I have a member variable
wchar_t * _message;

This array is allocated in the constructor,
_message = new wchar_t [messageLength];

But when I try to free the memory with delete in by destructor, it crashes with a a HEAP CORRUPTION error.

This my class:

class ExampleZero
{
public:
ExampleZero( wchar_t* cppMessage);
~ExampleZero(void);
private:
const wchar_t *_message;
};

ExampleZero::ExampleZero( wchar_t* cppMessage)
{
_message = NULL;
errno_t winError;
if (cppMessage == NULL){
fwprintf(stderr, L"Null pointer for string.\n");
return;
}
size_t messageLength = wcslen(cppMessage);
if (messageLength < 1){
fwprintf(stderr, L"string is empty or invalid.\n");
return;
}
try{
long address=NULL;
_message = new wchar_t [messageLength];
address = (long) _message;
fprintf(stderr,"%x",address);
}
catch(std::exception& e){
fprintf(stderr, e.what());
return;
}
if(_message == NULL){
return;
}
SecureZeroMemory((PVOID)_message,messageLength);

winError = wcscpy_s((wchar_t *)_message, messageLength+1, cppMessage);

}

ExampleZero::~ExampleZero(void)
{
if(_message != NULL){
try{
/* Why does it crash here? */
delete [] _message;
}
catch(std::exception& e){
fprintf(stderr, e.what());
}
_message=NULL;
}
}

/*******************/
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;

// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
// TODO: change error code to suit your needs
_tprintf(_T("Fatal Error: MFC initialization failed\n"));
nRetCode = 1;
}
else
{
// TODO: code your application's behavior here.
ExampleZero * example0;
example0 = new ExampleZero(L"I Live");
delete example0;
}

return nRetCode;
}

Modify it,

_message = new wchar_t [messageLength+1];

Thanks adatapost!
That was key, but it caused the wcscpy_s to fail ( and some other things in my real code.

So the problem is that wcslen ignores the null terminator, while wcscpy_s expects one.

wcslen(cppMessage)

does not count the null character at the end of cppMessage.

wcscpy_s((wchar_t *)_message, messageLength, cppMessage)

assumes there will be a null character at the end of cppMessage.

So I change

size_t messageLength = wcslen(cppMessage);

to

size_t messageLength = wcslen(cppMessage)+1;

and

winError = wcscpy_s((wchar_t *)_message+1, messageLength+1, cppMessage);

to

winError = wcscpy_s((wchar_t *)_message, messageLength, cppMessage);

And then in all the various other calls in my real code, use messageLength-1 to avoid inserting an extraneous null character into my string.

One thing that is strange, is that the Heap corruption ONLY shows up when

delete []  _message;

is in the destructor. If the delete is immediately after the call to wcscpy_s, within the constructor, noting is thrown, and winError is still zero.

Yuck yuck yuck.

Can you repost your code. It seemed like there was unattached code around line 18-31 but use indentation!

And whitespace, its too cluttered!

-- I've indented your code in an editor and don't see a real problem other then the new[] needed the one extra space for the terminator as indicated in another post.
You do not need the SecureZeroMemory(), you'r just wasting processor time!

Yep, I saw the post on the other website early today, with the success. Which was the same answer as you had posted here! I ignored it since I had already posted here, but he never posted here his success.

Confused? I am, I'm pretty tired. Long week. Even had some character slamming me today on this website calling me names and indicating I was a fifth grader or something. I was kind of mildly amused!

This article has been dead for over six months. Start a new discussion instead.