Debugging a null pointer dereference
Christer Palm
palm at nogui.se
Sat Jan 14 13:41:50 CST 2006
Hi!
I'm new to this list, but a long time Wine user and regular WWN reader.
The other day I decided to try out Semiolog, a free as-in-beer piece of
software to create labels from electric equipment manufacturer Hager,
under wine. The software can be downloaded from here:
http://www.hager.se/files/download/0/482_1/0/SemiologSue40a.exe
Unfortunately it doesn't work. So although I haven't been doing any
Windows programming in the last 15 years I decided to try to do
something useful and try find out why it doesn't work. I figured that
this application would be a good thing to try to get to work as it is
supposedly rather trivial.
So what follows is a description of a newbies attempt at some wine
debugging:
The application installs and starts up just fine, but when I try to
create a new document, I get a null pointer dereference in mfc42.dll.
After messing around with with the mfc42 runtime, I managed to get a
backtrace with debugging information, which looks like this:
===================================================================
wine: Unhandled page fault on read access to 0x0000003c at address
0x5f4056dd (thread 0009), starting debugger...
WineDbg starting on pid 0x8
Unhandled exception: page fault on read access to 0x0000003c in 32-bit
code (0x5f4056dd).
In 32 bit mode.
fixme:dbghelp:sffip_cb NIY on 'E:\8168\vc98\mfc\mfc.bbt\src\mfc42.pdb'
fixme:dbghelp:sffip_cb NIY on 'C:\hager\Semiolog\Apps\MFC42.PDB'
fixme:dbghelp_msc:codeview_parse_type_table Not adding parameters' types
to function signature
fixme:dbghelp_msc:codeview_parse_type_table Unsupported type-id leaf a
fixme:dbghelp_msc:dump 00000000: 06 00 0a 00 01 00 50 f1
......P.
fixme:dbghelp_msc:codeview_get_type Returning NULL symt for type-id 1053
[1000's of codeview_parse_type_table messages snipped]
fixme:dbghelp_msc:codeview_snarf No current function for label $L101060
[1000's of codeview_snarf messages snipped]
Register dump:
CS:0073 SS:007b DS:007b ES:007b FS:1007 GS:0033
EIP:5f4056dd ESP:7fc9d004 EBP:7fc9d0b8 EFLAGS:00010206( - 00 -
RIP1)
EAX:00000000 EBX:00000001 ECX:00000000 EDX:00000000
ESI:00449180 EDI:00000000
Stack dump:
0x7fc9d004: 004125f2 00000000 7ff38140 00000000
0x7fc9d014: 7ff38140 0042bb1f 00000000 00000001
0x7fc9d024: 004181b3 00000000 7ff38140 00030080
0x7fc9d034: 00418130 5f401e5c 00000001 7ff38140
0x7fc9d044: 00000000 7ff38140 7ff38140 7ff0f300
0x7fc9d054: 201cc2f0 7fc9d728 00000000 7fc9d0e8
0200: sel=1007 base=7ffdc000 limit=00001fff 32-bit rw-
Backtrace:
=>1 0x5f4056dd CEnumOleVerb::~CEnumOleVerb+0x37 [oleverb.cpp:61] in
mfc42 (0x5f4056dd)
2 0x5f401b2c CDC::RectVisible+0x3(lpRect=0x5f401ab5)
[E:\8168\vc98\mfc\mfc\include\afxwin1.inl:647] in mfc42 (0x5f401b2c)
3 0x5f401ab5 CGdiObject::~CGdiObject+0x32
[E:\8168\vc98\mfc\mfc\include\afxwin1.inl:281] in mfc42 (0x5f401ab5)
4 0x5f401a3d CMDIChildWnd::MDIDestroy+0x8
