Heap Corruption with use in visual studio
Loading the control in visual studio , and it crashes visual studio and the application . Analysis from Microsoft
0:000> kL
ChildEBP RetAddr
0036e3dc 77a4f659 ntdll!RtlReportCriticalFailure+0x57
0036e3ec 77a4f739 ntdll!RtlpReportHeapFailure+0x21
0036e420 77a09cb1 ntdll!RtlpLogHeapFailure+0xa1
0036e448 76c4625c ntdll!RtlSizeHeap+0x69
0036e45c 7681443a ole32!CRetailMalloc_GetSize+0x21
0036e480 76813ea3 oleaut32!APP_DATA::FreeCachedMem+0x30
0036e49c 76814870 oleaut32!SysFreeString+0x6b
0036e4b0 6a9197d8 oleaut32!VariantClear+0xc3
WARNING: Stack unwind information not available. Following frames may be wrong.
0036e4e0 6a9197cd axvlc!DllMain+0x370f8
0036e510 6a911dd0 axvlc!DllMain+0x370ed
0036e644 7380edfe axvlc!DllMain+0x2f6f0
0036e65c 7380ee42 clr!RCW::ReleaseAllInterfaces+0xf6
0036e698 7380ee9e clr!RCW::ReleaseAllInterfacesCallBack+0x60
0036e6cc 73a3904d clr!RCW::Cleanup+0x41
0036e6fc 73ab3927 clr!RCW::FinalExternalRelease+0xf6
0036e78c 723c9db9 clr!MarshalNative::FinalReleaseComObject+0xa2
0036e7b8 72366b08 mscorlib_ni!System.__ComObject.FinalReleaseSelf()+0x5
0036e7b8 5da96052 mscorlib_ni!System.Runtime.InteropServices.Marshal.FinalReleaseComObject(System.Object)+0x88
0036e7e0 5da98776 System_Windows_Forms_ni!System.Windows.Forms.AxHost.ReleaseAxControl()+0x56
0036e810 5da99f39 System_Windows_Forms_ni!System.Windows.Forms.AxHost.TransitionDownTo(Int32)+0x11a
0036e81c 5d53b4a7 System_Windows_Forms_ni!System.Windows.Forms.AxHost.DisposeAxControls()+0x39
0036e830 5d53b4a7 System_Windows_Forms_ni!System.Windows.Forms.Control.DisposeAxControls()+0x87
0036e844 5d53b4a7 System_Windows_Forms_ni!System.Windows.Forms.Control.DisposeAxControls()+0x87
0036e858 5d53b1f5 System_Windows_Forms_ni!System.Windows.Forms.Control.DisposeAxControls()+0x87
0036e89c 5dc98bd2 System_Windows_Forms_ni!System.Windows.Forms.Control.Dispose(Boolean)+0x95
0036e8b0 713dcd05 System_Windows_Forms_ni!System.Windows.Forms.TabControl.Dispose(Boolean)+0x52
0036e8bc 1fd62f8a System_ni!System.ComponentModel.Component.Dispose()+0x15
0036e904 1fd625c5 System_Design!System.ComponentModel.Design.DesignerHost.Unload()+0x272
0036e934 1fd617d4 System_Design!System.ComponentModel.Design.DesignerHost.DisposeHost()+0x35
0036e958 3e5f03c1 System_Design!System.ComponentModel.Design.DesignSurface.Dispose(Boolean)+0x54
0036e9a0 59f818b7 Microsoft_VisualStudio_Shell_Design_ni!Microsoft.VisualStudio.Shell.Design.Serialization.DesignerDocDataService.Microsoft.VisualStudio.Shell.Interop.IVsRunningDocTableEvents.OnBeforeLastDocumentUnlock(UInt32, UInt32, UInt32, UInt32)+0xf1
0036e9d4 7377421e Microsoft_VisualStudio_Shell_Interop_ni!DomainNeutralILStubClass.IL_STUB_COMtoCLR(Int32, Int32, Int32, Int32)+0x1f
0036ea00 73806fbf clr!COMToCLRDispatchHelper+0x6b
(Inline) -------- clr!InvokeStub+0x35
(Inline) -------- clr!COMToCLRInvokeTarget+0x52
(Inline) -------- clr!COMToCLRWorkerBody+0x143
0036ea5c 0249a076 clr!COMToCLRWorker+0x3e6
0036ea70 5e20fa2e CLRStub[StubLinkStub]@901144630249a076
