Debugging a null pointer dereference

Christer Palm palm at nogui.se
Sun Jan 15 16:53:24 CST 2006 

Marcus Meissner wrote:
> On Sat, Jan 14, 2006 at 08:41:50PM +0100, Christer Palm wrote:
> 
>>
>>After messing around with with the mfc42 runtime, I managed to get a 
>>backtrace with debugging information, which looks like this:
> 
> 
>>=>1 0x5f4056dd CEnumOleVerb::~CEnumOleVerb+0x37 [oleverb.cpp:61] in 
>>mfc42 (0x5f4056dd)
> 
> 
> You should find out what it does before.
> 
> Capture a WINEDEBUG=+relay,+seh trace (redirect output to a logfile).
> 
> Then look at this trace, search for the winedbg call and scroll back
> until the RaiseException with c00000005 code (likely only some dozen
> lines above the initial debugger start).
> 
> The look backwards from this to see where it might have got this NULL
> pointer... :/
> 
> If its bad, it could have got it from millions of lines ago. :/
> 

Hello Marcus and thanks for your response!

OK, sounds a bit ad-hoc to me but I'm sure that you're talking from 
experience. In the relay trace, I can see that just before the exception 
is raised, it sits in a loop calling:

0009:Call user32.ShowWindow(00000000,00000000) ret=5f4056f5
0009:Ret  user32.ShowWindow() retval=00000000 ret=5f4056f5

33 times (same return address each time), which looks a bit suspicious 
to me (HWND being 0). The return address is in MFC42, but as winedbg 
refuses to run the dang thing I can't resolve that into the actual MFC 
function or set any breakpoints or anything.

So, looking a bit further up in the trace, my best bet is that it's 
getting that HWND from:

0009:Call user32.GetParent(00010026) ret=5f401281
...
0009:Ret  user32.GetParent() retval=00000000 ret=5f401281

But that's just a wild guess. 00010026 seems to the apps main window, 
because I see a lot of activity on that HWND before the crash - for example:

0009:Call user32.DrawMenuBar(00010026) ret=5f4136d0
...
0009:Ret  user32.DrawMenuBar() retval=00000001 ret=5f4136d0

And I can see the menu bar of the main (top) window being updated just 
before the crash. I played around a bit with the graphics settings in 
winecfg with no result other than that I've now managed to lock myself 
out of wine (including winecfg) by specifying an invalid display depth :-(

Does anyting of this make sense?

Cheers,
--
Christer Palm

More information about the wine-devel mailing list