XnView Software

Various discussion boards for XnView and related products
https://newsgroup.xnview.com/

1.91.6 get memory access violate while viewing or idle

https://newsgroup.xnview.com/viewtopic.php?t=13801

Page 1 of 1

1.91.6 get memory access violate while viewing or idle

Posted: Tue Nov 06, 2007 2:18 pm
by azsd
I can't stop Xnview hang in viewing my some moe collection folders.
I think I have reported same problem one year ago from 1.90 beta.

same problem occured in clean install of windows server 2008.
hardware DEP disabled in BIOS settings, and software DEP only applied to system modules.

2 hours earier I start debuging Xnview and found some diffrent hang have little same rulz,
I hop you can make sure some problem exists.

1nd access violate:

Code: Select all

xnview._strtok
005647F2>/$  55            PUSH EBP
005647F3  |.  8BEC          MOV EBP, ESP
005647F5  |.  83EC 20       SUB ESP, 20
005647F8  |.  53            PUSH EBX
005647F9  |.  56            PUSH ESI
005647FA  |.  8B75 0C       MOV ESI, DWORD PTR [EBP+C]
005647FD  |.  57            PUSH EDI
005647FE  |.  E8 F7600000   CALL <__getptd>
00564803  |.  6A 08         PUSH 8
00564805  |.  8945 0C       MOV DWORD PTR [EBP+C], EAX
00564808  |.  59            POP ECX
00564809  |.  33C0          XOR EAX, EAX
0056480B  |.  8D7D E0       LEA EDI, DWORD PTR [EBP-20]
0056480E  |.  6A 07         PUSH 7
00564810  |.  F3:AB         REP STOS DWORD PTR ES:[EDI]
00564812  |.  5F            POP EDI
00564813  |>  8A16          /MOV DL, BYTE PTR [ESI]
00564815  |.  B3 01         |MOV BL, 1
00564817  |.  0FB6CA        |MOVZX ECX, DL
0056481A  |.  8BC1          |MOV EAX, ECX
0056481C  |.  23CF          |AND ECX, EDI
0056481E  |.  C1E8 03       |SHR EAX, 3
00564821  |.  D2E3          |SHL BL, CL
00564823  |.  8D4405 E0     |LEA EAX, DWORD PTR [EBP+EAX-20]
00564827  |.  0818          |OR BYTE PTR [EAX], BL
00564829  |.  46            |INC ESI
0056482A  |.  84D2          |TEST DL, DL
0056482C  |.^ 75 E5         \JNZ SHORT 00564813
0056482E  |.  8B55 08       MOV EDX, DWORD PTR [EBP+8]
00564831  |.  85D2          TEST EDX, EDX
00564833  |.  75 06         JNZ SHORT 0056483B
00564835  |.  8B45 0C       MOV EAX, DWORD PTR [EBP+C]
00564838  |.  8B50 18       MOV EDX, DWORD PTR [EAX+18]
0056483B  |>  8A02          /MOV AL, BYTE PTR [EDX]

EAX 014ED8D8
ECX 00000000
EDX 00000000
EBX 01F7D901 ASCII "n15423.jpg"
ESP 037CFC74
EBP 037CFCA0
ESI 006C23C6 xnview.006C23C6
EDI 00000007
EIP 0056483B xnview.0056483B
C 0  ES 0023 32bit 0(FFFFFFFF)
P 1  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 1  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDB000(4000)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_NOACCESS (000003E6)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
It seems failed on a routine want to check an buffer's contents and except an (exists address with) contents 0x00 as null value,
but just been passed an NULL pointer for retrieve.

here is contents follow in [EAX + 0]
0x00000EA8, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000, 0x00000001, [EAX+18] => 0x00000000, 0x00000000

here is the stack dump

Code: Select all

037CFC74   0000003A
037CFC78   00000000
037CFC7C   01F7D908  ASCII "jpg"
037CFC80   00000001
037CFC84   00000001
037CFC88   00000000
037CFC8C   00000000
037CFC90   00000000
037CFC94   00000000
037CFC98   00000000
037CFC9C   00000000
037CFCA0   00004000
037CFCA4   004AF260  RETURN to xnview.004AF260 from <xnview>
037CFCA8   00000000
037CFCAC   014ED8D8
037CFCB0   0143BE00  ASCII "txt c c++ cc h cpp pas js css php ini"
037CFCB4   00000000
037CFCB8   01F7D8FC  ASCII "moeren15423.jpg"
037CFCBC   01F7D8EC  ASCII "  "
and here is current callstack

