Major Description
Freeing riched20.dll with dph enabled causes an access violation with the tests riched20:editor and riched32:editor.
Stack trace for riched20:editor:
ChildEBP RetAddr
|
0012fd10 7c94a13f ntdll!RtlpDphIsPageHeapBlock(struct _DPH_HEAP_ROOT * DphRoot = 0x00781000, void * Block = 0x0000000c, unsigned long * ValidationInformation = 0x0012fd2c, unsigned char CheckFillers = 0x01 '')+0x4b [d:\reactos\reactos\lib\rtl\heappage.c @ 1372]
|
0012fd3c 7c92e330 ntdll!RtlpPageHeapDestroy(void * HeapPtr = 0x00780000)+0x9f [d:\reactos\reactos\lib\rtl\heappage.c @ 1646]
|
0012fd68 77d8899f ntdll!RtlDestroyHeap(void * HeapPtr = 0x00780000)+0x30 [d:\reactos\reactos\lib\rtl\heap.c @ 1539]
|
0012fd74 756a151c kernel32!HeapDestroy(void * hHeap = 0x00780000)+0xf [d:\reactos\reactos\dll\win32\kernel32\client\heapmem.c @ 88]
|
0012fd84 756c673e riched20!DllMain(struct HINSTANCE__ * hinstDLL = 0x75690000, unsigned int fdwReason = 0, void * lpvReserved = 0x00000000)+0x11c [d:\reactos\reactos\dll\win32\riched20\editor.c @ 2928]
|
0012fd9c 756c67f9 riched20!__DllMainCRTStartup(void * hDllHandle = 0x75690000, unsigned long dwReason = 0, void * lpreserved = 0x00000000)+0xae [d:\reactos\reactos\lib\sdk\crt\startup\crtdll.c @ 201]
|
0012fdb0 7c928774 riched20!DllMainCRTStartup(void * hDllHandle = 0x75690000, unsigned long dwReason = 0, void * lpreserved = 0x00000000)+0x29 [d:\reactos\reactos\lib\sdk\crt\startup\crtdll.c @ 171]
|
0012fdc4 7c923a43 ntdll!LdrpCallInitRoutine(<function> * EntryPoint = 0x756c67d0, void * BaseAddress = 0x75690000, unsigned long Reason = 0, void * Context = 0x00000000)+0x14 [d:\reactos\reactos\dll\ntdll\ldr\ldrutils.c @ 217]
|
0012fe2c 77d89cac ntdll!LdrUnloadDll(void * BaseAddress = 0x75690000)+0x383 [d:\reactos\reactos\dll\ntdll\ldr\ldrapi.c @ 1480]
|
0012fe64 00427a5a kernel32!FreeLibrary(struct HINSTANCE__ * hLibModule = 0x75690000)+0x9c [d:\reactos\reactos\dll\win32\kernel32\client\loader.c @ 489]
|
0012fe78 00430b3c riched20_winetest!func_editor(void)+0x1ba [d:\reactos\reactos\modules\rostests\winetests\riched20\editor.c @ 7712]
|
0012fe90 00430dba riched20_winetest!run_test(char * name = 0x004c5ff8 "editor")+0x8c [d:\reactos\reactos\include\reactos\wine\test.h @ 636]
|
0012ff1c 0043386a riched20_winetest!main(int argc = 0n2, char ** argv = 0x004c2ff8)+0x18a [d:\reactos\reactos\include\reactos\wine\test.h @ 683]
|
0012ffb4 004338ff riched20_winetest!__tmainCRTStartup(void)+0x25a [d:\reactos\reactos\lib\sdk\crt\startup\crtexe.c @ 310]
|
0012ffc0 77d8f577 riched20_winetest!mainCRTStartup(void)+0x1f [d:\reactos\reactos\lib\sdk\crt\startup\crtexe.c @ 196]
|
0012fff0 00000000 kernel32!BaseProcessStartup(<function> * lpStartAddress = 0x004338e0)+0x57 [d:\reactos\reactos\dll\win32\kernel32\client\proc.c @ 478]
