Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
This happens during ole32:clipboard as well as riched20:editor. Used to be a "Exception when calling unicode WndProc" print which now turned into a proper crash.
When destroying the clipboard window, we call UserClipboardRelease in win32k, which sends a WM_RENDERALLFORMATS message to the window. Because ole_inits has already been decremented to 0, get_ole_clipbrd returns a NULL pointer, which clipbrd_wndproc does not handle right.
It is unclear whether the way we are sending this message is wrong or whether Wine's code needs to expect a null pointer (or decrement ole_inits later).
Access violation - code c0000005 (first chance)
|
First chance exceptions are reported before any exception handling.
|
This exception may be expected and handled.
|
ole32!clipbrd_wndproc+0xf1:
|
001b:7c0691e1 8b510c mov edx,dword ptr [ecx+0Ch]
|
kd> kp
|
ChildEBP RetAddr
|
0012fc28 7c54e517 ole32!clipbrd_wndproc(struct HWND__ * hwnd = 0x001300fc, unsigned int message = 0x306, unsigned long wparam = 0, long lparam = 0)+0xf1 [c:\ros\reactos-clean\reactos\dll\win32\ole32\clipboard.c @ 2024]
|
0012fce4 7c5524be user32!IntCallWindowProcW(int IsAnsiProc = 0, <function> * WndProc = 0x7c0690f0, struct _WND * pWnd = 0x00357160, struct HWND__ * hWnd = 0x001300fc, unsigned int Msg = 0x306, unsigned int wParam = 0, long lParam = 0)+0x417 [c:\ros\reactos-clean\reactos\win32ss\user\user32\windows\message.c @ 1502]
|
0012fd70 7c92efd1 user32!User32CallWindowProcFromKernel(void * Arguments = 0x0012fd88, unsigned long ArgumentLength = 0x20)+0x24e [c:\ros\reactos-clean\reactos\win32ss\user\user32\windows\message.c @ 2939]
|
0012fdc0 7c09d81d ntdll!KiUserCallbackDispatcher+0x2e
|
nt!KeUserModeCallback [c:\ros\reactos-clean\reactos\ntoskrnl\ke\i386\usercall.c @ 136]
|
win32k!co_IntCallWindowProc+0x1ef [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\callback.c @ 346]
|
win32k!co_IntSendMessageTimeoutSingle+0x424 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\message.c @ 1406]
|
win32k!co_IntSendMessageTimeout+0x54 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\message.c @ 1495]
|
win32k!co_IntSendMessage+0x44 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\message.c @ 1286]
|
win32k!UserClipboardRelease+0x2d [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\clipboard.c @ 359]
|
win32k!IntSendDestroyMsg+0xec [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\window.c @ 527]
|
win32k!co_UserDestroyWindow+0x7b1 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\window.c @ 2873]
|
win32k!NtUserDestroyWindow+0xa9 [c:\ros\reactos-clean\reactos\win32ss\user\ntuser\window.c @ 2908]
|
nt!KiSystemCallTrampoline+0x1b [c:\ros\reactos-clean\reactos\ntoskrnl\include\internal\i386\ke.h @ 742]
|
nt!KiSystemServiceHandler+0x24b [c:\ros\reactos-clean\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1738]
|
nt!KiFastCallEntry+0x8c
|
ntdll!KiFastSystemCallRet
|
user32!ZwUserDestroyWindow+0xc
|
0012fdcc 00402627 ole32!OleUninitialize(void)+0x11d [c:\ros\reactos-clean\reactos\dll\win32\ole32\ole2.c @ 233]
|
0012fe1c 00401c3f ole32_winetest!test_set_clipboard(void)+0x8b7 [c:\ros\reactos-clean\reactos\modules\rostests\winetests\ole32\clipboard.c @ 953]
|
0012fe24 004678e6 ole32_winetest!func_clipboard(void)+0xf [c:\ros\reactos-clean\reactos\modules\rostests\winetests\ole32\clipboard.c @ 1614]
|
0012fe40 0046776a ole32_winetest!run_test(char * name = 0x00531ff0 "clipboard")+0xa6 [c:\ros\reactos-clean\reactos\sdk\include\reactos\wine\test.h @ 674]
|
0012fedc 00468d7a ole32_winetest!main(int argc = 2, char ** argv = 0x0052dff0)+0x18a [c:\ros\reactos-clean\reactos\sdk\include\reactos\wine\test.h @ 730]
|
0012ffb4 00468aa8 ole32_winetest!__tmainCRTStartup(void)+0x2aa [c:\ros\reactos-clean\reactos\sdk\lib\crt\startup\crtexe.c @ 311]
|
0012ffc0 7c773834 ole32_winetest!mainCRTStartup(void)+0x28 [c:\ros\reactos-clean\reactos\sdk\lib\crt\startup\crtexe.c @ 196]
|
0012fff0 00000000 kernel32!BaseProcessStartup(<function> * lpStartAddress = 0x00468a80)+0x54 [c:\ros\reactos-clean\reactos\dll\win32\kernel32\client\proc.c @ 478]
|
kd> bp win32k!UserClipboardRelease
|
kd> ?? clipbrd
|
struct ole_clipbrd * 0x00000000
|
kd> !teb
|
TEB at 7ffdf000
|
ExceptionList: 0012fcd4
|
StackBase: 00130000
|
StackLimit: 0012d000
|
SubSystemTib: 00000000
|
FiberData: 00001e00
|
ArbitraryUserPointer: 00000000
|
Self: 7ffdf000
|
EnvironmentPointer: 00000000
|
ClientId: 00000120 . 000000dc
|
RpcHandle: 00000000
|
Tls Storage: 0018afe0
|
PEB Address: 7ffd9000
|
LastErrorValue: 0
|
LastStatusValue: 0
|
Count Owned Locks: 0
|
HardErrorMode: 0
|
kd> ?? ((ole32!oletls*)((nt!_TEB*)0x7ffdf000)->ReservedForOle)
|
struct oletls * 0x00543f00
|
+0x000 apt : 0x005c3f78 apartment
|
+0x004 errorinfo : (null)
|
+0x008 state : (null)
|
+0x00c apt_mask : 0
|
+0x010 spy : (null)
|
+0x014 inits : 1
|
+0x018 ole_inits : 0
|
+0x01c causality_id : _GUID {00000000-0000-0000-0000-000000000000}
|
+0x02c pending_call_count_client : 0
|
+0x030 pending_call_count_server : 0
|
+0x034 unknown : 0
|
+0x038 context_token : (null)
|
+0x03c call_state : (null)
|
+0x040 unknown2 : [46] 0
|
+0x0f8 cancel_object : (null)
|
Attachments
Issue Links
- blocks
-
CORE-11915 [WIN32SS/USER32] Pseudo-Regressions of r72495 EPIC
-
- Open
-