<div dir="ltr">Hi Nikolay,<div><br></div><div>Thanks for your review!</div><div><br></div><div>The crash can be reproduced follow this:</div><div>- first release the ITextSelection or IOleClientSite interfaces completely;</div>
<div>- release ITextDocument interface;</div>
<div>- try to release the IRichEditOle (crash happen)</div><div><br></div><div>And this patch try to fix it.</div><div><br></div><div><br></div><div>(tests in attachment can reproduce the crash.)</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">2014-04-16 18:59 GMT+08:00 Nikolay Sivov <span dir="ltr"><<a href="mailto:bunglehead@gmail.com" target="_blank">bunglehead@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
- This->txtSel->reOle = NULL;<br>
- ITextSelection_Release(&This-><u></u>txtSel->ITextSelection_iface);<br>
- IOleClientSite_Release(&This-><u></u>clientSite->IOleClientSite_<u></u>iface);<br>
+ if(This->txtSel)<br>
+ {<br>
+ This->txtSel->reOle = NULL;<br>
+ ITextSelection_Release(&This-><u></u>txtSel->ITextSelection_iface);<br>
+ }<br>
+ if(This->clientSite)<br>
+ {<br>
+ This->clientSite->reOle = NULL;<br>
+ IOleClientSite_Release(&This-><u></u>clientSite->IOleClientSite_<u></u>iface);<br>
+ }<br>
heap_fr<br>
</blockquote>
This can't happen.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
IOleClientSiteImpl *This = impl_from_IOleClientSite(<u></u>iface);<br>
ULONG ref = InterlockedDecrement(&This-><u></u>ref);<br>
if (ref == 0)<br>
+ {<br>
+ if(This->reOle)<br>
+ This->reOle->clientSite = NULL;<br>
heap_free(This);<br>
+ }<br>
return ref;<br>
</blockquote>
Why do you need this?<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Regards,<br></div><div>Jactry Zeng</div><div><br></div></div>
</div>