|
00402123 push 4
00402125 mov eax,dword ptr [ebp-4]
00402128 push eax
00402129 call `eh vector destructor iterator' (004028f0)
0040212E mov ecx,dword ptr [ebp+8]
00402131 and ecx,1
00402134 test ecx,ecx
00402136 je CMemoryItem::`vector deleting destructor'+57h (00402147)
00402138 mov edx,dword ptr [ebp-4]
0040213B sub edx,4
0040213E push edx
0040213F call operator delete (00402786)
00402144 add esp,4
00402147 mov eax,dword ptr [ebp-4]
0040214A sub eax,4
0040214D jmp CMemoryItem::`vector deleting destructor'+80h (00402170)
0040214F mov ecx,dword ptr [ebp-4]
00402152 call @ILT+160(CMemoryItem::~CMemoryItem) (004010a5)
00402157 mov eax,dword ptr [ebp+8]
0040215A and eax,1
0040215D test eax,eax
0040215F je CMemoryItem::`vector deleting destructor'+7Dh (0040216d)
00402161 mov ecx,dword ptr [ebp-4]
00402164 push ecx
00402165 call operator delete (00402786)
0040216A add esp,4
0040216D mov eax,dword ptr [ebp-4]
00402170 pop edi
00402171 pop esi
00402172 pop ebx
00402173 add esp,44h
00402176 cmp ebp,esp
00402178 call _chkesp (004027d4)
0040217D mov esp,ebp
0040217F pop ebp
00402180 ret 4 在这个调用里循环为了执行每一个数组成员的析构函数,最后释放整块内存返回。而且大家可以从00402161这句看出,系统把pItem指向的地址向前移了4字节,上节的讨论中知道,为对象申请数组时会多申请4字节并把前4字节存放入数组的元素个数,那么释放这个数组也得从它的开始位置释放,所以要向前移动4字节。这是一个正常的情况,那么出错的情况是怎么发生的呢?接下来看一下代码2的汇编实现:
|
