search

DynamoRIO / drmemory

Memory Debugger for Windows, Linux, Mac, and Android
Other
2.38k stars 257 forks source link

Uninits and leaks when using CoInitialize/CoCreateInstance #425

Open derekbruening opened 9 years ago

derekbruening commented 9 years ago

From timurrrr@google.com on May 30, 2011 06:06:33

As of r313 ,

include

include

include

include

pragma comment(lib, "ole32.lib")

int main() { ::CoInitialize(NULL);

IShellLink* obj;
HRESULT hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER,
                                IID_IShellLink, (LPVOID*)&obj);
if (!SUCCEEDED(hres)) {
     ::CoUninitialize();
     printf("FAIL\n");
     return 1;
}   
// For more tests see http://msdn.microsoft.com/en-us/library/bb776891(v=vs.85).aspx#Shellink_Creating_Shortcut obj->Release();

::CoUninitialize();
printf("PASS\n");
return 0;

}

Gives the following reports (besides known false positives):

Error #7: UNINITIALIZED READ: reading 0x001672e0-0x001672e1 1 byte(s) @0:00:05.344 in thread 16412 0x76fda30f <CLBCatQ.DLL+0xa30f> CLBCatQ.DLL!DestroyStgDatabase 0x76fd7178 <CLBCatQ.DLL+0x7178> CLBCatQ.DLL!PostError 0x76fd7132 <CLBCatQ.DLL+0x7132> CLBCatQ.DLL!PostError 0x76fd6d24 <CLBCatQ.DLL+0x6d24> CLBCatQ.DLL!PostError 0x76fd73d4 <CLBCatQ.DLL+0x73d4> CLBCatQ.DLL!PostError 0x76fd6c72 <CLBCatQ.DLL+0x6c72> CLBCatQ.DLL!PostError 0x76fd74c8 <CLBCatQ.DLL+0x74c8> CLBCatQ.DLL!PostError 0x76fd308f <CLBCatQ.DLL+0x308f> CLBCatQ.DLL!? 0x7c90118a <ntdll.dll+0x118a> ntdll.dll!LdrInitializeThunk 0x7c9224ca <ntdll.dll+0x224ca> ntdll.dll!RtlDestroyEnvironment 0x7c81caae <KERNEL32.dll+0x1caae> KERNEL32.dll!IsValidLocale 0x7c81cb26 <KERNEL32.dll+0x1cb26> KERNEL32.dll!ExitProcess

Error #8: UNINITIALIZED READ: reading 0x00167424-0x00167425 1 byte(s) @0:00:05.391 in thread 16412 0x76fda30f <CLBCatQ.DLL+0xa30f> CLBCatQ.DLL!DestroyStgDatabase 0x76fd7132 <CLBCatQ.DLL+0x7132> CLBCatQ.DLL!PostError 0x76fd6d24 <CLBCatQ.DLL+0x6d24> CLBCatQ.DLL!PostError 0x76fd73d4 <CLBCatQ.DLL+0x73d4> CLBCatQ.DLL!PostError 0x76fd6c72 <CLBCatQ.DLL+0x6c72> CLBCatQ.DLL!PostError 0x76fd74c8 <CLBCatQ.DLL+0x74c8> CLBCatQ.DLL!PostError 0x76fd308f <CLBCatQ.DLL+0x308f> CLBCatQ.DLL!? 0x7c90118a <ntdll.dll+0x118a> ntdll.dll!LdrInitializeThunk 0x7c9224ca <ntdll.dll+0x224ca> ntdll.dll!RtlDestroyEnvironment 0x7c81caae <KERNEL32.dll+0x1caae> KERNEL32.dll!IsValidLocale 0x7c81cb26 <KERNEL32.dll+0x1cb26> KERNEL32.dll!ExitProcess 0x00402aa2 <test.exe+0x2aa2> test.exe!__crtExitProcess

