On 17.02.2013 04:07, Ben Davis wrote:
Hi,
The user-mode driver I'm working on (a 32-bit DLL) is crashing Windows
Media Player on exit. (Two other host apps exit fine.) I can catch it in
the Visual Studio debugger, but only see assembly language. Initially
I'm just after tips on where to find source for the bits of D that are
involved, but maybe someone will recognise the problem already...
I've gone through the assembly in some detail, and established that the
crash is inside some removethreadtableentry() code which is called
shortly before DllMain(DLL_THREAD_DETACH), and must look something like:
//tid is the Windows numeric thread ID for the current thread
removethreadtableentry(tid) {
foreach (i, obj in someObjArray1024EntriesLong) {
if (obj.someField == tid) goto foundIt;
}
return;
//When we get here, i is 1 (pretend it's in scope)
foundIt:
free(obj.something); //Does nothing, already 0
if (obj.somethingElse) { //Does nothing, already 0
CloseHandle(obj.somethingElse);
}
free(obj); //Crash inside this free()
}
Furthermore, I've established that:
- removethreadtableentry() doesn't get to foundIt for most threads.
_removethreadtableentry is a function in the DM C runtime library. It
has the bug that it tries to free a data record that has never been
allocated if the thread that loaded the DLL is terminated. This is the
entry at index 1.