[E:\8168\vc98\mfc\mfc\include\afxwin2.inl:938] in mfc42 (0x5f401a3d)
5 0x5f4019fc AfxGetMainWnd+0x12
[E:\8168\vc98\mfc\mfc\include\afxwin1.inl:32] in mfc42 (0x5f4019fc)
6 0x62a6cb2a WINPROC_wrapper+0x1a in user32 (0x62a6cb2a)
7 0x62a6d419 in user32 (+0x9d419) (0x62a6d419)
8 0x62a7336e CallWindowProcW+0x122 in user32 (0x62a7336e)
9 0x62a3ba2e in user32 (+0x6ba2e) (0x62a3ba2e)
10 0x62a3f8c2 SendMessageTimeoutW+0x186 in user32 (0x62a3f8c2)
11 0x62a3f91f SendMessageW+0x50 in user32 (0x62a3f91f)
12 0x62a2d1be in user32 (+0x5d1be) (0x62a2d1be)
13 0x62a2e4f7 DefMDIChildProcW+0x36e in user32 (0x62a2e4f7)
14 0x62a2e801 DefMDIChildProcA+0xf2 in user32 (0x62a2e801)
15 0x5f413511 COleControl::GetMetafileData+0x87(lpFormatEtc=0x22,
lpStgMedium=0x0, hAttribDC=0x22, cy=0x0, hMF=0x22) [ctlcore.cpp:827] in
mfc42 (0x5f413511)
16 0x5f401ab5 CGdiObject::~CGdiObject+0x32
[E:\8168\vc98\mfc\mfc\include\afxwin1.inl:281] in mfc42 (0x5f401ab5)
17 0x5f401a3d CMDIChildWnd::MDIDestroy+0x8
[E:\8168\vc98\mfc\mfc\include\afxwin2.inl:938] in mfc42 (0x5f401a3d)
18 0x5f4019fc AfxGetMainWnd+0x12
[E:\8168\vc98\mfc\mfc\include\afxwin1.inl:32] in mfc42 (0x5f4019fc)
19 0x62a6cb2a WINPROC_wrapper+0x1a in user32 (0x62a6cb2a)
20 0x62a6d419 in user32 (+0x9d419) (0x62a6d419)
21 0x62a70f2d CallWindowProcA+0x1b5 in user32 (0x62a70f2d)
22 0x62a3b99f in user32 (+0x6b99f) (0x62a3b99f)
23 0x62a3f674 SendMessageTimeoutA+0x226 in user32 (0x62a3f674)
24 0x62a3f72f SendMessageA+0x50 in user32 (0x62a3f72f)
25 0x59a9462e X11DRV_SetWindowPos+0xf33 in winex11 (0x59a9462e)
26 0x62a6bbe3 SetWindowPos+0xb1 in user32 (0x62a6bbe3)
27 0x62a6c63a BringWindowToTop+0x4d in user32 (0x62a6c63a)
28 0x5f408ae3 COleControlContainer::CreateControl+0x31(pWndCtrl=0x0,
clsid=0x0, lpszWindowName=0x0, dwStyle=0x1, ppt=0x0, psize=0x7ff11458,
nID=0x10026, pPersist=0x0, bStorage=0x0, bstrLicKey=0x62a086dc,
ppNewSite=0x0) [occcont.cpp:175] in mfc42 (0x5f408ae3)
29 0x00000001 (0x00000001)
30 0x00418d70 in semiolog (+0x18d70) (0x00418d70)
0x5f4056dd CEnumOleVerb::~CEnumOleVerb+0x37 [oleverb.cpp:61] in mfc42:
movl 0x3c(%ecx),%eax
Unable to open file 'oleverb.cpp'
Modules:
Module Address Debug info Name (83 modules)
ELF 0x00165000-00272000 Deferred libcrypto.so.5
[boring load map snipped]
Threads:
process tid prio (all id:s are in hex)
00000008 (D) C:\hager\Semiolog\Apps\Semiolog.exe
00000009 0 <==
WineDbg terminated on pid 0x8
===================================================================
Now, I'm stuck with a couple of problems.
1. Looking at the first couple of lines in the backtrace, I can't really
get it to make sense when I compare it to the MFC source code, i.e., I
can't see how CDC::RectVisible() would end up calling ~CEnumOleVerb(), etc.
2. I can't get it to run under winedbg. Running "winedbg --auto
Semiolog" causes winedbg to croak with the following output before the
app even starts:
WineDbg starting on pid 0xa
In 32 bit mode.
