This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re[3]: Setup 2.249.2.3 on Win2k hangs while uninstalling packages


RLO>> setup.exe Application Error message box:

RLO>>         The instruction at "0x0042fa24" referenced memory at "0x00000000". The
RLO>> memory could not be "read".

PT> Cool! :) Let me see if I can dig up something from the above
PT> information.

Ok, here is more information on the subject - though incomplete :(
This is a part of the dissambly listing of package_meta::uninstall where
the crash occures. It from the UPX decompressed version of setup.exe
2.249.2.3. There are comment throught to let you knwo what happens.

0042F98F                 call    DeleteFileA ; package_meta.cc The
                                             ; second DeleteFileA call
                                             ; in the uninstall()
                                             ; method
0042F994                 add     esp, 14h
0042F997 
0042F997 loc_42F997:                             ; CODE XREF: sub_42F524+375j
0042F997                                         ; sub_42F524+37Ej
0042F997                 mov     eax, [ebp+arg_0] ; eax == this pointer
0042F99A                 add     esp, 0FFFFFFF8h
0042F99D                 mov     edx, [eax+24h]  ; edx == this->installed
0042F9A0                 mov     ecx, [edx+80h]
0042F9A6                 movsx   eax, word ptr [ecx+40h]
0042F9AA                 add     edx, eax
0042F9AC                 push    edx
0042F9AD                 push    esi
0042F9AE                 mov     eax, [ecx+44h]
0042F9B1                 call    eax             ; installed->getnextfile() ??
0042F9B3                 mov     edx, [edi+4]
0042F9B6                 add     esp, 0Ch
0042F9B9                 mov     eax, [edx+4]
0042F9BC                 mov     [ebp+var_100], eax
0042F9C2                 mov     [ebp+var_FC], offset sub_439F5C ; class String destructor
0042F9CC                 lea     eax, [ebp+var_100]
0042F9D2                 mov     [ebp+var_F8], esi
0042F9D8                 mov     [edx+4], eax
0042F9DB                 mov     eax, [ebp+var_70] ; class String operator = (const String&) (inlined)
0042F9DB                                         ;    eax == aString.theData
0042F9DE                 inc     dword ptr [eax] ; Increase aString.theData->count
0042F9E0                 mov     eax, [ebp+var_20] ; eax == this->theData
0042F9E3                 dec     dword ptr [eax] ; Decrease this->theData->count
0042F9E5                 jnz     short loc_42F9FC
0042F9E7                 mov     eax, [ebp+var_20]
0042F9EA                 test    eax, eax
0042F9EC                 jz      short loc_42F9FC
0042F9EE                 add     esp, 0FFFFFFF8h
0042F9F1                 push    3
0042F9F3                 push    eax
0042F9F4                 call    sub_439DDC
0042F9F9                 add     esp, 10h
0042F9FC 
0042F9FC loc_42F9FC:                             ; CODE XREF: sub_42F524+4C1j
0042F9FC                                         ; sub_42F524+4C8j
0042F9FC                 mov     eax, [ebp+var_70]
0042F9FF                 add     esp, 0FFFFFFF8h
0042FA02                 mov     [ebp+var_20], eax
0042FA05                 mov     edx, [edi+4]
0042FA08                 mov     eax, [edx+4]
0042FA0B                 mov     eax, [eax]
0042FA0D                 mov     [edx+4], eax
0042FA10                 push    2
0042FA12                 push    esi
0042FA13                 call    sub_439F5C      ; class String destructor
0042FA18                 mov     edx, [edi+4]    ; EDI contains the
                                                 ; return value of
                                                 ; __get_eh_context.
0042FA1B                 add     esp, 10h
0042FA1E                 add     esp, 0FFFFFFF8h
0042FA21                 mov     eax, [edx+4]
0042FA24                 mov     eax, [eax]      ; The crash occures HERE!!!
0042FA26                 mov     [edx+4], eax
0042FA29                 push    2
0042FA2B                 lea     edx, [ebp+var_40]
0042FA2E                 push    edx
0042FA2F                 call    sub_439F5C      ; class String destructor
0042FA34                 add     esp, 10h
0042FA37                 mov     eax, [ebp+var_20] ; class String size() (inlined)
0042FA3A                 cmp     dword ptr [eax+0Ch], 0
0042FA3E                 jnz     loc_42F61C      ; loop until empty line

>From what I can see it seems like the EDI register gets overwritten
at some point. Since I cannot reproduce the crash I can't determine
who exaclty overwrites it (if someone does at all ;) ) and it's too
late now to continue...

P.S. Btw I noticed something though I am not sure it has something to
do with the problem. In the String class there is allocation of memory with zero
size - this is not cool, especially if you try to write to it and
especially when you're using msvcrt.dll.

However... :)


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]