Code: Select all

entire stack of thread 00000EA8
Address    Stack      Procedure / arguments                 Called from                   Frame
037CFCA4   004AF260   <xnview>                      xnview.004AF25B               037CFCA0
037CFCA8   00000000     s1 = NULL
037CFCAC   014ED8D8     s2 = ""A8,"",0E,""
037CFDC8   00485D77   xnview.004AF140                       xnview.00485D72
037CFF84   005674DA   Includes xnview.00485D77              xnview.__wcslwr (00BE: 01)+8
the caller code from 4A25B is

Code: Select all

.text:004AF273                 jz      short loc_4AF2BE
.text:004AF275                 push    offset asc_6C23C4 ; " "
.text:004AF27A                 push    0               ; Str
the s2 must be an ' ', 0 (20,00,00,00) at 6C23C4 between 'sqllite_stat1',0 and 'SELECT idx, stat FROM %Q.sqlite_stat1',0
I dont know why it became an stack address before or after push as arguments in runtime.


this access occured in last subthreads.

Code: Select all

Threads
Ident      Entry      Data block   Last error                    Status      Priority   User time     System time
00000434   00568D57   7FFDE000     ERROR_SUCCESS (00000000)      Active       32 + 0       5.2343 s      1.8281 s
00000808   7C8217EC   7FFDD000     ERROR_INVALID_HANDLE (000000  Active       32 + 0       0.0000 s      0.0000 s
00000B38   7C8217EC   7FFDC000     ERROR_SUCCESS (00000000)      Active       32 + 0       0.0000 s      0.0000 s
00000EA8   7C8217EC   7FFDB000     ERROR_NOACCESS (000003E6)     Active       32 + 0       0.0000 s      0.0000 s
2nd Fails, code try to scan compare LPByte(NULL)[0] to LPByte(679838)[0] and sure failed on first REP.

Code: Select all

0040B040  /$  8B4424 04     MOV EAX, DWORD PTR [ESP+4]
0040B044  |.  53            PUSH EBX
0040B045  |.  56            PUSH ESI
0040B046  |.  57            PUSH EDI
0040B047  |.  85C0          TEST EAX, EAX
0040B049  |.  74 2A         JE SHORT 0040B075
0040B04B  |.  BA 06000000   MOV EDX, 6
0040B050  |>  8338 01       /CMP DWORD PTR [EAX], 1
0040B053  |.  75 19         |JNZ SHORT 0040B06E
0040B055  |.  3950 04       |CMP DWORD PTR [EAX+4], EDX
0040B058  |.  7C 14         |JL SHORT 0040B06E
0040B05A  |.  8B70 08       |MOV ESI, DWORD PTR [EAX+8]
0040B05D  |.  B9 03000000   |MOV ECX, 3
0040B062  |.  BF 38986700   |MOV EDI, 00679838                              ;  ASCII "Exif"
0040B067  |.  33DB          |XOR EBX, EBX
0040B069  |.  66:F3:A7      |REPE CMPS WORD PTR ES:[EDI], WORD PTR [ESI]


EAX 05FE1F00
ECX 00000003
EDX 00000006
EBX 00000000
ESP 0384FC38
EBP 0209E594 ASCII "  "
ESI 00000000
EDI 00679838 ASCII "Exif"
EIP 0040B069 xnview.0040B069
C 0  ES 0023 32bit 0(FFFFFFFF)
P 1  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 1  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDC000(4000)
T 0  GS 0000 NULL
D 0
O 0  LastErr 80000003
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)

Call stack of thread 00001560
Address    Stack      Procedure / arguments                 Called from                   Frame
0384FC44   0047F2CF   xnview.0040B040                       xnview.0047F2CA
0384FC88   00486255   xnview.0047F2C0                       xnview.00486250
0384FDB0   00485E2B   xnview.00486100                       xnview.00485E26
0384FF84   005674DA   Includes xnview.00485E2B              xnview.__wcslwr (00BE: 01)+8
here is call from 47F2CA to crashed routine

