windows - 低碎片堆损坏

Question

调查 HEAP_FAILURE_MULTIPLE_ENTRIES_CORRUPTION 类型的堆损坏转储。在windbg中打开转储后发现以下详细信息。

0:000> !heap
**************************************************************
*                                                            *
*                  HEAP ERROR DETECTED                       *
*                                                            *
**************************************************************

Details:

Heap address:  000000d084f40000
Error address: 000000d08b09c200
Last known valid blocks: before - 000000d08b093f90, after - 000000d08b0a5000
Error type:    HEAP_FAILURE_MULTIPLE_ENTRIES_CORRUPTION
Details:       The heap manager detected multiple corrupt heap entries.
Follow-up:     Enable pageheap.

最后已知的有效块在 - 000000d08b093f90 之前，在 - 000000d08b0a5000 之后

Ran 命令 !heap -s -a -h 000000d084f40000 打印堆中的所有子段和块信息。输出显示地址范围 000000d08b093f90 到 000000d08b0a5000 是包含损坏地址 000000d08b09c200 的子段的一部分。

Sub-segment 000000d08af74b90
   User blocks:       0x000000d08b093fa0
   Block size:        0x20
   Block count:       2040
   Free blocks:       515
   Size index:        1
   Affinity index:    2
   Lock mask:         0x3
   Flags:             0x0

.....
000000d08b09bbe0  000000d08b09bbf0  000000d084f40000  000000d08af74b90        20      -            0  LFH;free 
000000d08b09bc00  000000d08b09bc10  000000d084f40000  000000d08af74b90        20      -            0  LFH;free 
000000d08b09bc20  000000d08b09bc30  000000d084f40000  000000d08af74b90        20      -           17  LFH;busy 
000000d08b09bc40  000000d08b09bc50  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09bc60  000000d08b09bc70  000000d084f40000  000000d08af74b90        20      -            0  LFH;free 
000000d08b09bc80  000000d08b09bc90  000000d084f40000  000000d08af74b90        20      -            0  LFH;free 
000000d08b09bca0  000000d08b09bcb0  000000d084f40000  000000d08af74b90        20      -           10  LFH;busy 
000000d08b09bcc0  000000d08b09bcd0  000000d084f40000  000000d08af8e490         0      -            0  LFH;free 
000000d08b09bce0  000000d08b09bcf0  000000d084f40000  000000d08b12bfc0         0      -            0  LFH;free 
000000d08b09bd00  000000d08b09bd10  000000d084f40000  00007fffb13ad3e0     7fff0      -            0  LFH;free 
000000d08b09bd20  000000d08b09bd30  000000d084f40000  000000d08b01ca00         0      -           10  LFH;busy 
000000d08b09bd40  000000d08b09bd50  000000d084f40000  000000d08af248e0     7fff0      -            0  LFH;free 
000000d08b09bd60  000000d08b09bd70  000000d084f40000  ffc406b74e847710         0      -            0  LFH;free 
000000d08b09bd80  000000d08b09bd90  000000d084f40000  ffc406b74e8477f0         0      -           17  LFH;busy 
000000d08b09bda0  000000d08b09bdb0  000000d084f40000  ffc406b74e8477d0         0      -            0  LFH;free 
000000d08b09bdc0  000000d08b09bdd0  000000d084f40000  ffc406b74e8477b0         0      -            0  LFH;free 
000000d08b09bde0  000000d08b09bdf0  000000d084f40000  ffc40bb74e847790         0      -            0  LFH;free 
000000d08b09be00  000000d08b09be10  000000d084f40000  ffc406b74e847470         0      -            0  LFH;free 
000000d08b09be20  000000d08b09be30  000000d084f40000  000000d08af80490         0      -           10  LFH;busy 
000000d08b09be40  000000d08b09be50  000000d084f40000  0000000000000000         0      -            0  LFH;free 
000000d08b09be60  000000d08b09be70  000000d084f40000  0000000000000000         0      -            0  LFH;free 
000000d08b09be80  000000d08b09be90  000000d084f40000  ffc40bb74e8474f0         0      -            0  LFH;free 
000000d08b09bea0  000000d08b09beb0  000000d084f40000  ffc406b74e8474d0         0      -            0  LFH;free 
000000d08b09bec0  000000d08b09bed0  000000d084f40000  ffc406b74e8474b0         0      -            0  LFH;free 
000000d08b09bee0  000000d08b09bef0  000000d084f40000  00007fffb13ad3e0     7fff0      -            0  LFH;free 
000000d08b09bf00  000000d08b09bf10  000000d084f40000  0000000000000000         0      -            0  LFH;free 
.......
000000d08b09eea0  000000d08b09eeb0  000000d084f40000  000000d08b02b700         0      -            8  LFH;busy 
000000d08b09eec0  000000d08b09eed0  000000d084f40000  0000000000000000         0      -            8  LFH;busy 
000000d08b09eee0  000000d08b09eef0  000000d084f40000  73203a7472617473         0      -            8  LFH;busy 
000000d08b09ef00  000000d08b09ef10  000000d084f40000  00007fffb13ad3e0     7fff0      -            8  LFH;busy 
000000d08b09ef20  000000d08b09ef30  000000d084f40000  000000d08b02b440     7fff0      -            8  LFH;busy 
000000d08b09ef40  000000d08b09ef50  000000d084f40000  0000000000000000         0      -            8  LFH;busy 
000000d08b09ef60  000000d08b09ef70  000000d084f40000  000000d08adb0260     7fff0      -            8  LFH;busy 
000000d08b09ef80  000000d08b09ef90  000000d084f40000  616e207962206863         0      -            8  LFH;busy 
000000d08b09efa0  000000d08b09efb0  000000d084f40000  000000d08b011d50         0      -            8  LFH;busy 
000000d08b09efc0  000000d08b09efd0  000000d084f40000  00007fffb13ad3e0     7fff0      -            8  LFH;busy 
000000d08b09efe0  000000d08b09eff0  000000d084f40000  000000d08b02bf80     7fff0      -            8  LFH;busy 
000000d08b09f000  000000d08b09f010  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09f020  000000d08b09f030  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09f040  000000d08b09f050  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09f060  000000d08b09f070  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09f080  000000d08b09f090  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09f0a0  000000d08b09f0b0  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
000000d08b09f0c0  000000d08b09f0d0  000000d084f40000  000000d08af74b90        20      -            8  LFH;busy 
.......

000000d08b09bca0和000000d08b09f000之间的块列表具有无效的子段地址和块大小（第 4 和第 5 列）。

在大小和子段无效的第一个块上运行 !heap -p -a 和 !heap -x 命令：000000d08b09bcc0

0:014> !heap -p -a 000000d08b09bcc0
    address 000000d08b09bcc0 found in
    _HEAP @ d084f40000
              HEAP_ENTRY Size Prev Flags            UserPtr UserSize - state
        000000d08b09bcc0 0002 0000  [00]   000000d08b09bcd0    00010 - (free)

 
0:014> !heap -x 000000d08b09bcc0
Entry             User              Heap              Segment               Size  PrevSize  Unused    Flags
-------------------------------------------------------------------------------------------------------------
000000d08b09bcc0  000000d08b09bcd0  000000d084f40000  000000d08af8e490         0      -            0  LFH;free

两者都显示不同的大小。!heap -p -a 显示大小为 0x10。为什么会有这种差异？

这是不可重现的。启用页面堆并没有帮助捕获这种损坏。如何对此类 HEAP_FAILURE_MULTIPLE_ENTRIES_CORRUPTION 堆损坏进行调查？

windows - 低碎片堆损坏

0 回答 0

Related

Reference