Heap Corruption        

What is a heap?

The heap is some memory, which is reserved for each single application by the operating system (e.g. Windows). The heap is the storage of every data of your application.

Example:

int main()
{
   // the following line will allocate 2 * 4 bytes of memory (int sizes 4 bytes)
   int a, b;
}

What is a heap corruption?

A heap corruption means that some command of your application overwrote some of the data in the heap. If another command of your application wants to access that data now, it will get bad data.

This can cause some weird errors which seem unexplainable. If there's a heap corruption it may occur that the new operator returns NULL by default.

So if you have some very weird problem, maybe you have a heap corruption. This mainly occurs when you try to run a program in release mode which works fine while you're in debug mode. It may be that you get errors now because one of the following reasons.

Common reasons for heap corruptions

Dangling pointers

A dangling pointer is a pointer which points on an object which has already been deleted. If you try to use this pointer now, you will get an error.

Example:

class A
{
   String mName;

   void A(String name) : mName(name)
   {
   }

   void speak()
   {
      printf("My name is: %s\n", mName.c_str());
   }
}

A *pointer1, *pointer2;

pointer1 = new A("Michael");
pointer2 = pointer1;
// now both pointers point at the same object (class A)

pointer1->speak(); // this will work
pointer2->speak(); // this too

delete pointer1;
// now the object has been deleted, but both pointers point on the memory adress where it has been

pointer1->speak(); // this will cause an error
pointer2->speak(); // this will cause one too

Double free's

If you delete a pointer twice (^= if you delete a dangling pointer) you will again get some weird problems. I want to quote :wumpus: here: "Even more fun awaits in that case."

Example:

A* pointer = new A("Dave");
pointer->speak();
delete pointer;

B* pointerB = new B(20);
pointerB->add(50);
pointerB->printResult();
delete pointer; //this may be a typo for example

//you will get some error from here on now... have fun searching for the cause
...

Array out of bounds

If you set an element of an array with an index which is out of the arrays bound, you will overwrite the following data in the heap.

Example:

int numbers[3];
A* pointer = new A("Hansi");
B* pointerB = new B(4);

numbers[0] = 23;
numbers[1] = 42;
numbers[2] = 5;
numbers[3] = 666; //this index is out of bound

// one pointer has a size of 4 bytes (unsigned int) on 32 bit system and 8 bytes (unsigned long) on 64 bit systems
// so you overwrote the first pointer (if you've a 32 bit system). This causes errors:
pointerB->add(16);
pointerB->printResult(); //this will print "20"
delete pointerB; //no problems 'till here

// here may be billions of lines of code... no problem, unless you do this:
A->speak(); // this will not work, unless the following statement 
            //has been true in line 3 already: (int)pointer == 666;

Other explanations for weird problems in release mode

Uninitialised pointer

In release mode, the variables won't get initialised automatically, so if you don't say that a pointer is NULL, it will be some random number. If you try to use that pointer, you will get an error.

Example:

A* pointer;

if (pointer == NULL)
   pointer = new A("John");

pointer->speak(); //this probably won't work in release mode, but in debug mode it would
delete pointer;

int x;
printf("%i", ++x); //this will output some random number

Surviving the Release Version

Surviving the Release Version

Why I did this wiki entry

I searched for three days. I searched the reason which caused my minimap to bring up an "assertion failed" in release mode. The problem was an array of colours (ColourValue mColors5), which was made at a time, I only needed 5 colours. I put in 11 of them...
I'm hoping this helps some of you to save some time debugging. Good luck!