DLL crash inside removethreadtableentry - where's the source code for that?
Rainer Schuetze
r.sagitario at gmx.de
Sat Feb 16 23:56:31 PST 2013
On 17.02.2013 04:07, Ben Davis wrote:
> Hi,
>
> The user-mode driver I'm working on (a 32-bit DLL) is crashing Windows
> Media Player on exit. (Two other host apps exit fine.) I can catch it in
> the Visual Studio debugger, but only see assembly language. Initially
> I'm just after tips on where to find source for the bits of D that are
> involved, but maybe someone will recognise the problem already...
>
> I've gone through the assembly in some detail, and established that the
> crash is inside some removethreadtableentry() code which is called
> shortly before DllMain(DLL_THREAD_DETACH), and must look something like:
>
> //tid is the Windows numeric thread ID for the current thread
> removethreadtableentry(tid) {
> foreach (i, obj in someObjArray1024EntriesLong) {
> if (obj.someField == tid) goto foundIt;
> }
> return;
>
> //When we get here, i is 1 (pretend it's in scope)
> foundIt:
> free(obj.something); //Does nothing, already 0
> if (obj.somethingElse) { //Does nothing, already 0
> CloseHandle(obj.somethingElse);
> }
> free(obj); //Crash inside this free()
> }
>
> Furthermore, I've established that:
>
> - removethreadtableentry() doesn't get to foundIt for most threads.
_removethreadtableentry is a function in the DM C runtime library. It
has the bug that it tries to free a data record that has never been
allocated if the thread that loaded the DLL is terminated. This is the
entry at index 1.
More information about the Digitalmars-d
mailing list