Crash in dlls/comctl32/treeview.c
Dmitry Timoshkov
dmitry at baikal.ru
Mon Nov 3 02:28:18 CST 2003
Hello all,
I've got a crash in Excel running a custom VB script.
A crash log with +treeview is attached.
As I see it, TVM_SORTCHILDREN causes firstVisible to become NULL,
and on next TVM_SETITEMA message, TREEVIEW_UpdateScrollBars is
called, which dereferences infoPtr->firstVisible, which is NULL.
I'm not sure whether attached patch is correct or not, but it fixes
a crash in Excel. The patch simply prevents TREEVIEW_Sort from setting
infoPtr->firstVisible to NULL.
Treeview gurus out there any comments?
--
Dmitry.
-------------- next part --------------
...
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 1113 wp=00000000 lp=00000000
trace:treeview:TREEVIEW_SetFirstVisible (nil): <null item>
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 0114 wp=00000004 lp=00000000
trace:treeview:TREEVIEW_HScroll wp 4
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110a wp=00000004 lp=41130688
trace:treeview:TREEVIEW_GetNextItem flags:4, item 0x41130688;returns 0x411306f8
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110c wp=00000000 lp=4070c830
trace:treeview:TREEVIEW_GetItemA item <0x411306f8>, txt 0x17, img 0x4070c848, mask 14
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110a wp=00000001 lp=411306f8
trace:treeview:TREEVIEW_GetNextItem flags:1, item 0x411306f8;returns 0x41133880
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110c wp=00000000 lp=4070c830
trace:treeview:TREEVIEW_GetItemA item <0x41133880>, txt 0x17, img 0x4070c848, mask 14
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110a wp=00000001 lp=41133880
trace:treeview:TREEVIEW_GetNextItem flags:1, item 0x41133880;returns 0x41132310
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110c wp=00000000 lp=4070c830
trace:treeview:TREEVIEW_GetItemA item <0x41132310>, txt 0x17, img 0x4070c848, mask 14
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110a wp=00000001 lp=41132310
trace:treeview:TREEVIEW_GetNextItem flags:1, item 0x41132310;returns 0x41131f58
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110c wp=00000000 lp=4070c830
trace:treeview:TREEVIEW_GetItemA item <0x41131f58>, txt 0x17, img 0x4070c848, mask 14
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110a wp=00000001 lp=41131f58
trace:treeview:TREEVIEW_GetNextItem flags:1, item 0x41131f58;returns (nil)
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110a wp=00000004 lp=41135478
trace:treeview:TREEVIEW_GetNextItem flags:4, item 0x41135478;returns (nil)
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110c wp=00000000 lp=4070ca44
trace:treeview:TREEVIEW_GetItemA item <0x41135478>, txt (nil), img 0x4070ca5c, mask 22
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110d wp=00000000 lp=4070ca44
trace:treeview:TREEVIEW_SetItemA item 134,mask 22
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 0018 wp=00000001 lp=00000000
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 0046 wp=00000000 lp=4070c9d8
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 0047 wp=00000000 lp=4070c9d8
trace:treeview:TREEVIEW_WindowProc hwnd 0x1004d msg 110d wp=00000000 lp=4070c630
trace:treeview:TREEVIEW_SetItemA item 134,mask 11
trace:treeview:TREEVIEW_DoSetItem setting text "VBAProject", item 0x41135478
wine: Unhandled exception (thread 0009), starting debugger...
...
