什么可能导致dynamic_cast崩溃?

时间:2023-01-16 21:55:46

I have a piece of code looking like this :

我有一段看起来像这样的代码:

TAxis *axis = 0;
if (dynamic_cast<MonitorObjectH1C*>(obj))
   axis = (dynamic_cast<MonitorObjectH1C*>(obj))->GetXaxis();

Sometimes it crashes :

有时会崩溃:

Thread 1 (Thread -1208658240 (LWP 11400)):
#0  0x0019e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x048c67fb in __waitpid_nocancel () from /lib/tls/libc.so.6
#2  0x04870649 in do_system () from /lib/tls/libc.so.6
#3  0x048709c1 in system () from /lib/tls/libc.so.6
#4  0x001848bd in system () from /lib/tls/libpthread.so.0
#5  0x0117a5bb in TUnixSystem::Exec () from /opt/root/lib/libCore.so.5.21
#6  0x01180045 in TUnixSystem::StackTrace () from /opt/root/lib/libCore.so.5.21
#7  0x0117cc8a in TUnixSystem::DispatchSignals ()
   from /opt/root/lib/libCore.so.5.21
#8  0x0117cd18 in SigHandler () from /opt/root/lib/libCore.so.5.21
#9  0x0117bf5d in sighandler () from /opt/root/lib/libCore.so.5.21
#10 <signal handler called>
#11 0x0533ddf4 in __dynamic_cast () from /usr/lib/libstdc++.so.6

I have no clue why it crashes. obj is not null (and if it was it would not be a problem, would it ?).

我不知道为什么它会崩溃。 obj不是null(如果它不是问题,不是吗?)。

What could be the reason for a dynamic cast to crash ?

动态演员崩溃的原因是什么?

If it can't cast, it should just return NULL no ?

如果它不能转换,它应该只返回NULL不?

6 个解决方案

#1

37  

Some possible reasons for the crash:

崩溃的一些可能原因:

  • obj points to an object with a non-polymorphic type (a class or struct with no virtual methods, or a fundamental type).

    • obj指向具有非多态类型的对象(没有虚方法或基本类型的类或结构)。

  • obj points to an object that has been freed.

    • obj指向已释放的对象。

  • obj points to unmapped memory, or memory that has been mapped in such a way as to generate an exception when accessed (such as a guard page or inaccessible page).

    • obj指向未映射的内存,或者已经映射的内存,以便在访问时生成异常(例如保护页面或不可访问的页面)。

  • obj points to an object with a polymorphic type, but that type was defined in an external library that was compiled with RTTI disabled.

    • obj指向具有多态类型的对象,但该类型是在禁用RTTI的情况下编译的外部库中定义的。

Not all of these problems necessarily cause a crash in all situations.

并非所有这些问题都必然导致所有情况下的崩溃。

#2

11  

I suggest using a different syntax for this code snippet.

我建议为此代码段使用不同的语法。

if (MonitorObjectH1C* monitorObject = dynamic_cast<MonitorObjectH1C*>(obj))
{
    axis = monitorObject->GetXaxis();
}

You can still crash if some other thread is deleting what monitorObject points to or if obj is crazy garbage, but at least your problem isn't casting related anymore and you're not doing the dynamic_cast twice.

如果某个其他线程正在删除monitorObject指向的内容或者如果obj是疯狂的垃圾,你仍然会崩溃,但至少你的问题不再是相关的,你没有做两次dynamic_cast。

#3

3  

As it crashes only sometimes, i bet it's a threading issue. Check all references to 'obj':

由于它有时只会崩溃,我敢打赌这是一个线程问题。检查所有对'obj'的引用:

grep -R 'obj.*=' .

#4

2  

dynamic_cast will return 0 if the cast fails and you are casting to a pointer, which is your case. The problem is that you have either corrupted the heap earlier in your code, or rtti wasn't enabled.

如果转换失败并且您正在转换为指针,则dynamic_cast将返回0,这是您的情况。问题是您在代码中早先损坏了堆,或者没有启用rtti。

#5

2  

Are you sure that the value of 'obj' has been correctly defined?

你确定'obj'的值已经正确定义了吗?

If for example it is uninitialised (ie random) them I could see it causing a crash.

如果它是未初始化的(即随机的)它们我可以看到它导致崩溃。

#6

1  

Can the value of obj be changed by a different thread?

可以通过不同的线程更改obj的值吗?

#1

37  

Some possible reasons for the crash:

崩溃的一些可能原因:

  • obj points to an object with a non-polymorphic type (a class or struct with no virtual methods, or a fundamental type).

    • obj指向具有非多态类型的对象(没有虚方法或基本类型的类或结构)。

  • obj points to an object that has been freed.

    • obj指向已释放的对象。

  • obj points to unmapped memory, or memory that has been mapped in such a way as to generate an exception when accessed (such as a guard page or inaccessible page).

    • obj指向未映射的内存,或者已经映射的内存,以便在访问时生成异常(例如保护页面或不可访问的页面)。

  • obj points to an object with a polymorphic type, but that type was defined in an external library that was compiled with RTTI disabled.

    • obj指向具有多态类型的对象,但该类型是在禁用RTTI的情况下编译的外部库中定义的。

Not all of these problems necessarily cause a crash in all situations.

并非所有这些问题都必然导致所有情况下的崩溃。

#2

11  

I suggest using a different syntax for this code snippet.

我建议为此代码段使用不同的语法。

if (MonitorObjectH1C* monitorObject = dynamic_cast<MonitorObjectH1C*>(obj))
{
    axis = monitorObject->GetXaxis();
}

You can still crash if some other thread is deleting what monitorObject points to or if obj is crazy garbage, but at least your problem isn't casting related anymore and you're not doing the dynamic_cast twice.

如果某个其他线程正在删除monitorObject指向的内容或者如果obj是疯狂的垃圾,你仍然会崩溃,但至少你的问题不再是相关的,你没有做两次dynamic_cast。

#3

3  

As it crashes only sometimes, i bet it's a threading issue. Check all references to 'obj':

由于它有时只会崩溃,我敢打赌这是一个线程问题。检查所有对'obj'的引用:

grep -R 'obj.*=' .

#4

2  

dynamic_cast will return 0 if the cast fails and you are casting to a pointer, which is your case. The problem is that you have either corrupted the heap earlier in your code, or rtti wasn't enabled.

如果转换失败并且您正在转换为指针,则dynamic_cast将返回0,这是您的情况。问题是您在代码中早先损坏了堆,或者没有启用rtti。

#5

2  

Are you sure that the value of 'obj' has been correctly defined?

你确定'obj'的值已经正确定义了吗?

If for example it is uninitialised (ie random) them I could see it causing a crash.

如果它是未初始化的(即随机的)它们我可以看到它导致崩溃。

#6

1  

Can the value of obj be changed by a different thread?

可以通过不同的线程更改obj的值吗?

标签:

相关文章