r0, [r11, #-0x10] 
00011740  bl          00011C70 
00011744  mov         r0, #0 
}
00011748  sub         sp, r11, #0xC 
0001174C  ldmia       sp, {r11, sp, pc} 
00011750  andeq       r3, r1, r8, ror r0 
00011754  andeq       r4, r1, r0, ror #3 
            }
            catch( std::runtime_error& e11 )
00011758  str         lr, [sp, #-4]! 
            {
                throw;
0001175C  mov         r1, #0 
00011760  mov         r0, #0 
00011764  bl          000118F0 
00011768  andeq       r3, r1, r8, ror r0 
0001176C  andeq       r4, r1, r0, ror #3 
            }
        }
        catch( std::runtime_error& e12 )
00011770  str         lr, [sp, #-4]! 
        {
            e12.what(); // access violation
00011774  ldr         r0, e12, #-0xA4 
00011778  ldr         r3, [r0]         // AV
0001177C  mov         lr, pc 
00011780  ldr         pc, [r3, #4] 
00011784  ldr         r0, [pc, #0x78] 
00011788  ldr         pc, [sp], #4

回复收藏 0 原文

~没有更多了~