Original issue: http://code.google.com/p/drmemory/issues/detail?id=425

derekbruening commented 9 years ago

From timurrrr@google.com on June 02, 2011 07:00:19

if I add the following line: obj->SetPath("ZZZ"); before the ->Release line, I also get the following leak report: Error #17: POSSIBLE LEAK 264 direct bytes 0x00187f30-0x00188038 + 0 indirect bytes 0x77e781f9 <RPCRT4.dll+0x81f9> RPCRT4.dll!I_RpcBCacheFree 0x77e781d0 <RPCRT4.dll+0x81d0> RPCRT4.dll!I_RpcBCacheFree 0x77e78ab4 <RPCRT4.dll+0x8ab4> RPCRT4.dll!NdrOleFree 0x77e78498 <RPCRT4.dll+0x8498> RPCRT4.dll!I_RpcBCacheFree 0x77e8076f <RPCRT4.dll+0x1076f> RPCRT4.dll!I_RpcTransGetThreadEvent 0x77e8519c <RPCRT4.dll+0x1519c> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize 0x77e84fd5 <RPCRT4.dll+0x14fd5> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize 0x77e848de <RPCRT4.dll+0x148de> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize 0x77e849f5 <RPCRT4.dll+0x149f5> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize 0x77e84944 <RPCRT4.dll+0x14944> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize 0x77e7febc <RPCRT4.dll+0xfebc> RPCRT4.dll!NdrConformantStructUnmarshall 0x77e78ed9 <RPCRT4.dll+0x8ed9> RPCRT4.dll!I_RpcGetBufferWithObject 0x77e78f10 <RPCRT4.dll+0x8f10> RPCRT4.dll!I_RpcGetBuffer 0x77e79571 <RPCRT4.dll+0x9571> RPCRT4.dll!NdrGetBuffer 0x77ef560b <RPCRT4.dll+0x8560b> RPCRT4.dll!NdrClientCall2 0x77de1ee8 <ADVAPI32.dll+0x11ee8> ADVAPI32.dll!LsaOpenPolicy 0x77de1e6a <ADVAPI32.dll+0x11e6a> ADVAPI32.dll!LsaOpenPolicy 0x77dfb93d <ADVAPI32.dll+0x2b93d> ADVAPI32.dll!LookupPrivilegeValueW 0x77928fe3 <SETUPAPI.dll+0x8fe3> SETUPAPI.dll!pSetupConcatenatePaths 0x77929ffd <SETUPAPI.dll+0x9ffd> SETUPAPI.dll!CM_Get_Device_Interface_List_Size_ExW 0x77929060 <SETUPAPI.dll+0x9060> SETUPAPI.dll!CM_Get_Device_Interface_List_Size_ExW 0x7ca076aa <SHELL32.dll+0x476aa> SHELL32.dll!SHGetImageList 0x7ca07648 <SHELL32.dll+0x47648> SHELL32.dll!SHGetImageList 0x7ca07521 <SHELL32.dll+0x47521> SHELL32.dll!SHGetImageList 0x7ca075ed <SHELL32.dll+0x475ed> SHELL32.dll!SHGetImageList 0x7c9ea6c6 <SHELL32.dll+0x2a6c6> SHELL32.dll!Ordinal57 0x7ca2e881 <SHELL32.dll+0x6e881> SHELL32.dll!SHGetMalloc 0x7ca2e804 <SHELL32.dll+0x6e804> SHELL32.dll!SHGetMalloc 0x7c9efae8 <SHELL32.dll+0x2fae8> SHELL32.dll!SHGetSpecialFolderLocation 0x7c9efa01 <SHELL32.dll+0x2fa01> SHELL32.dll!SHGetSpecialFolderLocation 0x7c9ebe05 <SHELL32.dll+0x2be05> SHELL32.dll!SHGetDesktopFolder 0x7ca2ea91 <SHELL32.dll+0x6ea91> SHELL32.dll!SHGetMalloc 0x7c9ee143 <SHELL32.dll+0x2e143> SHELL32.dll!SHParseDisplayName 0x7c9ee090 <SHELL32.dll+0x2e090> SHELL32.dll!SHParseDisplayName 0x7c9ee629 <SHELL32.dll+0x2e629> SHELL32.dll!SHILCreateFromPath 0x7ca2ac07 <SHELL32.dll+0x6ac07> SHELL32.dll!SHGetDataFromIDListW 0x7ca41307 <SHELL32.dll+0x81307> SHELL32.dll!ShellExecuteA 0x7cb07ff0 <SHELL32.dll+0x147ff0> SHELL32.dll!Ordinal712 0x0040106c <test.exe+0x106c> test.exe!main test.cpp:21

I've seen exactly the same leak on Chromium baseunittests locally and some similar leaks on net: http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20%28DrMemory%29/builds/3925/steps/memory%20test%3A%20net_1/logs/stdio POSSIBLE LEAK 264 direct bytes 0x00191690-0x00191798 + 0 indirect bytes

1 0x77e781f9 I_RpcBCacheFree RPCRT4.dll

2 0x77e781d0 I_RpcBCacheFree RPCRT4.dll

3 0x77e78ab4 NdrOleFree RPCRT4.dll

4 0x77e78498 I_RpcBCacheFree RPCRT4.dll

5 0x77e78998 NdrOleFree RPCRT4.dll

6 0x77e78ef5 I_RpcGetBufferWithObject RPCRT4.dll

7 0x77e78f10 I_RpcGetBuffer RPCRT4.dll

8 0x77e79571 NdrGetBuffer RPCRT4.dll

9 0x77ef560b NdrClientCall2 RPCRT4.dll

...

