[ros-bugs] [Bug 3691] New: Opening a non supported/empty file on 7-Zip causes ros to crash.

ReactOS.Bugzilla at www.reactos.org ReactOS.Bugzilla at www.reactos.org
Tue Aug 26 14:37:09 CEST 2008 

http://www.reactos.org/bugzilla/show_bug.cgi?id=3691

           Summary: Opening a non supported/empty file on 7-Zip causes ros
                    to crash.
           Product: ReactOS
           Version: TRUNK
          Platform: QEmu
        OS/Version: ReactOS
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: Win32
        AssignedTo: ros-bugs at reactos.org
        ReportedBy: martinmnet at hotmail.com
         QAContact: ros-bugs at reactos.org


(subsystems/win32/win32k/ntuser/window.c:1558) FIXME - Parent is HWND_MESSAGE
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea505ac, Thread
8173e790, HANDLE 700e4
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea505ac, Thread 8173e790
fixme:(dll/win32/advapi32/sec/lsa.c:126)
(0000CAFE,00598020,0058FE58,0x00000001) stub
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea50ebc, Thread
8173e790, HANDLE 20114
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea50ebc, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea510b4, Thread
8173e790, HANDLE 2011c
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea510b4, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea5114c, Thread
8173e790, HANDLE 2011e
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea5114c, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea511e4, Thread
8173e790, HANDLE 20120
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea511e4, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea5127c, Thread
8173e790, HANDLE 20122
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea5127c, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea512fc, Thread
8173e790, HANDLE 20124
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea512fc, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea5137c, Thread
8173e790, HANDLE 20126
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea5137c, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea51534, Thread
8173e790, HANDLE 2012e
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea51534, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea515cc, Thread
8173e790, HANDLE 20130
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea515cc, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea51664, Thread
8173e790, HANDLE 20132
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea51664, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea516e4, Thread
8173e790, HANDLE 20134
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea516e4, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea4ffe4, Thread
8173e790, HANDLE 20136
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea4ffe4, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea51764, Thread
8173e790, HANDLE 20138
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea51764, Thread 8173e790
(subsystems/win32/win32k/ntuser/window.c:1641) Created Window 9ea517e4, Thread
8173e790, HANDLE 2013a
(subsystems/win32/win32k/ntuser/window.c:1656) Wnd allocated for Window
9ea517e4, Thread 8173e790
WARNING:  MmLockPagableSectionByHandle at ntoskrnl/mm/drvlck.c:43 is
UNIMPLEMENTED!
WARNING:  MmUnlockPagableImageSection at ntoskrnl/mm/drvlck.c:79 is
UNIMPLEMENTED!
(subsystems/win32/win32k/ntuser/window.c:355) FreeWindow 9ea51b3c
(subsystems/win32/win32k/ntuser/window.c:355) FreeWindow 9ea51bbc
(subsystems/win32/win32k/ntuser/window.c:355) FreeWindow 9ea5196c

(subsystems/win32/win32k/ntuser/window.c:2086) IntCreateWindowEx(): send CREATE
message failed for 9ea50ebc, a14b5390. No cleanup performed!
(subsystems/win32/win32k/ntuser/window.c:2087) LastChild 9ea5127c
(subsystems/win32/win32k/ntuser/window.c:2088) FirstChild 9ea510b4
(subsystems/win32/win32k/ntuser/window.c:355) FreeWindow 9ea50ebc
(subsystems/win32/win32k/ntuser/window.c:742) DestroyThreadWindow 9ea505ac, 1
(subsystems/win32/win32k/ntuser/window.c:355) FreeWindow 9ea505ac
(subsystems/win32/win32k/ntuser/window.c:742) DestroyThreadWindow 9ea50ebc, 2
Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page
Fault)
Memory at 0x80AEA90C could not be read: Page not present.
kdb:> bt
Eip:
<win32k.sys:823ab (subsystems/win32/win32k/ntuser/winpos.c:1327
(@co_WinPosShowWindow at 8))>
Frames:
<win32k.sys:80120 (subsystems/win32/win32k/ntuser/window.c:2362
(@co_UserDestroyWindow at 4))>
<win32k.sys:80395 (subsystems/win32/win32k/ntuser/window.c:745
(@co_DestroyThreadWindows at 4))>
<win32k.sys:4c86b (subsystems/win32/win32k/main/dllmain.c:287
(Win32kThreadCallback at 8))>
<NTOSKRNL.EXE:8b397 (ntoskrnl/ps/kill.c:694 (PspExitThread at 4))>
<NTOSKRNL.EXE:8be92 (ntoskrnl/ps/kill.c:964 (PspTerminateThreadByPointer at 12))>
<NTOSKRNL.EXE:8cace (ntoskrnl/ps/kill.c:1189 (NtTerminateProcess at 8))>
<NTOSKRNL.EXE:9fc1a (ntoskrnl/ke/i386/trap.s:244 (KiFastCallEntry))>
<ntdll.dll:5e15>
<msvcrt.dll:e206>
<msvcrt.dll:e222>
<7zFM.exe:3a60a>
<kernel32.dll:21991>
<00000000>
kdb:>



When the CREATE message fails for the given window,the code jumps to cleanup.
In cleanup a call is made to UserFreeWindowInfo(ti, Window);
In UserFreeWindowInfo Heaps are freed for the WindowName and Wnd members and
they are set to null.
When 7-Zip fails to open archive and it terminates, co_DestroyThreadWindows
gets called.
This function gets each Window for the thread and calls co_UserDestroyWindow
for each.
In co_UserDestroyWindow a call is made to co_WinPosShowWindow
and in this function code is as follows:

   Wnd = Window->Wnd;

   WasVisible = (Wnd->Style & WS_VISIBLE) != 0;

Wnd for the Window was freed and set to NULL, back at the call to
UserFreeWindowInfo in co_IntCreateWindowEx.

Should UserFreeWindowInfo in the cleanup for co_IntCreateWindowEx be
co_UserDestroyWindow(Window) instead?


-- 
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the Ros-bugs mailing list