参数错误导致异常

发表于 | 更新于 | 分类于 | 评论数: | 阅读次数:

背景

某游戏钉钉联系我说出现dump导致模板异常,因为模板是我负责的,所以就顺便看了下

dump

链接:https://pan.baidu.com/s/1pyrJXtv26zLvhvfS3Ts2rA
提取码:48fo

分析过程

查看异常点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
0:034> .ecxr;kv
eax=0631f54c ebx=09798e18 ecx=00000003 edx=00000000 esi=740cbc8c edi=0631f5ec
eip=754bc54f esp=0631f54c ebp=0631f59c iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
KERNELBASE!RaiseException+0x58:
754bc54f c9              leave
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child              
0631f59c 73d69339 e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58 (FPO: [Non-Fpo])
0631f5dc 7402ee11 0631f5ec 740cbc8c 740db540 msvcr120!_CxxThrowException+0x5b (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
*** WARNING: Unable to verify checksum for cfddsvr.exe
0631f5f0 009f89ea 0070f490 0731e5f8 0070f498 mfc120!AfxThrowInvalidArgException+0x19 (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp @ 228]
0631f608 00940e55 0999e748 00000008 00000000 cfddsvr!CHwTable::SetBottom+0xda (FPO: [Non-Fpo]) (CONV: thiscall) [d:\jenkins\workspace\publish_gametplserver1.0\tcghw1.0\trunk\tcghw\tcghw.cpp @ 849]
0631f624 009610bb 0999e748 37cbe17c 00000000 cfddsvr!CGameTable::OnSetBottom+0x185 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\jenkins\workspace\publish_cfddsvr\common\cfdd\cfddtbl.cpp @ 880]
0631f6fc 00960a48 071f8bb8 09998398 007047d8 cfddsvr!CGameServer::OnSetBottom+0x55b (FPO: [Non-Fpo]) (CONV: thiscall) [d:\jenkins\workspace\publish_cfddsvr\cfddsvr\server.cpp @ 709]
0631f76c 00968ed4 071f8bb8 09998398 0070f498 cfddsvr!CGameServer::OnRequest+0x1f8 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\jenkins\workspace\publish_cfddsvr\cfddsvr\server.cpp @ 68]
0631f794 0096da9d 00000000 02950748 029c18e0 cfddsvr!CIocpWorker::DoWorkLoop+0xa4
0631f7ac 0096da6b 0631f7ec 73d7c01d 0070f490 cfddsvr!CBaseWorker::WorkerThreadProc+0x2d
0631f7b4 73d7c01d 0070f490 a7e5bfa1 00000000 cfddsvr!CBaseWorker::WorkerThreadFunc+0xb
0631f7ec 73d7c001 00000000 0631f804 769c343d msvcr120!_callthreadstartex+0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt\crtw32\startup\threadex.c @ 376]
0631f7f8 769c343d 029c18e0 0631f844 77109802 msvcr120!_threadstartex+0x7c (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\startup\threadex.c @ 354]
0631f804 77109802 029c18e0 e12c35d8 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
0631f844 771097d5 73d7bfb4 029c18e0 ffffffff ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
0631f85c 00000000 73d7bfb4 029c18e0 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

出错代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
void CHwTable::SetBottom(LPSET_BOTTOM pSetBottom)
{
	memcpy(m_nBottomIDs, pSetBottom->nBottomIDs, sizeof(m_nBottomIDs));

	for(int i = 0; i < m_nBottomCards; i++){
		int shape = CalculateCardShape(m_nBottomIDs[i]);
		int value = CalculateCardValue(m_nBottomIDs[i]);
		m_nCardsLayIn[m_nBanker][shape * m_nLayoutMod + value]--;

		int x = GetCardNO(m_nBottomIDs[i]);
		m_aryCard[x].nStatus = CS_BOTTOM;    //---- 849
		m_aryCard[x].nChairNO = m_nBanker;
	}
}

心中猜测应该就是 x 计算错误,导致m_aryCard(CArray)异常了

!analyze -v 查看异常原因

1
2
3
4
5
6
7
8
EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 754bc54f (KERNELBASE!RaiseException+0x00000058)
   ExceptionCode: e06d7363 (C++ EH exception)
  ExceptionFlags: 00000001
NumberParameters: 3
   Parameter[0]: 19930520
   Parameter[1]: 0631f5ec
   Parameter[2]: 740cbc8c

是一个C++异常,很符合MFC的CArray的行为,具体查看原因

1
2
3
4
5
6
7
8
0:034> dd 740cbc8c l4
740cbc8c  00000000 00000000 00000000 740cbc9c
0:034> dd 740cbc9c l2
740cbc9c  00000005 740cbc70
0:034> dd 740cbc70 l2
740cbc70  00000001 740e0d38
0:034> da 740e0d38 + 8
740e0d40  ".PAVCInvalidArgException@@"

明显的一个 “InvalidArgException”

说明

有的同学想看下CHwTable::SetBottom 中x 的参数内容,但是却看不到,其实是因为模板(publish_gametplserver1.0)层是开启了代码优化,所以看不到内容;

可以切换到上层CGameTable::OnSetBottom 这里查看成员变量的值(这个模块是没有开启优化的)