[Bug 8091] DVDShrink randomly crashes with page fault
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri May 29 17:51:35 CDT 2009
http://bugs.winehq.org/show_bug.cgi?id=8091
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
--- Comment #24 from Anastasius Focht <focht at gmx.net> 2009-05-29 17:51:35 ---
Hello,
maybe I can shed some light into this...
Although I can't reproduce the crash itself I tracked down what function/module
is about to get called in that situation.
Based on the posted callstacks I tracked the executable to DVD Shrink 3.2.0.15
version
(http://download.softpedia.com/dl/53f2e085a18b7c33470844b7de037137/4a204dc9/100004128/software/cd_dvd_tools/dvdshrink32setup.zip),
packed with "customized" UPX executable compressor.
That executable matches all return addresses in the posted crashes/callstacks.
Using breakpoint on last caller before crash, one gets the following when
VIDEO_TS folder processing (analyze phase) has ended:
--- snip ---
Wine-dbg>b *0x4325bf
Breakpoint 1 at 0x004325bf
...
Stopped on breakpoint 1 at 0x004325bf
Wine-dbg>bt
Backtrace:
=>0 0x004325bf in dvd shrink 3.2 (+0x325bf) (0x0033da28)
1 0x004b260a in dvd shrink 3.2 (+0xb260a) (0x0033da58)
2 0x004b78b8 in dvd shrink 3.2 (+0xb78b8) (0x0033da88)
3 0x004b2898 in dvd shrink 3.2 (+0xb2898) (0x0033dab4)
4 0x004bb9cd in dvd shrink 3.2 (+0xbb9cd) (0x0033db08)
5 0x00432d95 in dvd shrink 3.2 (+0x32d95) (0x0033db80)
6 0x0042ee54 in dvd shrink 3.2 (+0x2ee54) (0x0033dc48)
7 0x004b015c in dvd shrink 3.2 (+0xb015c) (0x0033dc68)
8 0x004af0a1 in dvd shrink 3.2 (+0xaf0a1) (0x0033dcc8)
9 0x004b0a72 in dvd shrink 3.2 (+0xb0a72) (0x0033dcec)
10 0x004b0aa6 in dvd shrink 3.2 (+0xb0aa6) (0x0033dd14)
11 0x004b0aa6 in dvd shrink 3.2 (+0xb0aa6) (0x0033dd3c)
12 0x004c1fe4 in dvd shrink 3.2 (+0xc1fe4) (0x0033dda4)
13 0x004ba50c in dvd shrink 3.2 (+0xba50c) (0x0033e0d4)
14 0x004bd341 in dvd shrink 3.2 (+0xbd341) (0x0033e110)
15 0x004b260a in dvd shrink 3.2 (+0xb260a) (0x0033e140)
16 0x004c2244 in dvd shrink 3.2 (+0xc2244) (0x0033e178)
17 0x0047f02d in dvd shrink 3.2 (+0x7f02d) (0x00000000)
Wine-dbg>s
FilterGraph2_QueryInterface () at
/opt/wine/wine-git/dlls/quartz/filtergraph.c:343
343 LPVOID*ppvObj) {
Wine-dbg>bt
Backtrace:
=>0 0x6151002d FilterGraph2_QueryInterface(iface=0x14ebd8, riid=0x5087a0,
ppvObj=0x33da04) [/opt/wine/wine-git/dlls/quartz/filtergraph.c:343] in quartz
(0x0033da28)
1 0x004b260a in dvd shrink 3.2 (+0xb260a) (0x0033da58)
2 0x004b78b8 in dvd shrink 3.2 (+0xb78b8) (0x0033da88)
3 0x004b2898 in dvd shrink 3.2 (+0xb2898) (0x0033dab4)
...
--- snip ---
In the provided crash logs it seems quartz.dll is not present at this point but
the app tries to query for DirectShow FilterGraph, causing the crash.
The function pointer (register ecx) fits in plausible module mapping range so
one can assume it refers to a module that was loaded and unloaded at some
point.
Looking at quartz code it seems the global COM module reference count _might_
be a potential problem.
Since the global ref count is never used (incremented) at all, the first one
that calls DllCanUnloadNow() on this module will actually force to unload it
even if COM objects exist with client still holding references.
Such situation can happen if someone issues CoFreeUnusedLibraries() or
something similar.
The same potential problem also exists for other Wine COM inproc servers like
devenum, amstream, ...
You could force S_FALSE or implement proper ref counting.
It's just an idea - because I unfortunately can't reproduce your crashes.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list