FIX: Using CString::operator+= May Cause an Access Violation

Last reviewed: September 19, 1997
Article ID: Q142385
4.00 WINDOWS NT kbprg kbbuglist kbfixlist

The information in this article applies to:

  • The Microsoft Foundation Classes (MFC) included with: Microsoft Visual C++, 32-bit Edition, Version 4.0

SYMPTOMS

An access violation may result after using CString::operator+= where the string on the right hand side of the operator is an empty string. If the debug CRT libraries are installed, an Assertion Failure in Dbgheap.c line 1017 will occur. The "Sample Code" section in this article gives an example that demonstrates this problem.

CAUSE

The CString implementation has been optimized in Visual C++ 4.0 to use reference counting in order to minimize duplication in allocation of memory. When operator+= is used to append an empty string, the code in CString::ConcatInPlace() incorrectly decrements the reference count. If more than one CString is pointing at this data, the call to delete in the CString destructor causes an access violation.

RESOLUTION

To work around this problem, avoid using the += operator with an empty string of the form:

   str1 += _T("");

Check for empty CStrings prior to appending:

   if (!str2.IsEmpty())
      str1 += str2;

STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article. This bug was corrected in Visual C++ 4.1.

MORE INFORMATION

Sample Code

/* Compile options needed: default
*/

{
  CString str1, str2;

  str1  = _T("allocspace");  // length of RHS > 0, allocate memory
                         // str1 += str2 will otherwise do a fast copy
                         // if both CStrings are uninitialized

  str1  = _T("");        // make str1 NULL
                         // operator= will put '\0' at m_pchData[0]

  str2  = str1;          // str1 and str2 share the same m_pchData.
                         // m_pchData now has ref count of 2

  str1 += _T("");        // m_pchData has ref count of 1 but both str1
                         // and str2 use this data.
}


Additional reference words: 4.00 4.10
KBCategory: kbprg kbbuglist kbfixlist
KBSubcategory: MfcMisc vcbuglist400 vcfixlist410
Keywords : MfcMisc vcbuglist400 vcfixlist410 kbbuglist kbfixlist kbprg
Technology : kbMfc
Version : 4.00
Platform : NT WINDOWS
Solution Type : kbfix


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: September 19, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.