24 0x71ab4a5a connect WS2_32.dll

derekbruening commented 9 years ago

From timurrrr@google.com on June 29, 2011 06:06:55

looks very much related: http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20%28DrMemory%29/builds/4409/steps/memory%20test%3A%20net/logs/stdio (w/o PDB symbols) LEAK 132 direct bytes 0x001edb20-0x001edba4 + 264 indirect bytes

1 I_RpcBCacheFree RPCRT4.dll+0x81f9

2 I_RpcBCacheFree RPCRT4.dll+0x81d0

3 NdrConformantArrayFree RPCRT4.dll+0xd232

4 RpcBindingFromStringBindingW RPCRT4.dll+0xe8df

5 ? DHCPCSVC.DLL+0x2a99

6 RpcStringBindingComposeW RPCRT4.dll+0xec3a

7 RpcStringBindingComposeW RPCRT4.dll+0xec67

8 NdrClientCall2 RPCRT4.dll+0x8558d

9 DhcpRequestOptions DHCPCSVC.DLL+0x460c

10 DhcpRequestParams DHCPCSVC.DLL+0x116f0

11 net::DhcpProxyScriptAdapterFetcher::GetPacURLFromDhcp net\proxy\dhcp_proxy_script_adapter_fetcher_win.cc:277

12 net::DhcpProxyScriptAdapterFetcher::WorkerThread::ImplGetPacURLFromDhcp net\proxy\dhcp_proxy_script_adapter_fetcher_win.cc:156

13 net::DhcpProxyScriptAdapterFetcher::WorkerThread::ThreadFunc net\proxy\dhcp_proxy_script_adapter_fetcher_win.cc:135

14 DispatchToMethod<...>

(also see issue #476 )

derekbruening commented 9 years ago

From timurrrr@google.com on July 18, 2011 06:43:30

One more code snippet:

include

include

include

pragma comment(lib, "ole32.lib")

pragma comment(lib, "strmiids.lib")

class ScopedCOMInitializer { public: ScopedCOMInitializer() : hr_(CoInitialize(NULL)) { }

ScopedCOMInitializer::~ScopedCOMInitializer() {
  if (SUCCEEDED(hr_))
    CoUninitialize();
}

private: HRESULT hr_; };

int main() { ScopedCOMInitializer sci;

ICreateDevEnum *dev_enum;
HRESULT hr = CoCreateInstance(CLSID_SystemDeviceEnum, NULL, CLSCTX_INPROC,
                              IID_ICreateDevEnum, (LPVOID*)&dev_enum);
if (!SUCCEEDED(hr)) {
    printf("FAIL\n");
    return 1;
}

IEnumMoniker *moniker;
hr = dev_enum->CreateClassEnumerator(CLSID_VideoInputDeviceCategory, &moniker, 0);
if (SUCCEEDED(hr)) {
    printf("PASS\n");
} else {
    printf("FAIL\n");
    return 1;
}
dev_enum->Release();

return 0;

}

-> [XP 32-bits, w/o symbols] Error #43: UNINITIALIZED READ: reading 0x003a3088-0x003a308c 4 byte(s) @0:00:05.223 in thread 6020 0x736b2ca4 <msdmo.dll+0x2ca4> msdmo.dll!DMOEnum 0x736b2d45 <msdmo.dll+0x2d45> msdmo.dll!DMOEnum 0x75f4772d <DEVENUM.DLL+0x772d> DEVENUM.DLL!DllUnregisterServer 0x75f478ad <DEVENUM.DLL+0x78ad> DEVENUM.DLL!DllUnregisterServer 0x75f483f9 <DEVENUM.DLL+0x83f9> DEVENUM.DLL!DllUnregisterServer 0x75f442c4 <DEVENUM.DLL+0x42c4> DEVENUM.DLL!? 0x75f48344 <DEVENUM.DLL+0x8344> DEVENUM.DLL!DllUnregisterServer 0x75f46e0e <DEVENUM.DLL+0x6e0e> DEVENUM.DLL!DllUnregisterServer 0x00401099 <test.exe+0x1099> test.exe!main test.cpp:34

[XP 32-bits, w/o symbols] Error #39: UNINITIALIZED READ: reading 0x003a3088-0x003a308c 4 byte(s) @0:00:05.520 in thread 5244 0x736b2ca4 <msdmo.dll+0x2ca4> msdmo.dll!CArrayContainerCEnumDMOCLSID::Entry::GetNth 0x736b2d45 <msdmo.dll+0x2d45> msdmo.dll!CEnumDMOCLSID::Next 0x75f4772d <DEVENUM.DLL+0x772d> DEVENUM.DLL!CCreateSwEnum::CreatePnpMonikers 0x75f478ad <DEVENUM.DLL+0x78ad> DEVENUM.DLL!CCreateSwEnum::CreateDmoMonikers 0x75f483f9 <DEVENUM.DLL+0x83f9> DEVENUM.DLL!CCreateSwEnum::CreateClassEnumerator 0x75f442c4 <DEVENUM.DLL+0x42c4> DEVENUM.DLL!CClassManagerBase::CreateClassEnumerator 0x75f48344 <DEVENUM.DLL+0x8344> DEVENUM.DLL!CCreateSwEnum::CreateClassEnumerator 0x75f46e0e <DEVENUM.DLL+0x6e0e> DEVENUM.DLL!CCreateSwEnum::CreateClassEnumerator 0x00401099 <test.exe+0x1099> test.exe!main test.cpp:34