[Ophidian14]

Hello,

Thank you so much for posting this.  I am continuing my testing but so far everything looks good.  No crashes yet.  Fingers crossed!

[Ophidian14]

I reduced my project to just one ClCompile entry containing the problematic file:  crashed.  Also replaced this file with a preprocessed version of itself (using the -E argument to clang++) — still crashed.  In both cases, WinDbg reliably reports:

 

    ID:     [0n261]
    Type:   [STACK_BUFFER_OVERRUN]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x3e70]
    Frame:  [0] : CppEngineCore64!DumpSharedPCHIndex




BUGCHECK_STR:  APPLICATION_FAULT_STACK_BUFFER_OVERRUN_NOSOS_FTH_ACTIVE_BOGUSADDRESS_XMULTI_MISSING_GSFRAME

DEFAULT_BUCKET_ID:  STACK_BUFFER_OVERRUN_NOSOS_FTH_ACTIVE_BOGUSADDRESS_XMULTI_MISSING_GSFRAME



ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

 

 

Is any of this meaningful?

 

Meant to add:  in all cases I deleted CodeDB, the .db file, etc.

• This reply was modified 7 years, 3 months ago by Ophidian14.

[Ophidian14]

Here’s what I can tell you as of right now:

1. I don’t often use “go to definition” or “find all references”.  It repro’s without using either of those.
2. I haven’t tried making a solution with just those files yet.
3. Before preview 5, I saw the crash about one second after opening the problematic file.  In preview 5, I didn’t see it after the opening file, but after triggering an AutoComplete with “.” or “->”, all the suggestions would be nonsense (things like #defines, namespace aliases, and enum’s would just randomly appear).  Then a few seconds after that, it would crash.
4. I just downloaded preview 6 (build 1724) which was just released a few hours ago.  Crash still occurs *but* typing “this->” doesn’t trigger it any more, I have to trigger off of function scoped variables.  I will upload another mini dump just in case it helps.

• This reply was modified 7 years, 3 months ago by Ophidian14.

[Ophidian14]

Also before the Intellisense engine crashed, all the popup suggestions were bogus, it looked like a raw dump of every symbol it knew (some namespace aliases we have set up, like “A”, “AA”, “AB”, “AC”, etc.)

[Ophidian14]

I submitted a minidump per the “normal” process if that helps.

[Ophidian14]

Which I think is what happened, I accidentally downgraded to 5.2r9, thus I didn’t see the issue any more (or the option to go 64-bit).  It’s definitely still present in 5.3.

[Ophidian14]

Sorry to spam the forum but I realized the “Download” link on the main page gives you 5.2r9 (which doesn’t seem to have the crash) and 5.3 preview 5 comes from the “try it now link”.

[Ophidian14]

No!!  The crash remains on both the 32-bit and 64-bit versions!!  I had to type an arrow-> operator to get it to happen, but it’s there.

[Ophidian14]

Also amidst all of this I deleted my AppData VisualGDB folder contents, if that matters.

[Ophidian14]

Okay, hold on a second here.  I had to recreate my project file (for other reasons), and realized I was back on the 32-bit CppEngineHost.  I went back to turn it back on, and the setting you mentioned (in C++ Text Editor -> Other) was no longer visible?

Then I downloaded build 1716 from the link you gave that other guy, and now the setting is back again *and* it’s enabled??

Also when I downloaded the “official” Preview 5 it said “5.2 r9”, is that right?

The crash is still gone though, luckily, in the 64 bit version (FWIW).

[Ophidian14]

I am using Preview 5 and the crash seems to be gone.  Also, the performance seems faster as well.

[Ophidian14]

I’m trying.  I’m almost certain it has to do with our usage of boost::variant (and boost::make_recursive_variant), and I’ve made several reduced test programs with boost::variant, but they don’t trigger the issue.  I’ll keep looking at it.

