Re: Corrupted heap

[Vincent Richomme]

On Thu, 18 Mar 2010 09:41:41 +0100, Fred Kiefer <address@hidden> wrote:
> I applied your patch, leaving out the GSTEP_PROGRESSIVE_CODEC bit of it.
> I really would like to see platfrom specific code like this removed from
> GNUstep gui, but doing so now could break applications on Cygwin that
> rely on the current behaviour. (Are there any?)
> What we should have here is code that tests whether this specific
> feature is present in the used JPEG library or not.
> 

Ok thanks.
On my side I am still tracking weird exceptions I have when launching 
Gorm.exe; now the problem is between the following lines :

.text:00404480 push    ebp
.text:00404481 mov     ebp, esp
.text:00404483 push    edi
.text:00404484 push    esi
.text:00404485 push    ebx
.text:00404486 sub     esp, 4Ch
.text:00404489 mov     ebx, [ebp+arg_0]
.text:0040448C mov     eax, off_408BE4
.text:00404491 mov     [ebp+var_20], ebx
.text:00404494 mov     [ebp+var_1C], eax
.text:00404497 lea     eax, [ebp+var_20]
.text:0040449A mov     [esp+58h+var_54], offset off_40A060
.text:004044A2 mov     [esp+58h+var_58], eax
.text:004044A5 call    objc_msg_lookup_super
.text:004044AA mov     [esp+58h+var_58], ebx
.text:004044AD mov     [esp+58h+var_54], offset off_40A060
.text:004044B5 call    eax
.text:004044B7 test    eax, eax
.text:004044B9 mov     ebx, eax
.text:004044BB jz      loc_404A42
.text:004044C1 mov     [esp+58h+var_58], offset aNsnotification ;
"NSNotificationCenter"
.text:004044C8 call    objc_get_class
.text:004044CD mov     [esp+58h+var_54], offset off_40A068
.text:004044D5 mov     esi, eax
.text:004044D7 mov     [esp+58h+var_58], eax
.text:004044DA call    objc_msg_lookup
.text:004044DF mov     [esp+58h+var_58], esi
.text:004044E2 mov     [esp+58h+var_54], offset off_40A068
.text:004044EA call    eax
.text:004044EC mov     [ebp+var_30], eax
.text:004044EF mov     [esp+58h+var_58], offset aNsbundle ; "NSBundle"
.text:004044F6 call    objc_get_class
.text:004044FB mov     [esp+58h+var_54], offset off_40A070
.text:00404503 mov     esi, eax
.text:00404505 mov     [esp+58h+var_58], eax
.text:00404508 call    objc_msg_lookup
.text:0040450D mov     [esp+58h+var_58], esi
.text:00404510 mov     [esp+58h+var_54], offset off_40A070
.text:00404518 call    eax
.text:0040451A mov     [esp+58h+var_58], offset aNsconnection ;
"NSConnection"
.text:00404521 mov     esi, eax
.text:00404523 call    objc_get_class
.text:00404528 mov     [esp+58h+var_54], offset off_40A078
.text:00404530 mov     edi, eax
.text:00404532 mov     [esp+58h+var_58], eax
.text:00404535 call    objc_msg_lookup
.text:0040453A mov     [esp+58h+var_58], edi
.text:0040453D mov     [esp+58h+var_54], offset off_40A078
.text:00404545 call    eax
.text:00404547 mov     [ebp+var_2C], eax
.text:0040454A mov     [esp+58h+var_58], esi
.text:0040454D mov     [esp+58h+var_54], offset off_40A080
.text:00404555 call    objc_msg_lookup
.text:0040455A mov     [esp+58h+var_58], esi
.text:0040455D mov     [esp+58h+var_50], offset unk_40AE04
.text:00404565 mov     [esp+58h+var_54], offset off_40A080
.text:0040456D call    eax
.text:0040456F mov     [esp+58h+var_58], offset aNsimage ; "NSImage"
.text:00404576 mov     [ebp+var_34], eax
.text:00404579 call    objc_get_class
.text:0040457E mov     [esp+58h+var_54], offset off_40A088
.text:00404586 mov     edi, eax
.text:00404588 mov     [esp+58h+var_58], eax
.text:0040458B call    objc_msg_lookup
.text:00404590 mov     [esp+58h+var_58], edi
.text:00404593 mov     [esp+58h+var_54], offset off_40A088
.text:0040459B call    eax
.text:0040459D mov     [esp+58h+var_54], offset off_40A090
.text:004045A5 mov     edi, eax
.text:004045A7 mov     [esp+58h+var_58], eax
.text:004045AA call    objc_msg_lookup
.text:004045AF mov     edx, [ebp+var_34]
.text:004045B2 mov     [esp+58h+var_58], edi
.text:004045B5 mov     [esp+58h+var_54], offset off_40A090
.text:004045BD mov     [esp+58h+var_50], edx
.text:004045C1 call    eax     <<<<<< PROBLEM HERE >>>>
.text:004045C3 mov     [ebx+94h], eax
.text:004045C9 mov     [esp+58h+var_58], esi
.text:004045CC mov     [esp+58h+var_54], offset off_40A080
.text:004045D4 call    objc_msg_lookup
.text:004045D9 mov     [esp+58h+var_58], esi
.text:004045DC mov     [esp+58h+var_50], offset unk_40ADF8
.text:004045E4 mov     [esp+58h+var_54], offset off_40A080
.text:004045EC call    eax
.text:004045EE mov     [esp+58h+var_58], offset aNsimage ; "NSImage"
.text:004045F5 mov     [ebp+var_34], eax
.text:004045F8 call    objc_get_class
.text:004045FD mov     [esp+58h+var_54], offset off_40A088
.text:00404605 mov     edi, eax
.text:00404607 mov     [esp+58h+var_58], eax
.text:0040460A call    objc_msg_lookup
.text:0040460F mov     [esp+58h+var_58], edi
.text:00404612 mov     [esp+58h+var_54], offset off_40A088

When debugger returns from 004045C1  call eax, I get a nice popup 
with the error message :

7c97f749: The instruction at 0x7c97f749 referenced memory at 0x40000058.
The memory cannot be read...

and I end up inside ntdll.dll

So once again a free is done on invalid memory.

If I try to analyze deeper I arrive to this point 

gnustep_gui_0_17.dll:63AF5049 ; 
gnustep_gui_0_17.dll:63AF5049 call    near ptr unk_63CADF00
gnustep_gui_0_17.dll:63AF504E lea     eax, [ebp-2A8h]
gnustep_gui_0_17.dll:63AF5054 mov     dword ptr [ebp-290h], 0
gnustep_gui_0_17.dll:63AF505E mov     [esp], eax
gnustep_gui_0_17.dll:63AF5061 call    near ptr unk_63CAD3C8
gnustep_gui_0_17.dll:63AF5066 add     esp, 2B4h
gnustep_gui_0_17.dll:63AF506C xor     eax, eax
gnustep_gui_0_17.dll:63AF506E pop     ebx
gnustep_gui_0_17.dll:63AF506F pop     ebp
gnustep_gui_0_17.dll:63AF5070 retn
-------
gnustep_gui_0_17.dll:63CADF00 loc_63CADF00:                           
gnustep_gui_0_17.dll:63CADF00 jmp     off_63DC5904 << msvcrt_free


Unfortunately this doesn't help a lot except if people here
are used to read GNustep in asm. So I will try to rebuild gnustep-gui
without -O2 and with map file.