[bt-devel] Bt Windows Crash
Gary Holmlund
gary.holmlund at gmail.com
Tue Aug 3 19:10:47 MST 2010
On 8/3/2010 11:25 AM, Jaak Ristioja wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03.08.2010 07:25, Gary Holmlund wrote:
>> I am getting a crash on Windows when BibleTime starts up. I happens with release or debug
>> code. It is in the file: cbtconfig.cpp
>>
>> DisplayOptions getDisplayOptionDefaults() {
>> DisplayOptions options;
>> options.lineBreaks = get(lineBreaks);
>> options.verseNumbers = get(verseNumbers);
>> return options; // CRASH
>> }
>
> On July 20 struct DisplayOptions moved to a new header file. If the Windows version was
> built after this change (SVN 2448) are you sure you did a complete rebuild (clean+build)?
>
> If this is not the case, I also think this is a compiler error or some Microsoft compiler
> feature. Can you please show us x86 assembly code for that function and its call?
>
> Jaak
Calling sequence
m_filterOptions = CBTConfig::getFilterOptionDefaults();
003BF5A1 lea eax,[ebp-8Ch]
003BF5A7 push eax
003BF5A8 call CBTConfig::getFilterOptionDefaults (245B41h)
003BF5AD add esp,4
003BF5B0 mov ecx,0Ch
003BF5B5 mov esi,eax
003BF5B7 lea edi,[ebp-0BCh]
003BF5BD rep movs dword ptr es:[edi],dword ptr [esi]
003BF5BF mov edi,dword ptr [ebp-10h]
003BF5C2 add edi,20h
003BF5C5 mov ecx,0Ch
003BF5CA lea esi,[ebp-0BCh]
003BF5D0 rep movs dword ptr es:[edi],dword ptr [esi]
m_displayOptions = CBTConfig::getDisplayOptionDefaults();
003BF5D2 call CBTConfig::getDisplayOptionDefaults (240E89h) //
registers before call
003BF5D7 mov dword ptr [ebp-5Ch],eax
003BF5DA mov dword ptr [ebp-58h],edx
003BF5DD mov eax,dword ptr [ebp-10h]
003BF5E0 mov ecx,dword ptr [ebp-5Ch]
003BF5E3 mov dword ptr [eax+50h],ecx
003BF5E6 mov edx,dword ptr [ebp-58h]
003BF5E9 mov dword ptr [eax+54h],edx
// registers before call
EAX = 0138F31C EBX = 7EFDE000 ECX = 00000000 EDX = 031F0174 ESI = 0138F31C
EDI = 03AF1A98 EIP = 003BF5D2 ESP = 0138F2CC EBP = 0138F3A8 EFL = 00000202
//**************************************************
DisplayOptions getDisplayOptionDefaults() {
00290D70 push ebp
00290D71 mov ebp,esp
00290D73 sub esp,48h
00290D76 push ebx
00290D77 push esi
00290D78 push edi
DisplayOptions options;
options.lineBreaks = get(lineBreaks);
00290D79 push 0Ah
00290D7B call CBTConfig::get (2470F4h)
00290D80 add esp,4
00290D83 movzx eax,al
00290D86 mov dword ptr [options],eax
options.verseNumbers = get(verseNumbers);
00290D89 push 0Bh
00290D8B call CBTConfig::get (2470F4h)
00290D90 add esp,4
00290D93 movzx eax,al
00290D96 mov dword ptr [ebp-4],eax
return options;
00290D99 mov eax,dword ptr [ebp+8] // load EAX
00290D9C mov ecx,dword ptr [options]
00290D9F mov dword ptr [eax],ecx // crash, registers
before crash
00290DA1 mov edx,dword ptr [ebp-4]
00290DA4 mov dword ptr [eax+4],edx
00290DA7 mov eax,dword ptr [ebp+8]
}
// crash, registers before crash
EAX = AD50DA3E EBX = 7EFDE000 ECX = 00000000 EDX = 031F0174 ESI = 0138F31C
EDI = 03AF1A98 EIP = 00290D9F ESP = 0138F270 EBP = 0138F2C4 EFL = 00000212
Unhandled exception at 0x00290d9f in bibletime.exe: 0xC0000005:
Access violation writing location 0xad50da3e.
So, the crash is because of a bad pointer in EAX. EAX is loaded from
[ebp+8]. I think the problem is in the calling sequence, not the
getDisplayOptionDefaults function. This function was called successfully
once before this crash. My assembly knowledge is not good enough for me
to understand the calling sequence.
Any thoughts?
Gary
More information about the bt-devel
mailing list