0036eacc 5e20fa92 msenv!<lambda_cf2c193bf2373b379fc248b08f205571>::operator()+0x30
0036eb14 5e20fb32 msenv!CCookieTable<ATL::CComPtr<IVsRunningDocTableEvents>,DefaultCookieTraits<unsigned long,1,4294967295,0,1>,DefaultValueTraits<ATL::CComPtr<IVsRunningDocTableEvents> > >::for_each<<lambda_cf2c193bf2373b379fc248b08f205571> >+0x91
0036eb70 5e20fb7c msenv!CRunningDocTable::Impl::NotifyOnBeforeLastUnlock+0x9c
0036ebb8 5e213127 msenv!CRunningDocTable::NotifyOnBeforeLastUnlock+0x33
0036ebe8 5e212e01 msenv!CRunningDocInfo::Unlock+0x13b
(Inline) -------- msenv!CRunningDocTable::Impl::UnlockDocument+0x1c
0036ec20 59f81971 msenv!CRunningDocTable::UnlockDocument+0x42
0036ec8c 59c320b7 Microsoft_VisualStudio_Shell_Interop_ni!DomainNeutralILStubClass.IL_STUB_CLRtoCOM(UInt32, UInt32)+0x65
0036eca0 59c3203e Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.RdtLock.UnlockDocument(Microsoft.VisualStudio.Platform.WindowManagement.RdtFlags)+0x2b
0036ecb0 59c2b7e3 Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.RdtLock.Unlock(Microsoft.VisualStudio.Platform.WindowManagement.RdtFlags)+0x1a
0036ecd8 59c26278 Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.DocumentObjectSite.UnlockDocument(Microsoft.VisualStudio.Platform.WindowManagement.RdtFlags)+0x43
0036ed0c 59c1bdbf Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.DocumentObjectSite.ReleaseDocument(Microsoft.VisualStudio.Shell.Interop.__FRAMECLOSE)+0x78
0036ed60 59c3629d Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.WindowFrame.QueryCloseFrame(Microsoft.VisualStudio.Shell.Interop.__FRAMECLOSE, Int32 ByRef)+0xb3
0036ed98 5a0fb644 Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.WindowFrame+<>c__DisplayClass8.<CloseFrame>b__7()+0x61
0036edc8 59c1c062 Microsoft_VisualStudio_Shell_12_0_ni!Microsoft.VisualStudio.ErrorHandler.CallWithCOMConvention(System.Func`1<Int32>, Boolean, Boolean)+0x34
0036ede0 59c0b7a0 Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.WindowFrame.CloseFrame(Microsoft.VisualStudio.Shell.Interop.__FRAMECLOSE)+0x5a
0036ee18 59c0b61f Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.WindowManagerService.CloseFrames(System.Collections.Generic.IEnumerable`1<Microsoft.VisualStudio.Platform.WindowManagement.WindowFrame>)+0x170
0036ee30 1fd61520 Microsoft_VisualStudio_Platform_WindowManagement_ni!Microsoft.VisualStudio.Platform.WindowManagement.WindowManagerService.CloseFramesOfHierarchy(Microsoft.VisualStudio.Shell.Interop.IVsHierarchy)+0xdf
0036ee60 737741db Microsoft_VisualStudio_Platform_WindowManagement_ni!DomainNeutralILStubClass.IL_STUB_COMtoCLR(IntPtr)+0x38
0036eecc 0249a076 clr!COMToCLRDispatchHelper+0x28
0036eee0 5e28ab4e CLRStub[StubLinkStub]@901144630249a076
0036ef34 5e212f37 msenv!HrCloseProjectItems+0x42
0036efb8 5e2131bf msenv!CSolution::CloseSolutionElement+0x3ae
0036f0ac 7378522b msenv!CSolution::Clear+0xbc
0036f0e8 73784fe4 clr!MethodDesc::DoBackpatch+0x29c
0036f160 73785100 clr!MethodDesc::DoPrestub+0x65d
0036f1c8 73774279 clr!PreStubWorker+0x13b
Moving to second frame to dump out the locals.
