http://bugs.winehq.org/show_bug.cgi?id=8091
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #24 from Anastasius Focht focht@gmx.net 2009-05-29 17:51:35 --- Hello,
maybe I can shed some light into this... Although I can't reproduce the crash itself I tracked down what function/module is about to get called in that situation.
Based on the posted callstacks I tracked the executable to DVD Shrink 3.2.0.15 version (http://download.softpedia.com/dl/53f2e085a18b7c33470844b7de037137/4a204dc9/1...), packed with "customized" UPX executable compressor. That executable matches all return addresses in the posted crashes/callstacks.
Using breakpoint on last caller before crash, one gets the following when VIDEO_TS folder processing (analyze phase) has ended:
--- snip --- Wine-dbg>b *0x4325bf Breakpoint 1 at 0x004325bf ... Stopped on breakpoint 1 at 0x004325bf Wine-dbg>bt Backtrace: =>0 0x004325bf in dvd shrink 3.2 (+0x325bf) (0x0033da28) 1 0x004b260a in dvd shrink 3.2 (+0xb260a) (0x0033da58) 2 0x004b78b8 in dvd shrink 3.2 (+0xb78b8) (0x0033da88) 3 0x004b2898 in dvd shrink 3.2 (+0xb2898) (0x0033dab4) 4 0x004bb9cd in dvd shrink 3.2 (+0xbb9cd) (0x0033db08) 5 0x00432d95 in dvd shrink 3.2 (+0x32d95) (0x0033db80) 6 0x0042ee54 in dvd shrink 3.2 (+0x2ee54) (0x0033dc48) 7 0x004b015c in dvd shrink 3.2 (+0xb015c) (0x0033dc68) 8 0x004af0a1 in dvd shrink 3.2 (+0xaf0a1) (0x0033dcc8) 9 0x004b0a72 in dvd shrink 3.2 (+0xb0a72) (0x0033dcec) 10 0x004b0aa6 in dvd shrink 3.2 (+0xb0aa6) (0x0033dd14) 11 0x004b0aa6 in dvd shrink 3.2 (+0xb0aa6) (0x0033dd3c) 12 0x004c1fe4 in dvd shrink 3.2 (+0xc1fe4) (0x0033dda4) 13 0x004ba50c in dvd shrink 3.2 (+0xba50c) (0x0033e0d4) 14 0x004bd341 in dvd shrink 3.2 (+0xbd341) (0x0033e110) 15 0x004b260a in dvd shrink 3.2 (+0xb260a) (0x0033e140) 16 0x004c2244 in dvd shrink 3.2 (+0xc2244) (0x0033e178) 17 0x0047f02d in dvd shrink 3.2 (+0x7f02d) (0x00000000) Wine-dbg>s FilterGraph2_QueryInterface () at /opt/wine/wine-git/dlls/quartz/filtergraph.c:343 343 LPVOID*ppvObj) { Wine-dbg>bt Backtrace: =>0 0x6151002d FilterGraph2_QueryInterface(iface=0x14ebd8, riid=0x5087a0, ppvObj=0x33da04) [/opt/wine/wine-git/dlls/quartz/filtergraph.c:343] in quartz (0x0033da28) 1 0x004b260a in dvd shrink 3.2 (+0xb260a) (0x0033da58) 2 0x004b78b8 in dvd shrink 3.2 (+0xb78b8) (0x0033da88) 3 0x004b2898 in dvd shrink 3.2 (+0xb2898) (0x0033dab4) ... --- snip ---
In the provided crash logs it seems quartz.dll is not present at this point but the app tries to query for DirectShow FilterGraph, causing the crash. The function pointer (register ecx) fits in plausible module mapping range so one can assume it refers to a module that was loaded and unloaded at some point.
Looking at quartz code it seems the global COM module reference count _might_ be a potential problem. Since the global ref count is never used (incremented) at all, the first one that calls DllCanUnloadNow() on this module will actually force to unload it even if COM objects exist with client still holding references. Such situation can happen if someone issues CoFreeUnusedLibraries() or something similar.
The same potential problem also exists for other Wine COM inproc servers like devenum, amstream, ... You could force S_FALSE or implement proper ref counting.
It's just an idea - because I unfortunately can't reproduce your crashes.
Regards
-
wine-bugs@winehq.org