Backtrace:
=>0 0x4110b0a3 (TREEVIEW_UpdateScrollBars+0x137(infoPtr=0x411303b8) [treeview.c:2720] in comctl32.dll.so) (ebp=4070c370)
1 0x4110a189 (TREEVIEW_SetItemA+0x16d(infoPtr=0x411303b8, tvItem=0x4070c630, infoPtr=0x411303b8) [treeview.c:2105] in comctl32.dll.so) (ebp=4070c3f4)
2 0x4110ee40 (TREEVIEW_WindowProc+0x6ac(hwnd=0x1004d, uMsg=0x110d, wParam=0x0, lParam=0x4070c630) [treeview.c:5315] in comctl32.dll.so) (ebp=4070c414)
3 0x40850cf3 (WINPROC_wrapper+0x17 in user32.dll.so) (ebp=4070c438)
4 0x40850d8c (WINPROC_CallWndProc+0x8c(proc=0x4110e794, hwnd=0x1004d, msg=0x110d, wParam=0x0, lParam=0x4070c630) [winproc.c:228] in user32.dll.so) (ebp=4070c468)
5 0x40856ee3 (CallWindowProcA+0x3f(func=0x4110e794, hwnd=0x1004d, msg=0x110d, wParam=0x0, lParam=0x4070c630) [winproc.c:2883] in user32.dll.so) (ebp=4070c490)
6 0x650360c9 (VBE6.DLL.rtcGetCurrentCalendar+0x524b in VBE6.DLL) (ebp=4070c4b0)
7 0x40850cf3 (WINPROC_wrapper+0x17 in user32.dll.so) (ebp=4070c4d4)
8 0x40850d8c (WINPROC_CallWndProc+0x8c(proc=0x65036080, hwnd=0x1004d, msg=0x110d, wParam=0x0, lParam=0x4070c630) [winproc.c:228] in user32.dll.so) (ebp=4070c504)
9 0x40856ee3 (CallWindowProcA+0x3f(func=0x65036080, hwnd=0x1004d, msg=0x110d, wParam=0x0, lParam=0x4070c630) [winproc.c:2883] in user32.dll.so) (ebp=4070c52c)
10 0x40867b67 (call_window_proc+0xe7(hwnd=0x1004d, msg=0x110d, wparam=0x0, lparam=0x4070c630, unicode=0x0, same_thread=0x1) [message.c:1453] in user32.dll.so) (ebp=4070c57c)
11 0x40868ab8 (SendMessageTimeoutA+0xf0(hwnd=0x1004d, msg=0x110d, wparam=0x0, lparam=0x4070c630, flags=0x0, timeout=0xffffffff, res_ptr=0x4070c608, hwnd=0x1004d) [message.c:1959] in user32.dll.so) (ebp=4070c5d8)
12 0x40868c30 (SendMessageA+0x38(hwnd=0x1004d, msg=0x110d, wparam=0x0, lparam=0x4070c630) [message.c:2004] in user32.dll.so) (ebp=4070c60c)
13 0x6506feb6 (VBE6.DLL.DllRegisterServer+0x3923 in VBE6.DLL) (ebp=4070c690)
14 0x650704f2 (VBE6.DLL.DllRegisterServer+0x3f5f in VBE6.DLL) (ebp=4070c838)
15 0x65104fc9 (VBE6.DLL.rtcEnvironVar+0x17b3 in VBE6.DLL) (ebp=4070c9cc)
16 0x65104a8a (VBE6.DLL.rtcEnvironVar+0x1274 in VBE6.DLL) (ebp=4070cb0c)
17 0x300c7cb2 (EXCEL.EXE.EntryPoint+0xc5662 in EXCEL.EXE) (ebp=4070cd3c)
18 0x3005c196 (EXCEL.EXE.EntryPoint+0x59b46 in EXCEL.EXE) (ebp=4070cd6c)
19 0x3059911a (EXCEL.EXE._LPenHelper+0x1963a5 in EXCEL.EXE) (ebp=4070cd8c)
20 0x303d8f57 (EXCEL.EXE.MdCallBack+0x34494 in EXCEL.EXE) (ebp=4070ce54)
21 0x3038bbf2 (EXCEL.EXE.EntryPoint+0x3895a2 in EXCEL.EXE) (ebp=4070d1ec)
22 0x303a69a7 (EXCEL.EXE.MdCallBack+0x1ee4 in EXCEL.EXE) (ebp=4070d48c)
23 0x303a6deb (EXCEL.EXE.MdCallBack+0x2328 in EXCEL.EXE) (ebp=4070d6f0)
24 0x303a6c02 (EXCEL.EXE.MdCallBack+0x213f in EXCEL.EXE) (ebp=4070d8a4)
25 0x300d085f (EXCEL.EXE.EntryPoint+0xce20f in EXCEL.EXE) (ebp=4070d8fc)
26 0x30182857 (EXCEL.EXE.EntryPoint+0x180207 in EXCEL.EXE) (ebp=4070da04)
27 0x300d0250 (EXCEL.EXE.EntryPoint+0xcdc00 in EXCEL.EXE) (ebp=4070da84)
28 0x300c751b (EXCEL.EXE.EntryPoint+0xc4ecb in EXCEL.EXE) (ebp=4070dce4)
29 0x300cca74 (EXCEL.EXE.EntryPoint+0xca424 in EXCEL.EXE) (ebp=4070dd48)
