Re: [Ieleak-devel] PATCH: crash condition in multi-frame application
Brought to you by:
matthiasmiller
From: Johan R. <jr...@co...> - 2006-08-29 11:14:27
|
Hi Devin, Welcome in the ieleak-devel list. It would be nice if you could create a sample case to reproduce this bug. Alternatively: My IP Address is 212.241.36.160 In co-operation with Matthias I am currently working on an extended Drip called IESieve. Our plan is to merge our efforts into a single codebase. I am eager to know if the same problem occurs in IESieve as well. I don't use the 'ownerDocument' property because of a slight different approach to detect so called 'orphan nodes'. For your convenience you can download the latest IEsieve executable version from 'http://home.orange.nl/jsrosman' Regards, Johan Rosman. -----Original Message----- From: iel...@li... [mailto:iel...@li...] On Behalf Of Devin Heitmueller Sent: Tuesday, August 29, 2006 8:29 AM To: iel...@li... Subject: RE: [Ieleak-devel] PATCH: crash condition in multi-frame application I did a bit more investigation. It's pretty clear now that the patch I sent won't work (now that I looked more at the code and better understand how the ownerDocument is being used). The code attempts to dereference a null pointer (0x00000024) in the Invoke call directly below the if() block. It's about five calls deep into mshtml.dll by that point though. All of the inputs look clean and I see other cases where it makes the call against the ownerDocument method without any trouble. This was seen with IE 6 on Windows XP SP2. Unfortunately although it is reproducible here 100%, it is with an AJAX based web interface that is not publicly available. I will see if I can put together a simplified test case that demonstrates the problem. Alternatively I might be able to stick a box on the public network if you are willing to provide me a source IP address to add to my firewall filter (would have to run this past IT first though). Given that it is a multi-frame application, I'm wondering if perhaps the list of objects being tracked in the leaked list is out of sync with the browser instance. This could be a case of attempting to reference an object that has already been freed. Also wondering if perhaps I would have better success if I could reproduce it with a checked build of XP. My thinking is that might give me a little better visibility into the call stack (I already have pulled the symbols from Microsoft's public symbol server). I'll post a stack trace when I get into the office in the morning. Devin Heitmueller Senior Developer GridApp Systems Inc. http://www.gridapp.com -----Original Message----- From: iel...@li... on behalf of Matthias Miller Sent: Mon 8/28/2006 11:41 PM To: iel...@li... Subject: Re: [Ieleak-devel] PATCH: crash condition in multi-frame application =20 Devin Heitmueller wrote: > Hello, > > I just tried out Drip and it looks like a great concept. > > ... except it crashes with my web based application. > > Tracked down the problem, and if I change PropDlg.cpp line 60 (trunk) to > the following, it starts to work: > > Index: PropDlg.cpp > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- PropDlg.cpp (revision 122) > +++ PropDlg.cpp (working copy) > @@ -63,7 +63,9 @@ > // > bool skip =3D CStringW(memberName).Compare(L"filters") =3D=3D > 0; > SysFreeString(memberName); > - if (skip) > + bool skip2 =3D > CStringW(memberName).Compare(L"ownerDocument") =3D=3D 0; > + SysFreeString(memberName); > + if (skip || skip2) > return false; > // END HARDCODE > } > > > I don't know what the exact issue is since it crashes in mshtml.dll, but > skipping over the ownerDocument objects seems to make it go away. > > Does any know if this is an acceptable solution? What additional > information can I gather to provide a fix that is acceptable? > > =20 There are several questions that come to mind off-hand: 1) What is the callstack below this function? 2) What version of IE are you running? 3) Do you have a test case that duplicates the problem? This might not=20 only lead us to the cause, but might also be something that we could=20 check into the repository for future reference. (Don't let this hold up=20 a response to 1 and 2.) Obviously, we've already established a slight precedent for hard-coded=20 fixes, but I'm not aware of anything we could do to avoid that one. I'm=20 interested in digging deeper before going with this solution for=20 ownerDocument as well. -Matthias Miller ------------------------------------------------------------------------ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D1= 21642 _______________________________________________ Ieleak-devel mailing list Iel...@li... https://lists.sourceforge.net/lists/listinfo/ieleak-devel ***************************************************************************= ************************ The information in this message is confidential and may be legally privile= ged.=20 It is intended solely for the addressee. Access to this message by anyone e= lse is=20 unauthorized. If you are not the intended recipient, any disclosure, copyin= g, or=20 distribution of the message, or any action or omission taken by you in reli= ance=20 on it is prohibited and may be unlawful. Please immediately contact the sen= der if=20 you have received this message in error. This email does not constitute any= =20 commitment from Cordys Holding BV or any of its subsidiaries except when= =20 expressly agreed in a written agreement between the intended recipient and= =20 Cordys Holding BV or its subsidiaries. **************************************************************************= ************************* |