0:000> .frame 02
02 0036e420 77a09cb1 ntdll!RtlpLogHeapFailure+0xa1 [d:\win7sp1_gdr\minkernel\ntos\rtl\heaplog.c @ 679]
0:000> dv /V
0036e428 <virtual frame 36e420>+0x0008 FailureType = heap_failure_block_not_busy (0n8)
0036e42c <virtual frame 36e420>+0x000c HeapAddress = 0x007d0000
0036e430 <virtual frame 36e420>+0x0010 Address = 0x14476b98
0036e434 <virtual frame 36e420>+0x0014 Param1 = 0x00000000
0036e438 <virtual frame 36e420>+0x0018 Param2 = 0x00000000
0036e43c <virtual frame 36e420>+0x001c Param3 = 0x00000000
0x14476b98 is the address axvlc is using sysfree on .
0:000> !heap -s
**************************************************************
* *
* HEAP ERROR DETECTED *
* *
**************************************************************
Details:
Heap address: 007d0000
Error address: 14476b98
Error type: HEAP_FAILURE_BLOCK_NOT_BUSY
Details: The caller performed an operation (such as a free
or a size check) that is illegal on a free block.
Follow-up: Check the error's stack trace to find the culprit.
Stack trace:
77a09cb1: ntdll!RtlSizeHeap+0x00000069
76c4625c: ole32!CRetailMalloc_GetSize+0x00000021
7681443a: oleaut32!APP_DATA::FreeCachedMem+0x00000030
76813ea3: oleaut32!SysFreeString+0x0000006b
76814870: oleaut32!VariantClear+0x000000c3
LFH Key : 0x07319c37
Termination on corruption : ENABLED
Affinity manager status:
- Virtual affinity limit 4
- Current entries in use 3
- Statistics: Swaps=556, Resets=209, Allocs=680
Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast
(k) (k) (k) (k) length blocks cont. heap
-----------------------------------------------------------------------------
007d0000 00000002 48768 34620 48768 1089 690 7 1 61 LFH
00ac0000 00001002 3136 2796 3136 95 122 3 0 0 LFH
009c0000 00001002 256 140 256 15 12 1 0 0 LFH
024c0000 00001002 256 24 256 1 4 1 0 0
027a0000 00001002 64 32 64 3 2 1 0 0
00530000 00001002 64 4 64 2 1 1 0 0
026f0000 00011002 256 12 256 8 5 1 0 0
026e0000 00001002 1088 136 1088 13 6 2 0 0 LFH
03140000 00041002 256 4 256 2 1 1 0 0
032d0000 00041002 1280 608 1280 1 1 2 0 0 LFH
00790000 00001002 1088 80 1088 40 4 2 0 0
026a0000 00001002 1280 328 1280 32 5 2 0 0
03a30000 00001002 256 120 256 3 16 1 0 0 LFH
02fc0000 00041002 256 4 256 2 1 1 0 0
079b0000 00001002 256 8 256 3 3 1 0 0
07db0000 00001002 7232 3488 7232 95 36 4 0 0 LFH
08190000 00001002 256 92 256 3 4 1 0 0 LFH
13e00000 00001002 256 4 256 2 1 1 0 0
13740000 00001003 256 76 256 48 15 1 0 N/A
13640000 00001003 256 4 256 2 1 1 0 N/A
13970000 00001003 256 4 256 2 1 1 0 N/A
13920000 00001003 256 4 256 2 1 1 0 N/A
135b0000 00001003 256 4 256 2 1 1 0 N/A
1b5a0000 00001002 256 92 256 6 6 1 0 0 LFH
1ffd0000 00001002 1088 208 1088 1 5 2 0 0 LFH
21800000 00001002 256 4 256 1 2 1 0 0
21e10000 00001002 256 4 256 1 2 1 0 0