On Thu, 2005-01-20 at 18:21, Robert Shearman wrote:
If it's heap corruption then it could well depend on the order of allocations, so it could be timing dependent. I've attached a patch that poisons the apartment structure after when it is freed so that hopefully any use-after-free will become more obvious. Could you apply it and see what the results are? Does the X Error stop? Do we now get warnings about accessing a handle of 0xcccccccc (run with warn+all for this)?
Rob
see my previous email for the warn+err piece.
I now did a warn+all,+ole trace and checked for warn:heap messages, there are a lot of them. I don't know if they are 'normal' warnings or related to the problem I'm seeing:
trace:ole:COMPOBJ_DLLList_Add trace:ole:WINE_StringFromCLSID 0x57bbc254->{083863F1-70DE-11D0-BD40-00A0C911CE86} trace:ole:WINE_StringFromCLSID 0x57bbbf84->{1B544C20-FD0B-11CE-8C63-00AA0044B51E} trace:ole:WINE_StringFromCLSID 0x57bbc224->{4315D437-5B8C-11D0-BD3B-00A0C911CE86} trace:ole:CoGetClassObject CLSID: {4315d437-5b8c-11d0-bd3b-00a0c911ce86}, IID: {00000001-0000-0000-c000-000000000046} trace:ole:COMPOBJ_DLLList_Add trace:ole:CreateBindCtx (0,0x1036d808) trace:ole:BindCtxImpl_Construct (0x6d940bd0) trace:ole:BindCtxImpl_QueryInterface (0x6d940bd0,0x1036d7b4,0x1036d808) trace:ole:BindCtxImpl_AddRef (0x6d940bd0) trace:ole:__CLSIDFromStringA {083863F1-70DE-11D0-BD40-00A0C911CE86} -> 0x1036d7a8 trace:ole:WINE_StringFromCLSID 0x1036d7a8->{083863F1-70DE-11D0-BD40-00A0C911CE86} trace:ole:BindCtxImpl_Release (0x6d940bd0) trace:ole:BindCtxImpl_ReleaseBoundObjects (0x6d940bd0) trace:ole:BindCtxImpl_Destroy (0x6d940bd0) trace:ole:WINE_StringFromCLSID 0x57bbbf84->{1B544C20-FD0B-11CE-8C63-00AA0044B51E} warn:heap:HEAP_IsRealArena Heap 0x6d8d0000: block 0x690077 is not inside heap
btw. adding the +ole made the X Error go away as before.
Cheers,
Paul.