[Bug 12460] West Point Bridge Designer 2007 crashes with page fault in oleaut32

http://bugs.winehq.org/show_bug.cgi?id=12460

--- Comment #8 from Nikolay Sivov bunglehead@gmail.com 2010-12-19 16:55:19 CST --- Application is broken I think:

--- 001b:Call oleaut32.SysAllocString(0033f42c L"0") ret=2692ff82 001b:Call ntdll.RtlAllocateHeap(00110000,00000000,00000008) ret=7e60da9d 001b:Ret ntdll.RtlAllocateHeap() retval=001a2990 ret=7e60da9d 001b:Ret oleaut32.SysAllocString() retval=001a2994 ret=2692ff82

(this is a cpp delete() ) 001b:Call msvcrt.??3@YAXPAX@Z(0019a318) ret=26934726 001b:Call ntdll.RtlFreeHeap(00110000,00000000,0019a318) ret=7d96f9ae 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7d96f9ae 001b:Ret msvcrt.??3@YAXPAX@Z() retval=00000001 ret=26934726 001b:Call oleaut32.SysStringLen(001a2994 L"0") ret=26910238 001b:Ret oleaut32.SysStringLen() retval=00000001 ret=26910238

(release) 001b:Call oleaut32.SysFreeString(001a2994 L"0") ret=2691025d 001b:Call ntdll.RtlFreeHeap(00110000,00000000,001a2990) ret=7e60d15d 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e60d15d 001b:Ret oleaut32.SysFreeString() retval=00000001 ret=2691025d

(next new() call allocates at this 0x1a2994 address) 001b:Call msvcrt.??2@YAPAXI@Z(00000020) ret=26910056 001b:Call ntdll.RtlAllocateHeap(00110000,00000000,00000020) ret=7d96fdda 001b:Ret ntdll.RtlAllocateHeap() retval=001a2990 ret=7d96fdda 001b:Ret msvcrt.??2@YAPAXI@Z() retval=001a2990 ret=26910056 001b:Call msvcrt.??2@YAPAXI@Z(00000006) ret=26931e57 001b:Call ntdll.RtlAllocateHeap(00110000,00000000,00000006) ret=7d96fdda 001b:Ret ntdll.RtlAllocateHeap() retval=0019a318 ret=7d96fdda 001b:Ret msvcrt.??2@YAPAXI@Z() retval=0019a318 ret=26931e57 001b:Call oleaut32.VariantInit(001a29a0) ret=2691017b 001b:trace:variant:VariantInit (0x1a29a0) 001b:Ret oleaut32.VariantInit() retval=0000002a ret=2691017b 001b:Call oleaut32.VariantCopy(001a29a0,0033f4c8) ret=2691007b 001b:trace:variant:VariantCopy (0x1a29a0->(VT_EMPTY),0x33f4c8->(VT_BSTR)) 001b:trace:variant:VariantClear (0x1a29a0->(VT_EMPTY))

(VT_BSTR typed source uses freed string) 001b:err:variant:VariantCopy source 0x1a2994, bytelength 1680152 001b:Call ntdll.RtlAllocateHeap(00110000,00000000,0019a31e) ret=7e60d9fb 001b:Ret ntdll.RtlAllocateHeap() retval=01390020 ret=7e60d9fb 001b:Call msvcrt._except_handler3(0033f2c4,0033f49c,0033eff8,0033ef78) ret=7efb6df5 001b:Ret msvcrt._except_handler3() retval=00000001 ret=7efb6df5 ---

So probably native one has exception handler at copy call or just happens to pass it without a crash for some other reason.