Hi Nikolay, Thanks for your review! The crash can be reproduced follow this: - first release the ITextSelection or IOleClientSite interfaces completely; - release ITextDocument interface; - try to release the IRichEditOle (crash happen) And this patch try to fix it. (tests in attachment can reproduce the crash.) 2014-04-16 18:59 GMT+08:00 Nikolay Sivov <bunglehead(a)gmail.com>:
- This->txtSel->reOle = NULL;
- ITextSelection_Release(&This->txtSel->ITextSelection_iface); - IOleClientSite_Release(&This->clientSite->IOleClientSite_iface); + if(This->txtSel) + { + This->txtSel->reOle = NULL; + ITextSelection_Release(&This->txtSel->ITextSelection_iface); + } + if(This->clientSite) + { + This->clientSite->reOle = NULL; + IOleClientSite_Release(&This->clientSite->IOleClientSite_ iface); + } heap_fr
This can't happen.
IOleClientSiteImpl *This = impl_from_IOleClientSite(iface);
ULONG ref = InterlockedDecrement(&This->ref); if (ref == 0) + { + if(This->reOle) + This->reOle->clientSite = NULL; heap_free(This); + } return ref;
Why do you need this?
-- Regards, Jactry Zeng