|
Stack trace for riched32:editor:
ChildEBP RetAddr
|
0012fcf0 7c94a13f ntdll!RtlpDphIsPageHeapBlock(struct _DPH_HEAP_ROOT * DphRoot = 0x00731000, void * Block = 0x00000100, unsigned long * ValidationInformation = 0x0012fd0c, unsigned char CheckFillers = 0x01 '')+0x4b [d:\reactos\reactos\lib\rtl\heappage.c @ 1372]
|
0012fd1c 7c92e330 ntdll!RtlpPageHeapDestroy(void * HeapPtr = 0x00730000)+0x9f [d:\reactos\reactos\lib\rtl\heappage.c @ 1646]
|
0012fd48 77d8899f ntdll!RtlDestroyHeap(void * HeapPtr = 0x00730000)+0x30 [d:\reactos\reactos\lib\rtl\heap.c @ 1539]
|
0012fd54 756a151c kernel32!HeapDestroy(void * hHeap = 0x00730000)+0xf [d:\reactos\src\dll\win32\kernel32\client\heapmem.c @ 88]
|
0012fd64 756c673e riched20!DllMain(struct HINSTANCE__ * hinstDLL = 0x75690000, unsigned int fdwReason = 0, void * lpvReserved = 0x00000000)+0x11c [d:\reactos\reactos\dll\win32\riched20\editor.c @ 2928]
|
0012fd7c 756c67f9 riched20!__DllMainCRTStartup(void * hDllHandle = 0x75690000, unsigned long dwReason = 0, void * lpreserved = 0x00000000)+0xae [d:\reactos\reactos\lib\sdk\crt\startup\crtdll.c @ 201]
|
0012fd90 7c928774 riched20!DllMainCRTStartup(void * hDllHandle = 0x75690000, unsigned long dwReason = 0, void * lpreserved = 0x00000000)+0x29 [d:\reactos\reactos\lib\sdk\crt\startup\crtdll.c @ 171]
|
0012fda4 7c923a43 ntdll!LdrpCallInitRoutine(<function> * EntryPoint = 0x756c67d0, void * BaseAddress = 0x75690000, unsigned long Reason = 0, void * Context = 0x00000000)+0x14 [d:\reactos\reactos\dll\ntdll\ldr\ldrutils.c @ 217]
|
0012fe0c 77d89cac ntdll!LdrUnloadDll(void * BaseAddress = 0x715e0000)+0x383 [d:\reactos\reactos\dll\ntdll\ldr\ldrapi.c @ 1480]
|
0012fe44 00405979 kernel32!FreeLibrary(struct HINSTANCE__ * hLibModule = 0x715e0000)+0x9c [d:\reactos\src\dll\win32\kernel32\client\loader.c @ 489]
|
0012fe78 004066ec riched32_winetest!func_editor(void)+0x119 [d:\reactos\reactos\modules\rostests\winetests\riched32\editor.c @ 1247]
|
0012fe90 00406911 riched32_winetest!run_test(char * name = 0x0040e314 "editor")+0x8c [d:\reactos\reactos\include\reactos\wine\test.h @ 636]
|
0012ff1c 00406eea riched32_winetest!main(int argc = 0n1, char ** argv = 0x00462ff8)+0x131 [d:\reactos\reactos\include\reactos\wine\test.h @ 675]
|
0012ffb4 00406f7f riched32_winetest!__tmainCRTStartup(void)+0x25a [d:\reactos\reactos\lib\sdk\crt\startup\crtexe.c @ 310]
|
0012ffc0 77d8f577 riched32_winetest!mainCRTStartup(void)+0x1f [d:\reactos\reactos\lib\sdk\crt\startup\crtexe.c @ 196]
|
0012fff0 00000000 kernel32!BaseProcessStartup(<function> * lpStartAddress = 0x00406f60)+0x57 [d:\reactos\src\dll\win32\kernel32\client\proc.c @ 478]
|
I've checked that the handle passed to HeapDestroy is the same as the one returned by HeapCreate earlier when riched20.dll is loaded.