Page fault when unload MFC42.dll
Hi there,
We have a MFC application which will crash "randomly" (maybe once in 20 times)
while terminating. Dr Watson report that the crash point is in MFC42.DLL. After
take a look at MFC42.MAP, we find the problem is the pointer to AFX_MODULE_STATE,
pState is invalid when unloading the DLL, would somebody give us some clues on
as I did not read news group regularly. Thanks in advance.
Best wishes,
Henry
PS. Following are the souce code snipped from DllMain() function in DLLINIT.cpp
and snippet of Dr. Watson report:
---- Source code -----------
else if (dwReason == DLL_PROCESS_DETACH)
{
// free language specific DLL
AFX_MODULE_STATE* pState = AfxGetModuleState();
--> crashed at next line, the pState had been freed, I guess.
if (pState->m_appLangDLL != NULL)
{
::FreeLibrary(pState->m_appLangDLL);
pState->m_appLangDLL = NULL;
}
// free the DLL info blocks
CDynLinkLibrary* pDLL;
while ((pDLL = pState->m_libraryList) != NULL)
delete pDLL;
ASSERT(pState->m_libraryList.IsEmpty());
--- Dr. Watson report
*----> Summary/Overview <----*
MFCDLL Shared Library - Retail Version attempted to read from
memory that does not exist. It may be using an uninitialized
variable, or it may be attempting to access memory after having
freed it.
Module Name: MFC42.DLL
Description: MFCDLL Shared Library - Retail Version
Version: 6.00.8665.0
Product: Microsoft (R) Visual C++
Manufacturer: Microsoft Corporation
Application Name: Obctncn.exe
Description: ObCtnCN Module
Version: 2,0,0,7
Product: Ortega BuildingSmart
Manufacturer: Ortega InfoSystems Inc.
..
..
*----> Details <----*
Command line: obctncn.exe
Trap 0e 0000 - Invalid page fault
eax=01390cf8 ebx=00000000 ecx=00000003 edx=818ced00 esi=00000000 edi=01390cf8
eip=5f40626c esp=0366fb30 ebp=0366fc50 -- -- -- nv up EI pl nz na po nc
cs=017f ss=0187 ds=0187 es=0187 fs=676f gs=0000
MFC42.DLL:.text+0x526c:
Quote:
>017f:5f40626c 8b8750100000 mov eax,dword ptr [edi+00001050]
sel type base lim/bot
---- ---- -------- --------
cs 017f r-x- 00000000 ffffffff
ss 0187 rw-e 00000000 0000ffff
ds 0187 rw-e 00000000 0000ffff
es 0187 rw-e 00000000 0000ffff
fs 676f rw-- 818ced00 00000037
gs 0000 ----
stack base: 03570000
TIB limits: 0366e000 - 03670000
-- exception record --
Exception Code: c0000005 (access violation)
Exception Address: 5f40626c (MFC42.DLL:.text+0x526c)
Exception Info: 00000000
01391d48
MFC42.DLL:.text+0x526c:
Quote:
>017f:5f40626c 8b8750100000 mov eax,dword ptr [edi+00001050]
017f:5f406255 89be50100000 mov dword ptr [esi+00001050],edi
017f:5f40625b 6a01 push +01
017f:5f40625d 58 pop eax
017f:5f40625e 5f pop edi
017f:5f40625f 5e pop esi
017f:5f406260 5b pop ebx
017f:5f406261 c9 leave
017f:5f406262 c20c00 retd 000c
017f:5f406265 e819aeffff call 5f401083 = MFC42.DLL!1168
017f:5f40626a 8bf8 mov edi,eax
MFC42.DLL:.text+0x526c:
*017f:5f40626c 8b8750100000 mov eax,dword ptr [edi+00001050]
017f:5f406272 3bc3 cmp eax,ebx
017f:5f406274 8db750100000 lea esi,[edi+00001050]
017f:5f40627a 0f8594370700 jnz 5f479a14 = MFC42.DLL:.text+0x78a14
017f:5f406280 8b8f48100000 mov ecx,dword ptr [edi+00001048]
017f:5f406286 3bcb cmp ecx,ebx
017f:5f406288 7409 jz 5f406293 = MFC42.DLL:.text+0x5293
017f:5f40628a 8b01 mov eax,dword ptr [ecx]
017f:5f40628c 6a01 push +01
017f:5f40628e ff5004 call dword ptr [eax+04]
017f:5f406291 ebed jmp 5f406280 = MFC42.DLL:.text+0x5280
--------------------
