Access Violation upon Returning? How do I go about debugging this?

Question

Our code logs various meaningful events. Usually logging works just fine, but today the log function is causing Access Violation upon returning. I'm guessing the heap was corrupted somehow, but it's not really clear to me why. The log function works pretty much in all circumstances, but now I'm logging a slightly longer file name. Where am I failing to see the problem here?

std::string Format(const char* fmt, ...)
{
    char buf[1 << 16]; // 65536
    va_list args;
    va_start(args, fmt);
    vsprintf(buf, fmt, args);
    va_end(args);
    return std::string(buf);
} // <-- Access Violation (0xC0000005) upon returning


#define LOG_DEBUG(fmt, ...)                                      \
{                                                                \
    ILogger* logger = LoggerFactory::GetLogger();                \
    if (logger)                                                  \
    {                                                            \
        std::string log = Format(fmt, ##__VA_ARGS__);            \
        logger->WriteLog(LOG_LEVEL_DEBUG, log.c_str());          \
    }                                                            \
}


static int doSomething(char* szMsg, const int nLength, ...)
{
    // Normally, this executes just fine.
    LOG_DEBUG("Message = %s, length = %d", szMsg, nLength);

    // ... do some things
}

The program exits with the message: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.. That address seems suspicious to me, why would it be maxed out?

For what it's worth the szMsg is assigned to a very long string of the form:

application_specific_data\rϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷ
ϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷ
ϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷ
ϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷ
ϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷϷ

And nLength is 65536.

Anyways, I'm not really sure how think through this kind of issue, even if there isn't an explicit answer to this exact scenario, how can I debug this? What should I pay attention to? What can I ignore?

Answer 1

Access violation upon return is almost always the result of corrupting not the heap, but the stack.

Specifically, in this case, the return address on the stack has been overwritten with 0xffffffff. This very often happens when you overflow a local buffer.

Obviously, the buffer that gets overflown is that char buf[1 << 16];

This can happen if you have a string which is longer than the buffer size, and this can in turn very easily happen if you accidentally have a string which you forgot to null-terminate.

To protect yourself against this problem never use vsprintf() (in my opinion the function should not even exist) always use vsnprintf(). This will not fix the bug that creates an awfully long string, but it will save your program from crashing and burning due to that bug.