Code: Select all

.text:0047F2C0 ; int __cdecl sub_47F2C0(int,LPFILETIME lpFileTime,int)
.text:0047F2C0 sub_47F2C0      proc near               ; CODE XREF: sub_47F0A0+15Dp
.text:0047F2C0                                         ; sub_47FB00+1F7p ...
.text:0047F2C0
.text:0047F2C0 SystemTime      = SYSTEMTIME ptr -34h
.text:0047F2C0 var_24          = word ptr -24h
.text:0047F2C0 var_20          = word ptr -20h
.text:0047F2C0 var_1C          = word ptr -1Ch
.text:0047F2C0 var_18          = word ptr -18h
.text:0047F2C0 var_14          = dword ptr -14h
.text:0047F2C0 var_10          = dword ptr -10h
.text:0047F2C0 arg_0           = dword ptr  4
.text:0047F2C0 lpFileTime      = dword ptr  8
.text:0047F2C0 arg_8           = dword ptr  0Ch
.text:0047F2C0
.text:0047F2C0                 sub     esp, 34h
.text:0047F2C3                 push    esi
.text:0047F2C4                 mov     esi, [esp+38h+arg_8]
.text:0047F2C8                 push    edi
.text:0047F2C9                 push    esi
.text:0047F2CA                 call    sub_40B040
parent call from 486250

Code: Select all

.text:004861D5 ; ---------------------------------------------------------------------------
.text:004861D5
.text:004861D5 loc_4861D5:                             ; CODE XREF: sub_486100+B4j
.text:004861D5                                         ; sub_486100+C6j
.text:004861D5                 mov     al, byte_6FCB1C
.text:004861DA                 xor     edx, edx
.text:004861DC                 movsx   ecx, word_6FD2DE
.text:004861E3                 test    al, al
.text:004861E5                 movsx   eax, word_6FD2E0
.text:004861EC                 setz    dl
.text:004861EF                 mov     edi, [esp+118h+arg_8]
.text:004861F6                 push    0
.text:004861F8                 mov     esi, [esp+11Ch+arg_4]
.text:004861FF                 push    edx
.text:00486200                 movsx   edx, byte_6FCC0B
.text:00486207                 push    eax
.text:00486208                 mov     eax, [esp+124h+arg_18]
.text:0048620F                 push    ecx
.text:00486210                 mov     ecx, [esp+128h+arg_14]
.text:00486217                 push    edx
.text:00486218                 push    eax
.text:00486219                 push    ecx
.text:0048621A                 push    edi
.text:0048621B                 lea     edx, [esp+138h+MultiByteStr]
.text:0048621F                 push    esi
.text:00486220                 push    edx
.text:00486221                 call    sub_47E0C0
.text:00486226                 add     esp, 28h
.text:00486229                 mov     [esp+118h+var_108], eax
.text:0048622D                 test    ax, ax
.text:00486230                 jz      loc_486382
.text:00486236                 mov     eax, [esi+2Ch]
.text:00486239                 mov     ecx, [esp+118h+arg_C]
.text:00486240                 mov     [edi+11Ch], eax
.text:00486246                 push    eax             ; int
.text:00486247                 mov     eax, [esp+11Ch+lpFileTime]
.text:0048624E                 push    eax             ; lpFileTime
.text:0048624F                 push    ecx             ; int
.text:00486250                 call    sub_47F2C0

....
....