30 0x300cc999 (EXCEL.EXE.EntryPoint+0xca349 in EXCEL.EXE) (ebp=4070dff4)
31 0x300d14e3 (EXCEL.EXE.EntryPoint+0xcee93 in EXCEL.EXE) (ebp=4070e258)
32 0x300d13de (EXCEL.EXE.EntryPoint+0xced8e in EXCEL.EXE) (ebp=4070e2a0)
33 0x305acb90 (EXCEL.EXE._LPenHelper+0x1a9e1b in EXCEL.EXE) (ebp=4070e4a0)
34 0x653462f7 (OLEAUT32.DLL.DispCallFunc+0xb6 in OLEAUT32.DLL) (ebp=4070e4b8)
35 0x6503b154 (VBE6.DLL.rtcGetCurrentCalendar+0xa2d6 in VBE6.DLL) (ebp=4070ee14)
36 0x650287a6 (VBE6.DLL.rtcEnvironBstr+0x2ef5 in VBE6.DLL) (ebp=4070ee48)
37 0x3005fdae (EXCEL.EXE.EntryPoint+0x5d75e in EXCEL.EXE) (ebp=4070eeb0)
38 0x3005f890 (EXCEL.EXE.EntryPoint+0x5d240 in EXCEL.EXE) (ebp=4070ef3c)
39 0x3005f7b0 (EXCEL.EXE.EntryPoint+0x5d160 in EXCEL.EXE) (ebp=4070ef8c)
40 0x3005f575 (EXCEL.EXE.EntryPoint+0x5cf25 in EXCEL.EXE) (ebp=4070f280)
41 0x3005e679 (EXCEL.EXE.EntryPoint+0x5c029 in EXCEL.EXE) (ebp=4070f704)
42 0x300369b8 (EXCEL.EXE.EntryPoint+0x34368 in EXCEL.EXE) (ebp=4070f8a4)
43 0x3034e129 (EXCEL.EXE.EntryPoint+0x34bad9 in EXCEL.EXE) (ebp=4070f950)
44 0x304a754a (EXCEL.EXE._LPenHelper+0xa47d5 in EXCEL.EXE) (ebp=4070f98c)
45 0x304b2d8c (EXCEL.EXE._LPenHelper+0xb0017 in EXCEL.EXE) (ebp=4070fa00)
46 0x304c60fc (EXCEL.EXE._LPenHelper+0xc3387 in EXCEL.EXE) (ebp=4070fa98)
47 0x300833ea (EXCEL.EXE.EntryPoint+0x80d9a in EXCEL.EXE) (ebp=4070fb58)
48 0x30046b6e (EXCEL.EXE.EntryPoint+0x4451e in EXCEL.EXE) (ebp=4070fc00)
49 0x3001724f (EXCEL.EXE.EntryPoint+0x14bff in EXCEL.EXE) (ebp=4070fcd0)
50 0x30016ef0 (EXCEL.EXE.EntryPoint+0x148a0 in EXCEL.EXE) (ebp=4070fcf4)
51 0x40850cf3 (WINPROC_wrapper+0x17 in user32.dll.so) (ebp=4070fd18)
52 0x40850d8c (WINPROC_CallWndProc+0x8c(proc=0x30016ead, hwnd=0x3003d, msg=0x201, wParam=0x1, lParam=0x3200c0) [winproc.c:228] in user32.dll.so) (ebp=4070fd48)
53 0x40856f3d (CallWindowProcA+0x99(func=0x408daa20, hwnd=0x3003d, msg=0x201, wParam=0x1, lParam=0x3200c0) [winproc.c:2898] in user32.dll.so) (ebp=4070fd70)
54 0x40838e7e (DispatchMessageA+0x122(msg=0x4070fe50) [message.c:796] in user32.dll.so) (ebp=4070fdb4)
55 0x30060cdc (EXCEL.EXE.EntryPoint+0x5e68c in EXCEL.EXE) (ebp=300c7ff8)
56 0x047e8108 (ebp=24748b56)
*** Invalid address 0x24748b56 (__pfnDliNotifyHook+0xd643e)
0x4110b0a3 (TREEVIEW_UpdateScrollBars+0x137 [treeview.c:2720] in comctl32.dll.so): movl 0x64(%eax),%eax
2720 si.nPos = infoPtr->firstVisible->visibleOrder;
-------------- next part --------------
--- cvs/hq/wine/dlls/comctl32/treeview.c Mon Oct 20 13:17:07 2003
+++ wine/dlls/comctl32/treeview.c Mon Nov 3 16:12:45 2003
@@ -3063,6 +3063,7 @@ TREEVIEW_Sort(TREEVIEW_INFO *infoPtr, BO
break;
}
+ if (!item) item = parent->firstChild;
TREEVIEW_SetFirstVisible(infoPtr, item, FALSE);
}
@@ -5185,6 +5186,9 @@ static LRESULT WINAPI
TREEVIEW_WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
TREEVIEW_INFO *infoPtr = TREEVIEW_GetInfoPtr(hwnd);
+
+ TRACE("hwnd %p msg %04x wp=%08x lp=%08lx\n", hwnd, uMsg, wParam, lParam);
+
if (infoPtr) TREEVIEW_VerifyTree(infoPtr);
else
{
More information about the wine-devel
mailing list