https://svn.boost.org/trac10/ticket/2735 <p> A memory corruption caused by access to invalid pointer "overlapped" at function shutdown_service in win_iocp_io_service.hpp line 144 </p> <p> The bug is caused by the return value of ::<a class="missing wiki">GetQueuedCompletionStatus</a> is not checked. when the function return false, the value of "overlapped" will be invalid( not zero) and access to the pointer will cause memory corruption. </p> <p> I am sorry that I cannot give you a example to reproduce this bug (due to the company policy) You can reproduce this issue by calling ::<a class="missing wiki">ConnectNamedPipe</a> and close the pipe immediately before any clients connect to the pipe. ::<a class="missing wiki">GetQueuedCompletionStatus</a> will return "pending I/O operation is still in progress" and failed. </p> <p> This bug is very hard to find due to the corruption may corrupt other part of the code. If you don't want to fully support windows pipe(::<a class="missing wiki">ConnectNamedPipe</a> is supported by Windows IOCP, but not by asio), that's fine. I know the problem is caused by my misuse of asio, but please do check the return value of windows API and avoid the memory corruption problem. </p> <p> Thank you. </p> <p> btw, please ingore "?" above. </p> <pre class="wiki">void shutdown_service() { ::InterlockedExchange(&amp;shutdown_, 1); while (::InterlockedExchangeAdd(&amp;outstanding_operations_, 0) &gt; 0) { DWORD bytes_transferred = 0; #if (WINVER &lt; 0x0500) DWORD completion_key = 0; #else DWORD_PTR completion_key = 0; #endif LPOVERLAPPED overlapped = 0; ::GetQueuedCompletionStatus(iocp_.handle, &amp;bytes_transferred, &amp;completion_key, &amp;overlapped, INFINITE); if (overlapped) static_cast&lt;operation*&gt;(overlapped)-&gt;destroy(); } for (std::size_t i = 0; i &lt; timer_queues_.size(); ++i) timer_queues_[i]-&gt;destroy_timers(); timer_queues_.clear(); } </pre> en-us /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/2735 Trac 1.4.3 chris_kohlhoff Thu, 09 Apr 2009 12:56:20 GMT https://svn.boost.org/trac10/ticket/2735#comment:1 https://svn.boost.org/trac10/ticket/2735#comment:1 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">worksforme</span> </li> </ul> <p> Unfortunately your patch is not correct, as you appear to have missed an important detail in the MSDN page: </p> <blockquote> <p> If *lpOverlapped is not NULL and the function dequeues a completion packet for a failed I/O operation from the completion port, the return value is zero. </p> </blockquote> <p> That is, the fact that overlapped is non-null means that there is an OVERLAPPED-derived object that needs to be deleted, it's just that it happens to be for a failed operation. That it is deleting an "invalid" object makes me suspect that your program (or asio) is deleting the OVERLAPPED-derived object too early. </p> <p> There isn't enough information here for me to determine if there is a bug in asio. Using <a class="missing wiki">ConnectNamedPipe</a> with asio appears to work correctly when I try it following your instructions. Please reopen this bug if you can provide more detailed instructions. </p> Ticket