Win32 debug heap assertion after reading a cached filter filter while

BBS:      TELESC.NET.BR
Assunto:  Win32 debug heap assertion after reading a cached filter filter while
De:       Rob Swindell
Data:     Mon, 16 Mar 2026 02:16:44 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/issues/1099#note_8600

Here's another clue:

without changing `filterfile.cpp` (so its `reset()` method did *not* call `strListFree()`), I was able to trigger the assertion (still, only on MSVC builds for Win32-debug) by adding the following lines right after `ip_can.init(&scfg, "ip");` in `mail_server()` - before *any* child threads are spawned!
```
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
		ip_can.listed("");
		ip_can.reset();
```
It would crash in one of the calls to `ip_can.listed()`, when it calls `strListFree()`.

Another thing I noticed that I think could be relevant is at the time of the crash there was another mailsrvr.dll thread (!) running:
```
 	ntdll.dll!_NtWaitForAlertByThreadId@8()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!@RtlpWaitOnAddressWithTimeout@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_RtlpWaitOnCriticalSection@8()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_RtlpEnterCriticalSectionContended@8()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_RtlEnterCriticalSection@4()	Unknown	Non-user code. Symbols loaded without source information.
 	mailsrvr.dll!__acrt_lock(__acrt_lock_id _Lock) Line 55	C++	Symbols loaded.
 	mailsrvr.dll!heap_alloc_dbg_internal(const unsigned int size, const int block_use, const char * const file_name, const int line_number) Line 309	C++	Symbols loaded.
 	mailsrvr.dll!heap_alloc_dbg(const unsigned int size, const int block_use, const char * const file_name, const int line_number) Line 450	C++	Symbols loaded.
>	mailsrvr.dll!_calloc_dbg(unsigned int count, unsigned int element_size, int block_use, const char * file_name, int line_number) Line 518	C++	Symbols loaded.
 	mailsrvr.dll!__vcrt_getptd_noexit() Line 128	C++	Non-user code. Symbols loaded.
 	mailsrvr.dll!__vcrt_thread_attach() Line 155	C++	Non-user code. Symbols loaded.
 	mailsrvr.dll!__scrt_dllmain_crt_thread_attach() Line 436	C++	Non-user code. Symbols loaded.
 	mailsrvr.dll!dllmain_crt_dispatch(HINSTANCE__ * const instance, const unsigned long reason, void * const reserved) Line 221	C++	Non-user code. Symbols loaded.
 	mailsrvr.dll!dllmain_dispatch(HINSTANCE__ * const instance, const unsigned long reason, void * const reserved) Line 276	C++	Non-user code. Symbols loaded.
 	mailsrvr.dll!_DllMainCRTStartup(HINSTANCE__ * const instance, const unsigned long reason, void * const reserved) Line 334	C++	Non-user code. Symbols loaded.
 	ntdll.dll!_LdrxCallInitRoutine@16()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_LdrpCallInitRoutineInternal@16()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_LdrpCallInitRoutine@16()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_LdrpInitializeThread@4()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!__LdrpInitialize@8()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_LdrpInitializeInternal@8()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!LdrInitializeThunk()	Unknown	Non-user code. Symbols loaded without source information.
```
Apparently trying to allocate 40 bytes for what reason I do not know. but this is consistent. Crashes with either sbbs.exe or sbbsctrl.exe, so we know this is not about Borland C++ being involved (its not used when building/running sbbs.exe) and mixed runtime libraries/heaps.

It would more reliably crash here (usually in the second call to `listed()`) if the mail server was the only server set to run automatically. This also reduced the total number of threads/noise and allowed me to notice the "extra" mail server thread running in (apparently) `calloc()`) at the time of the crash.

Microsoft's AppVerifier doesn't catch anything (heap page or otherwise) before the assertion.
--- SBBSecho 3.37-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

-----------------------------------------------------------
[Voltar]