0x00345c6e: movl %edi,0x0(%esp)
Modules:
Module Address Debug info Name (80 modules)
ELF 0x00165000-00272000 Deferred libcrypto.so.5
ELF 0x00165000-00272000 Deferred libcrypto.so.5
PE 0x00240000-00269000 Deferred dzip32
PE 0x00270000-00288000 Deferred mpr
ELF 0x0028a000-002a2000 Deferred libgssapi_krb5.so.2
PE 0x00290000-002b7000 Deferred dunzip32
ELF 0x002c5000-002e9000 Deferred libk5crypto.so.3
ELF 0x002c5000-002e9000 Deferred libk5crypto.so.3
ELF 0x002c5000-002e9000 Deferred libk5crypto.so.3
PE 0x002f0000-003ea000 Export kernel32
PE 0x002f0000-003ea000 Export kernel32
PE 0x002f0000-003ea000 Export kernel32
PE 0x00400000-004c3000 Deferred semiolog
ELF 0x004c3000-00558000 Deferred gdi32<elf>
\-PE 0x004d0000-00558000 \ gdi32
ELF 0x0055e000-0057a000 Deferred ld-linux.so.2
ELF 0x0057a000-005a6000 Deferred winspool<elf>
\-PE 0x00580000-005a6000 \ winspool
ELF 0x0057a000-005a6000 Deferred winspool<elf>
\-PE 0x00580000-005a6000 \ winspool
ELF 0x0057c000-006a5000 Deferred libc.so.6
PE 0x005b0000-005c3000 Deferred common
PE 0x005d0000-005e6000 Deferred listctrlex
ELF 0x00614000-0067a000 Deferred msvcrt<elf>
\-PE 0x00620000-0067a000 \ msvcrt
ELF 0x006a7000-006cc000 Deferred libm.so.6
ELF 0x006ce000-006d2000 Deferred libdl.so.2
ELF 0x006d2000-0080e000 Deferred user32<elf>
\-PE 0x006d4000-006e7000 \ libz.so.1
\-PE 0x006e9000-007bd000 \ libx11.so.6
\-PE 0x006f0000-0080e000 \ user32
ELF 0x00826000-0082c000 Deferred libxxf86dga.so.1
ELF 0x0084a000-00859000 Deferred libxext.so.6
ELF 0x0084a000-00859000 Deferred libxext.so.6
PE 0x00860000-0086f000 Deferred iphlpapi
ELF 0x0086f000-0088e000 Deferred ximcp.so.2
ELF 0x00899000-008ab000 Deferred libpthread.so.0
ELF 0x008ab000-00946000 Deferred comdlg32<elf>
\-PE 0x008b3000-008d2000 \ libexpat.so.0
\-PE 0x008c0000-00946000 \ comdlg32
\-PE 0x008c0000-00946000 \ comdlg32
\-PE 0x008c0000-00946000 \ comdlg32
ELF 0x0093e000-00968000 Deferred libfontconfig.so.1
PE 0x00960000-00a19000 Deferred shell32
PE 0x00960000-00a19000 Deferred shell32
ELF 0x00a1d000-00a21000 Deferred libxrandr.so.2
ELF 0x00a2d000-00a38000 Deferred libnss_files.so.2
ELF 0x00a38000-00a55000 Deferred imm32<elf>
\-PE 0x00a40000-00a55000 \ imm32
ELF 0x00a55000-00a88000 Deferred uxtheme<elf>
\-PE 0x00a60000-00a88000 \ uxtheme
ELF 0x00a95000-00ad8000 Deferred advapi32<elf>
\-PE 0x00aa0000-00ad8000 \ advapi32
ELF 0x00b1a000-00c10000 Deferred libwine_unicode.so.1
ELF 0x00b36000-00bb1000 Deferred libgl.so.1
ELF 0x00b81000-00b9f000 Deferred libcups.so.2
ELF 0x00c10000-00ca9000 Deferred ole32<elf>
\-PE 0x00c20000-00ca9000 \ ole32
ELF 0x00cb8000-00d18000 Deferred shlwapi<elf>
\-PE 0x00cd0000-00d18000 \ shlwapi
ELF 0x00d18000-00d61000 Deferred rpcrt4<elf>
\-PE 0x00d1c000-00d26000 \ libxcursor.so.1
\-PE 0x00d28000-00d60000 \ libssl.so.5
\-PE 0x00d30000-00d61000 \ rpcrt4
ELF 0x00d61000-00e29000 Deferred comctl32<elf>
\-PE 0x00d70000-00e29000 \ comctl32
\-PE 0x00d70000-00e29000 \ comctl32
\-PE 0x00d70000-00e29000 \ comctl32
\-PE 0x00d70000-00e29000 \ comctl32
ELF 0x00e67000-00ee5000 Deferred ntdll<elf>
\-PE 0x00e80000-00ee5000 \ ntdll
ELF 0x00ee5000-00f83000 Deferred oleaut32<elf>
\-PE 0x00f00000-00f83000 \ oleaut32
ELF 0x00feb000-01073000 Deferred winex11<elf>
\-PE 0x01000000-01073000 \ winex11
ELF 0x068a4000-06916000 Deferred libkrb5.so.3
ELF 0x06c20000-06c25000 Deferred libxxf86vm.so.1
PE 0x10000000-1000b000 Deferred hcore
PE 0x5f400000-5f4f2000 Deferred mfc42
ELF 0x5fa38000-5fc15000 Deferred i915_dri.so
ELF 0x7bf00000-7bf03000 Deferred <wine-loader>
Threads:
process tid prio (all id:s are in hex)
0000000a (D) C:\hager\Semiolog\Apps\Semiolog.exe
0000000b 0 <==
WineDbg terminated on pid 0xa
wine client error:b: write: Bad file descriptor
[100's of Bad file descriptor errors just like the one above]
wine client error:b: err:seh:setup_exception stack overflow 292 bytes in
thread 000b eip 0014bb0e esp 7fb80edc stack 0x7fb81000-0x7fc90000
Any clues?
Cheers,
--
Christer Palm
More information about the wine-devel
mailing list