[Bug 6088] access violation in BioEdit

Wine Bugs wine-bugs at winehq.org
Sun Apr 1 17:35:38 CDT 2007 

http://bugs.winehq.org/show_bug.cgi?id=6088





------- Additional Comments From focht at gmx.net  2007-01-04 17:35 -------
Hello,

the executable is packed/protected with Petite 2.x -> must be
unpacked/deprotected before doing anything useful with it :)

With that humbug gone it boils down to following..

--- snip crash ---
0009:trace:ole:OleInitialize ((nil))
0009:trace:ole:CoInitializeEx ((nil), 2)
0009:trace:ole:OleInitialize () - Initializing the OLE libraries
0009:trace:ole:OLEClipbrd_Initialize ()
0009:trace:ole:RegisterDragDrop (0x10058,0xadf1f4)
0009:trace:ole:OleUninitialize ()
0009:trace:ole:OleUninitialize () - Freeing the last reference count
0009:trace:ole:OLEClipbrd_UnInitialize ()
0009:trace:ole:OLEClipbrd_Destroy ()
0009:trace:ole:OLEClipbrd_Destroy () - Destroying clipboard data object.
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x10
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=00000010
0009:trace:seh:raise_exception  eax=00adf1f4 ebx=6094546c ecx=6094e54c
edx=00a9ca90 esi=001845e0 edi=00acdcec
0009:trace:seh:raise_exception  ebp=0034f6f0 esp=0034f6d4 cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00210206
--- snip crash ---

>From what i've seen it crashes in Drag and Drop uninit in OleUninitialize()
shutdown sequence, e.g. OLEDD_UnInitialize()

--- snip dlls/ole32/ole2.c ---
static void OLEDD_UnInitialize(void)
{
  /*
   * Simply empty the list.
   */
  while (!list_empty(&targetListHead))
  {
    DropTargetNode* curNode;
    curNode = LIST_ENTRY(list_head(&targetListHead), DropTargetNode, entry);
    OLEDD_FreeDropTarget(curNode);  <--- *boom*
  }
}
--- snip dlls/ole32/ole2.c ---

OLEDD_FreeDropTarget -> IDropTarget_Release(dropTargetInfo->dropTarget);
I put in a trace directly before:

--- snip ---
0009:trace:ole:OLEDD_FreeDropTarget (0x184608, 0xadf1f4)
--- snip ---

Interface pointer matches with the one from RegisterDragDrop().
The only other internal function call which explicitly decrements refcount is
RevokeDragDrop() which isnt called.

My guess: either the client itself or some other drop target code in wine does
Release() somewhere -> vtable ptr deref on shutdown -> crash.

For verification i incremented the refcount twice in RegisterDragDrop() (2x
IDropTarget_AddRef(pDropTarget) ).
Seems it helped, doesnt crash in ole shutdown code.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the wine-bugs mailing list