Segmentation fault during Transition of Control from C++ to Pro *C

Question

Hi,

I have written a small Pro *C/C++ application [ multi-threaded, daemon ] where, i used Pro *c to fetch some DB records and then call C++ function to generate XML files, which are sent through socket to third party.

The problem is that, when the c++ function is called, it is generating the xml file properly, but ending up with Sig 11 error, during the transition of control from C++ back to Pro *C. Here, i dont have any return parameters as well as, all the parameters to the C++ function are constant parameters.

The problem is coming up random. In the sence, after generating couple of xml's [ which are generated from the same code ]. The error is not constant. In the sence, after generating 1 or 2 xml files, at first run, 5 xmls during second run and sometimes just after 1 xml is generated.

So, not sure, if it is related to any code problem, as it is generating the xml files, properly, but rather a stack unwinding/stack corruption problem.

Any points in this area, would of be great help.

Also, iam working on HP Itanium with aC++ compiler.

Here is the function declaration and how it is being called:

/* ------------ Pro *C : ------ */
GenerateXML(Mic_Prov_Queue_List, Prov_Service_Params_Info, iThreadId); 
/* Declaration : ----------- */
#ifdef __cplusplus extern "C" { 
void GenerateXML(const Mic_Prov_List *Mic_Prov_Queue_List, const Mic_Prov_Service_Params_info_x_t * Prov_Service_Params_Info, int iThreadId); 
#ifdef __cplusplus

Regards Roopesh Majeti.

Answer 1

Chances are your GenerateXML function is writing beyond the bounds of a buffer and trashing the stack - specifically the return address. In this case, it's not at all surprising that the XML output looks OK but it crashes once you return.

I'm betting that among the first few variables declared in GenerateXML is a buffer or array of some sort?

EDIT:

(The OP has indicated in comments that there is indeed a char buffer of size 1000 declared in GenerateXML)

Yes, if you write more than 1000 bytes into that buffer (that is, write to position buffer[1000] or higher) then you will corrupt things - in your case, you seem to be corrupting the function return value.

To find out where your code is doing this is the hard bit. You have a few options:

• Inspect the code by hand and try to find the spot where it's happening;
• scatter assert(n < 1000) statements before each access to buffer[n] and use a debugger to figure out what's happened;
• Run it under a debugger, set a watchpoint on buffer[999], then single-step after the watchpoint triggers to see when it accesses buffer[1000];
• Run it under a code analysis tool like valgrind or Purify.