Followers 0

# Access violation (bad reference counting, irrlicht)

## 13 posts in this topic

Hi

My prog "crashes" (when i close it!, still works fine during running) with:

Unhandled exception at 0x1014d7af in game.exe: 0xC0000005: Access violation reading location 0xfeeefef2.

It happens when i send a string to a function. If i leave that param empty its ok. If i use a simple string like ("test") it crashes. But its only that instance of that function. I use that function with strings everywhere with no problem. Where can the problem lie?

Maybe you can answer generally, but when i close and get the error the compiler directs me to some irrlicht code, namely:

from ireferencecounter, this is what happens when i close my program:

bool drop() const
{
// someone is doing bad reference counting.
_IRR_DEBUG_BREAK_IF(ReferenceCounter <= 0)

--ReferenceCounter;
if (!ReferenceCounter)
{
delete this;
return true;
}

return false;
}

Edited by suliman
0

##### Share on other sites

Are you sure that you don't call delete explicitly on the object?

Cheers!

0

##### Share on other sites

Drop isnt a member function and your calling delete this? Delete what?

0

##### Share on other sites

Just out of curiosity, does this class have a destructor? If you call Foo::drop(), and it deletes the this pointer, then at the end of the scope, it calls Foo::~Foo(), this would be undefined behavior.

Also, the 0xfeeefef2 looks suspect. I hear that Microsoft's heap allocator implementation writes 0xFEEEFEEE in the freed memory, so it seems like you are trying to access something through an offset from a pointer that had its storage freed.

Edited by Ectara
0

##### Share on other sites

Of course it's a member function, it is const (EDIT: and delete this; wouldn't compile if it was a free function). A stack trace would be nice...

0

##### Share on other sites

0xFEEEFEEE is indeed value to mark freed heap memory. That's why I asked if the object has been freed already elsewhere.

Can you show the calling function where you send a string a bit more? Also the function receiving the string might be useful.

Cheers!

Edited by kauna
0

##### Share on other sites

i dont have to code now from work but it draws the string to screen. What makes it hard to understand is the function is used on other places to draw strings and works fine.
Its prob some messup with string lenght somewhere else right? I overwrite some memory and this gives that error message (mind: the program doesnt show any sign of corruption during runtime even if i provoce this error, i only see it when i close the program).

I never manually deal with the ireferencecounter its just an engine thing which i dont know what it does actually... But maybe it can hint on what im messing up.

0

##### Share on other sites

You're dropping the object too many times or else there's a bug in your version of irrlicht which is causing the object to be released too many times.

I know irrklang has a ridiculous and invasive memory management model. It looks like that extends into the realm of irrlicht in general, since the code you posted is one of the guilty parties. When I used irrklang there were constant bugs surrounding the poorly designed memory management and when I asked the author why he was doing things so bass-ackwards he blew me off, so I ended up just switching to FMOD, which is fantastic and far easier to work with.

Basically when you create the object it has one reference. When you do certain things to it that number increases, and when you call its drop() method the number decreases. The refcounter keeps track of how many things are referring to an object and deletes the object when that number reaches zero. If you try to drop or otherwise dispose of the object after that you'll get that segfault you're getting. Read the documentation carefully to see what all changes the refcount on the stuff you're using. When you shut down irrlicht it drops a lot of stuff, so it can segfault if some of that is already released.

Or just switch to FMOD. If your sound handling is properly abstracted it should only take a small amount of effort to make the switch.

Edited by Khatharr
0

##### Share on other sites

Im not using irrklang (already using FMOD by the way:))

This is the function that in the end causes the error (see below). If i comment out the last line (the drop) the error doesnt come up when i close the program.

But dont i need to drop it? Will they add up each time i call the function and use resources?

Thanks

Erik

void gameGFX_irr::writeWrap(int flags, float x, float y, int align, float width, const char * fmt, ...){

x+=offsetX;
y+=offsetY;

bool centered=false;
if(flags==TEXT_CENTER)
centered=true;

const int maxLetters=2048;

//prep string
char txt[maxLetters];
va_list va;
va_start( va, fmt );
vsprintf( txt, fmt, va );
va_end( va );
core::stringw str = txt;

const core::stringw strw(txt);
const wchar_t* w_str = strw.c_str();
irr::gui::IGUIStaticText * myText;
myText->enableOverrideColor(true);
myText->setOverrideColor(TEXTCOLOR);
myText->setOverrideFont(font);
myText->draw();
//myText->drop();
}

0

##### Share on other sites

I can't quite see why you would be releasing the resource without a little more context. Do any of those function calls increment its reference counter? I can assume so, likely the addStaticText() method, which seems to return a pointer to an IGUIStaticText object with a reference count of one.

Again, does the class have a destructor?

0

##### Share on other sites

Hm... There's only a default destructor, so that rules that out. So, it may be a red herring to be trying to find fault in this reference counting; judging by the error given, it's crashing when trying to read ReferenceCounter, rather than triggering the assertion. So, it's either someone obviously is trying to use the automatically freed resource, or is trying to access something that was freed through some other means.

A stack trace and full error output would be desired. However, is it possible for you to place debug printing functions that don't depend on any state tracked by your code (like using std::cerr or std::wcerr), and have it output something like "IGUIStaticText constructed at (memory address)" on construction and reference increments, and "IGUIStaticText dropped at (memory address)" on calls to drop()? The (memory address) placeholder would be the value held by the this pointer, and if it doesn't dereference the this pointer for local variables or a vtable, it may manage to output the data without crashing, though the erroneous one would be undefined behavior, but it may still work for your platform.

If all goes to plan, you can count the number of times that a message is output for incrementing, and the number of times that a message is output for decrementing. If the two messages are equal in volume, we're barking up the wrong tree.

0

##### Share on other sites
Looking over Gebhardt's tuts it looks like the static text object is subordinate to an environment object, or should be. Seems you're only supposed to instantiate it once and then just render the environment and let everything auto-deallocate via spooky action from a distance. I've only got the phone until tomorrow, but I'll try to take a closer look when I can get to a computer. At first glance, though, it looks exactly like the nonsense from irrklang.
0

##### Share on other sites

Yeah. This is the same thing.

You're supposed to create the device, fetch the environment from it and then add your GUI widgets, then just call the environment's drawAll() each frame until you're done and then just drop the device to free everything. You gotta keep an eye on this cat. He makes everything droppable and then just mentions in his docs that there's all sorts of things that you shouldn't drop.

Here's his GUI tut:

http://irrlicht.sourceforge.net/docu/example005.html

0

## Create an account

Register a new account