[Ophidian14]

I found a small enough file that the decode will finish with the Debug build.  Unfortunately it doesn’t reproduce with the Debug build.  I open the file with the Release version of CppEngineHost64.dll and I get the crash window within one second.  If I close Visual Studio, swap out to the Debug CppEngineHost64.dll and open that same file, I get about a 3-4 second pause and then the parse completes (I can tell because the syntax highlighting changes in a subtle way, and the Diagnostic window says so).

I got another crash dump that basically says in WinDbg:

BUGCHECK_STR:  STACK_BUFFER_OVERRUN_STACK_BUFFER_OVERRUN_NOSOS_MISSING_GSFRAME

DEFAULT_BUCKET_ID:  STACK_BUFFER_OVERRUN_STACK_BUFFER_OVERRUN_NOSOS_MISSING_GSFRAME

PRIMARY_PROBLEM_CLASS:  STACK_BUFFER_OVERRUN

IP_ON_HEAP:  3a74736f6f62202c
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.

FRAME_ONE_INVALID: 1

LAST_CONTROL_TRANSFER:  from 3a74736f6f62202c to 000007feb9539a54

STACK_TEXT:  
000000001d2ad010 3a74736f6f62202c : 3a6c69617465643a 746e61697261763a 2c5f64696f763a3a 3a3a74736f6f6220 : CppEngineCore64!LookupGlobalName+0x23e24

 

 

Now, below this is a bunch of hex output that basically looked like ASCII text to me so I decoded it.  I got this:

deta il::  boo st:: ::vo'id_, :var'iant
vari ant: deta il::  boo'st:: ::vo'id_,
:voi d_,  vari ant: deta'il::  boo'st::
boos t::d :voi d_,  vari'ant: deta'il::
etai l::v boos t::d :voi'd_,  vari'ant:
aria nt:: etai l::v boos't::d :voi'd_,
void _, b aria nt:: etai'l::v boos't::d
oost ::de void _, b aria'nt:: etai'l::v
tail ::va oost ::de void'_, b aria'nt::
rian t::v tail ::va oost'::de void'_, b
oid_ , bo rian t::v tail'::va oost'::de
ost: :det oid_ , bo rian't::v tail'::va
ail: :var ost: :det oid_', bo rian't::v
iant ::vo ail: :var ost:':det oid_', bo
id_,  boo iant ::vo ail:':var ost:':det
st:: deta id_,  boo iant'::vo ail:':var
il:: vari st:: deta id_,' boo iant'::vo
ant: :voi il:: vari st::'deta id_,' boo
d_,  boos ant: :voi il::'vari st::'deta
t::d etai d_,  boos ant:':voi il::'vari
l::v aria t::d etai d_, 'boos ant:':voi
nt:: void l::v aria t::d'etai d_, 'boos
_, b oost nt:: void l::v'aria t::d'etai
::de tail _, b oost nt::'void l::v'aria
::va rian ::de tail _, b'oost nt::'void
t::v oid_ ::va rian ::de'tail _, b'oost
, bo ost: t::v oid_ ::va'rian ::de'tail
:det ail: , bo ost: t::v'oid_ ::va'rian
:var iant :det ail: , bo'ost: t::v'oid_
::vo id_> :var iant :det'ail: , bo'ost:
 >,  std: ::vo id_> :var'iant :det'ail:
:all ocat  >,  std: ::vo'id_> :var'iant
or<s td:: :all ocat  >, 'std: ::vo'id_>
pair <std or<s td:: :all'ocat  >, 'std:
::st ring pair <std or<s'td:: :all'ocat
, bo ost: ::st ring pair'<std or<s'td::
:var iant , bo ost: ::st'ring pair'<std
<int , do :var iant , bo'ost: ::st'ring
uble , bo <int , do :var'iant , bo'ost:
ol,  std: uble , bo <int', do :var'iant
:str ing, ol,  std: uble', bo <int', do
 boo st:: :str ing, ol, 'std: uble', bo
deta il::  boo st:: :str'ing, ol, 'std:
vari ant: deta il::  boo'st:: :str'ing,
:voi d_,  vari ant: deta'il::  boo'st::
boos t::d :voi d_,  vari'ant: deta'il::
etai l::v boos t::d :voi'd_,  vari'ant:
aria nt:: etai l::v boos't::d :voi'd_,
void _, b aria nt:: etai'l::v boos't::d
oost ::de void _, b aria'nt:: etai'l::v
tail ::va oost ::de void'_, b aria'nt::
rian t::v tail ::va oost'::de void'_, b
oid_ , bo rian t::v tail'::va oost'::de
ost: :det oid_ , bo rian't::v tail'::va
ail: :var ost: :det oid_', bo rian't::v
iant ::vo ail: :var ost:':det oid_', bo
id_,  boo iant ::vo ail:':var ost:':det
st:: deta id_,  boo iant'::vo ail:':var
il:: vari st:: deta id_,' boo iant'::vo
ant: :voi il:: vari st::'deta id_,' boo
d_,  boos ant: :voi il::'vari st::'deta
t::d etai d_,  boos ant:':voi il::'vari
l::v aria t::d etai d_, 'boos ant:':voi
nt:: void l::v aria t::d'etai d_, 'boos
_, b oost nt:: void l::v'aria t::d'etai
::de tail _, b oost nt::'void l::v'aria
::va rian ::de tail _, b'oost nt::'void
t::v oid_ ::va rian ::de'tail _, b'oost
, bo ost: t::v oid_ ::va'rian ::de'tail
:det ail: , bo ost: t::v'oid_ ::va'rian
:var iant :det ail: , bo'ost: t::v'oid_
::vo id_, :var iant :det'ail: , bo'ost:
 boo st:: ::vo id_, :var'iant :det'ail:
deta il::  boo st:: ::vo'id_, :var'iant
vari ant: deta il::  boo'st:: ::vo'id_,
:voi d_,  vari ant: deta'il::  boo'st::
boos t::d :voi d_,  vari'ant: deta'il::
etai l::v boos t::d :voi'd_,  vari'ant:
aria nt:: etai l::v boos't::d :voi'd_,
void _, b aria nt:: etai'l::v boos't::d
oost ::de void _, b aria'nt:: etai'l::v
tail ::va oost ::de void'_, b aria'nt::
rian t::v tail ::va oost'::de void'_, b
oid_ , bo rian t::v tail'::va oost'::de
ost: :det oid_ , bo rian't::v tail'::va
ail: :var ost: :det oid_', bo rian't::v
iant ::vo ail: :var ost:':det oid_', bo
id_,  boo iant ::vo ail:':var ost:':det
st:: deta id_,  boo iant'::vo ail:':var
il:: vari st:: deta id_,' boo iant'::vo
ant: :voi il:: vari st::'deta id_,' boo

 

Any ideas?

 

 

 

[Ophidian14]

Okay but did you see my earlier post about how the 5.3 debug build basically just runs forever and never completes.  I can’t get any crash dumps from it.

[Ophidian14]

The problem is that with this build, the performance collapses and I can’t reproduce anything because the parse never finishes.  I saw this just now after killing CppEngineHost in Task Manager after I came back from lunch.  Any other ideas?

[+1:36:16.708] Operation completed: Reparsing \\10.10.161.129\xxx\yyy\Main.cpp [4912406 msec]
[+1:36:16.707]        at System.Runtime.Remoting.Channels.SocketHandler.ReadAndMatchFourBytes(Byte[] buffer)
[+1:36:16.707]        at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadAndMatchPreamble()
[+1:36:16.707]        at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadVersionAndOperation(UInt16& operation)
[+1:36:16.707]        at System.Runtime.Remoting.Channels.Ipc.IpcClientHandler.ReadHeaders()
[.....]

 

[Author]

Posts