Skip to content
07 June 2010

Crash in CDHtmlDialog's OnInitDialog method

Recently I implemented a crash report system for FreeFixer which allows the user to upload the FreeFixer memory dump for analysis. A memory dump is generated if an unhandled exception occur, such as an access violation exception, or if the application triggers an ASSERT. With the help of the memory dump, FreeFixer's executable file, and the symbols, I can see exactly where in the code the problem occur. This have been quite useful to track down some bugs.

Today I downloaded the 10 dumps generated from FreeFixer v0.58 for analysis. There has been approximately 20.000 downloads since the release of FreeFixer v0.58 three weeks ago. There are two bugs that has been around for some time where I've not found any fix.

Five of the dumps highlights a problem that appears during initialization. FreeFixer's user interface is built with a CDHtmlDialog. When the application starts, I call the dialog's DoModal() method, which later on calls my OnInitDialog() method, which immediately calls CDHtmlDialog::OnInitDialog.

BOOL CDHtmlDialog::OnInitDialog()
{
	AfxEnableControlContainer();

	CDialog::OnInitDialog();

	RECT rectClient;
	GetClientRect(&rectClient);

	// if we've been created from the dynamic template
	// set the caption
	if (!m_lpszTemplateName)
		SetWindowText(m_strDlgCaption);

	// check if there is a browser control on the dialog
	// already
	CWnd *pCtrl = GetDlgItem(AFX_IDC_BROWSER);
	LPUNKNOWN lpUnk;
	if (pCtrl)
	{
		lpUnk = pCtrl->GetControlUnknown();
		if (lpUnk && SUCCEEDED(lpUnk->QueryInterface(IID_IWebBrowser2, (void **) &m_pBrowserApp)))
		{
			m_wndBrowser.Attach(pCtrl->m_hWnd);
			m_bAttachedControl = TRUE;
		}
	}
	if (m_pBrowserApp == NULL)
	{
		// create the control window
		m_wndBrowser.CreateControl(CLSID_WebBrowser, NULL,
					WS_VISIBLE | WS_CHILD, rectClient, this, AFX_IDC_BROWSER);
		lpUnk = m_wndBrowser.GetControlUnknown();
boom->		if (FAILED(lpUnk->QueryInterface(IID_IWebBrowser2, (void**) &m_pBrowserApp)))
		{
			m_wndBrowser.DestroyWindow();
			DestroyWindow();
			return TRUE;
		}

In the code listed above, m_wndBrowser.GetControlUnknown() returns NULL and is assigned to the lpUnk variable, and later on a call to lpUnk->QueryInterface is done. There we have an access violation exception. Unfortunately I've not been able to figure out why does problem appear, and why it only appears in 1 out of 4000 downloads. Do you know of a solution to this problem? Please let me know.

There are a few suggestions available to fix this problem, such as calling CoInitialize(NULL) or AfxEnableControlContainer() in the application's InitInstance() method. However, none of these fixes has solved the problem:

The 5 remaining dumps is related to FreeFixer's code that extracts icons from executable files which are displayed in the scan result. The code goes something like this:

HMODULE module = LoadLibraryEx(filename, NULL, LOAD_LIBRARY_AS_DATAFILE);
if (!module) return;

[..do some work on the module..]

const BOOL result = FreeLibrary(module);
ASSERT(result);

The result from FreeLibrary is passed to the ASSERT macro since I assume it is programming error if FreeLibrary fails when passed a valid HMODULE. However, the assertion is triggered, approximately once every 4000 downloads. Unfortunately I don't have the file name of the module that the code loads which probably would give some hints why the problem occur. Another interesting observation is that all five dumps shows that the machines where running the BitDefender anti-virus. Anyone else noticed this problem?

Comments

No comments posted yet.

Leave a reply