Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Tue, 18 Jun 2002 00:29:56 +0200
From: Pavel Tsekov <ptsekov AT gmx DOT net>
Reply-To: Pavel Tsekov <ptsekov AT gmx DOT net>
X-Priority: 3 (Normal)
Message-ID: <12514177846.20020618002956@gmx.net>
To: Pavel Tsekov <cygwin AT cygwin DOT com>
CC: cygwin AT cygwin DOT com
Subject: Re[3]: Setup 2.249.2.3 on Win2k hangs while uninstalling packages
In-Reply-To: <116308363.20020617181936@syntrex.com>
References: <000201c21617$dbaf1aa0$e5091bac AT ELPASO>
 <116308363 DOT 20020617181936 AT syntrex DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

RLO>> setup.exe Application Error message box:

RLO>>         The instruction at "0x0042fa24" referenced memory at "0x00000000". The
RLO>> memory could not be "read".

PT> Cool! :) Let me see if I can dig up something from the above
PT> information.

Ok, here is more information on the subject - though incomplete :(
This is a part of the dissambly listing of package_meta::uninstall where
the crash occures. It from the UPX decompressed version of setup.exe
2.249.2.3. There are comment throught to let you knwo what happens.

0042F98F                 call    DeleteFileA ; package_meta.cc The
                                             ; second DeleteFileA call
                                             ; in the uninstall()
                                             ; method
0042F994                 add     esp, 14h
0042F997 
0042F997 loc_42F997:                             ; CODE XREF: sub_42F524+375j
0042F997                                         ; sub_42F524+37Ej
0042F997                 mov     eax, [ebp+arg_0] ; eax == this pointer
0042F99A                 add     esp, 0FFFFFFF8h
0042F99D                 mov     edx, [eax+24h]  ; edx == this->installed
0042F9A0                 mov     ecx, [edx+80h]
0042F9A6                 movsx   eax, word ptr [ecx+40h]
0042F9AA                 add     edx, eax
0042F9AC                 push    edx
0042F9AD                 push    esi
0042F9AE                 mov     eax, [ecx+44h]
0042F9B1                 call    eax             ; installed->getnextfile() ??
0042F9B3                 mov     edx, [edi+4]
0042F9B6                 add     esp, 0Ch
0042F9B9                 mov     eax, [edx+4]
0042F9BC                 mov     [ebp+var_100], eax
0042F9C2                 mov     [ebp+var_FC], offset sub_439F5C ; class String destructor
0042F9CC                 lea     eax, [ebp+var_100]
0042F9D2                 mov     [ebp+var_F8], esi
0042F9D8                 mov     [edx+4], eax
0042F9DB                 mov     eax, [ebp+var_70] ; class String operator = (const String&) (inlined)
0042F9DB                                         ;    eax == aString.theData
0042F9DE                 inc     dword ptr [eax] ; Increase aString.theData->count
0042F9E0                 mov     eax, [ebp+var_20] ; eax == this->theData
0042F9E3                 dec     dword ptr [eax] ; Decrease this->theData->count
0042F9E5                 jnz     short loc_42F9FC
0042F9E7                 mov     eax, [ebp+var_20]
0042F9EA                 test    eax, eax
0042F9EC                 jz      short loc_42F9FC
0042F9EE                 add     esp, 0FFFFFFF8h
0042F9F1                 push    3
0042F9F3                 push    eax
0042F9F4                 call    sub_439DDC
0042F9F9                 add     esp, 10h
0042F9FC 
0042F9FC loc_42F9FC:                             ; CODE XREF: sub_42F524+4C1j
0042F9FC                                         ; sub_42F524+4C8j
0042F9FC                 mov     eax, [ebp+var_70]
0042F9FF                 add     esp, 0FFFFFFF8h
0042FA02                 mov     [ebp+var_20], eax
0042FA05                 mov     edx, [edi+4]
0042FA08                 mov     eax, [edx+4]
0042FA0B                 mov     eax, [eax]
0042FA0D                 mov     [edx+4], eax
0042FA10                 push    2
0042FA12                 push    esi
0042FA13                 call    sub_439F5C      ; class String destructor
0042FA18                 mov     edx, [edi+4]    ; EDI contains the
                                                 ; return value of
                                                 ; __get_eh_context.
0042FA1B                 add     esp, 10h
0042FA1E                 add     esp, 0FFFFFFF8h
0042FA21                 mov     eax, [edx+4]
0042FA24                 mov     eax, [eax]      ; The crash occures HERE!!!
0042FA26                 mov     [edx+4], eax
0042FA29                 push    2
0042FA2B                 lea     edx, [ebp+var_40]
0042FA2E                 push    edx
0042FA2F                 call    sub_439F5C      ; class String destructor
0042FA34                 add     esp, 10h
0042FA37                 mov     eax, [ebp+var_20] ; class String size() (inlined)
0042FA3A                 cmp     dword ptr [eax+0Ch], 0
0042FA3E                 jnz     loc_42F61C      ; loop until empty line

From what I can see it seems like the EDI register gets overwritten
at some point. Since I cannot reproduce the crash I can't determine
who exaclty overwrites it (if someone does at all ;) ) and it's too
late now to continue...

P.S. Btw I noticed something though I am not sure it has something to
do with the problem. In the String class there is allocation of memory with zero
size - this is not cool, especially if you try to write to it and
especially when you're using msvcrt.dll.

However... :)


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/