Subject: Re: repeatable header foot pagenum crasher on win32
From: Mike Nordell (tamlin@algonet.se)
Date: Sun Sep 23 2001 - 14:57:24 CDT
Randy Kramer wrote:
>
> Alan Horkan wrote:
> > crash
> >
> > this was repeatable on windows 2000 using the
> > 2001-09-21 build from http://www.niksbiks.dk/Abi/
>
> I can duplicate the crash using the same build on Win95 (the OEM version
> (last)).
>
> > Error Message
> > The instruction at "0x0046eb95" referenced memory at "0x00000084". The
> > memory could not be "read".
>
> I started the debugger and found the PC at that address ("0x0046eb95").
> The instruction at this address is:
> mov ecx.dword ptr(eax+84h)
OK, this one was easy. If you let eax be zero, and change the style for
displaying hexadecimal from 84h to 0x84, I think it's obvious.
A null pointer dereference for an object at least 0x88 bytes large. From
looking at the disassembly I'd say it's a function looking like:
bool zzz::isXxx() // or hasXxx
{
return getSomePtr()->member != 0;
}
After some more sleuthing I can with some certainty say it's called from a
callback for "removeHeader" (added like regCallback(15, 1, "removeHeader",
5684, &fn_419730); ) which nicely coincides with Alan's findings.
That function (fn_419730) calls exactly one function, which in turn calls
the crashing function.
Unfortunately my sources aren't up-to-date, and packet-losses prevented me
to update, but hopefully this gives enough info for someone to fix that
null-pointer dereference. While at it, also fix the one accessing the member
data at offset 0x80 (exactly the same construction).
> For kicks, I then started to read up on and then try a stack trace. Is
> a stack trace the same as viewing the Call Stack?
Yes.
> There wasn't much there, just one entry:
>
> "ABIWORD 0046eb95()"
Bummer. But, it was still enough for me to track it down! :-)
/Mike
This archive was generated by hypermail 2b25 : Sun Sep 23 2001 - 14:58:19 CDT