and the top call always from 5674D7

.text:005674A4 loc_5674A4:                             ; CODE XREF: sub_567451+4Ej
.text:005674A4                 push    esi             ; lpTlsValue
.text:005674A5                 push    dword_6DF570    ; dwTlsIndex
.text:005674AB                 call    ds:TlsSetValue
.text:005674B1                 test    eax, eax
.text:005674B3                 jnz     short loc_5674BD
.text:005674B5                 push    10h             ; NumberOfBytesWritten
.text:005674B7                 call    __amsg_exit
.text:005674BC                 pop     ecx
.text:005674BD
.text:005674BD loc_5674BD:                             ; CODE XREF: sub_567451+62j
.text:005674BD                 call    ds:GetCurrentThreadId
.text:005674C3                 mov     [esi], eax
.text:005674C5                 mov     eax, off_6DCF8C
.text:005674CA                 test    eax, eax
.text:005674CC                 jz      short loc_5674D0
.text:005674CE                 call    eax ; nullsub_7
.text:005674D0
.text:005674D0 loc_5674D0:                             ; CODE XREF: sub_567451+7Bj
.text:005674D0                 and     [ebp+var_4], 0
.text:005674D4                 push    dword ptr [esi+4Ch]
.text:005674D7                 call    dword ptr [esi+48h]
.text:005674DA                 push    eax             ; dwExitCode
.text:005674DB                 call    __endthreadex
.text:005674DB sub_567451      endp
3nd fail * 3 on click right button on picture before menu appeared, eax still present 1:

Code: Select all

if (ptr != null) {
    tmp = ptr - 1;
    byte al = LPByte(ptr-1)[0];

0040678F   .  85C0          TEST EAX, EAX
00406791   .  74 1D         JE SHORT 004067B0
00406793   .  8D48 FF       LEA ECX, DWORD PTR [EAX-1]
00406796   .  8A40 FF       MOV AL, BYTE PTR [EAX-1]

EAX 00000001 <= ptr
ECX 00000000
EDX 00000010
EBX 0141B63C
ESP 0012ED7C
EBP 0012EDA0
ESI 00000000
EDI 00000000
EIP 00406796 xnview.00406796

Call stack of main thread
Address    Stack      Procedure / arguments                 Called from                   Frame
0012EDA4   00405A5D   xnview.004066E0                       xnview.00405A58               0012EDA0
0012EDB8   00477B76   xnview.00405960                       xnview.00477B71
0012EE08   0047B8C5   xnview.004778F0                       xnview.0047B8C0
0012EE0C   0012EE48     Arg1 = 0012EE48
0012EE10   00000001     Arg2 = 00000001
0012EE14   00000000     Arg3 = 00000000
0012EE18   00000000     Arg4 = 00000000
0012EE1C   FFFFFFFF     Arg5 = FFFFFFFF
0012EE20   00465435   xnview.0047B890                       xnview.00465430
0012EF4C   004663AF   xnview.00465180                       xnview.004663AA
0012F588   0048475A   xnview.00466240                       xnview.00484755
0012F594   0049AA88   Includes xnview.0048475A              xnview.0049AA84               0012F71C
0012F5B4   0048816E   xnview.0049AA30                       xnview.00488169               0012F71C
0012F5CC   77E2B6E3   Includes xnview.0048816E              USER32.77E2B6E0               0012F71C
0012F5F8   77E2B874   ? USER32.77E2B6BB                     USER32.77E2B86F
0012F670   77E2C2D3   ? USER32.77E2B7D2                     USER32.77E2C2CE               0012F66C
0012F674   00000000     Arg1 = 00000000
0012F678   00488150     Arg2 = 00488150
0012F67C   00061BFC     Arg3 = 00061BFC
0012F680   0000004E     Arg4 = 0000004E
0012F684   000007D1     Arg5 = 000007D1
0012F688   0012F774     Arg6 = 0012F774
0012F68C   00B5EDF4     Arg7 = 00B5EDF4
0012F690   00000001     Arg8 = 00000001
0012F6AC   77E2C337   USER32.77E2C1F8                       USER32.77E2C332               0012F6A8
0012F6CC   77CEABA7   USER32.SendMessageW                   COMCTL32.77CEABA1             0012F6C8
0012F6D0   00061BFC     hWnd = 61BFC
0012F6D4   0000004E     Message = WM_NOTIFY
0012F6D8   000007D1     wParam = 7D1
0012F6DC   0012F774     lParam = 12F774
0012F764   77D14E2B   COMCTL32.77CEA45B                     COMCTL32.77D14E26             0012F760
0012F7A4   77D1D8C5   COMCTL32.77D14DE8                     COMCTL32.77D1D8C0             0012F7A0
0012F80C   77D1DDBE   COMCTL32.77D1D4F4                     COMCTL32.77D1DDB9             0012F808
0012F864   77D1FFCC   COMCTL32.77D1D943                     COMCTL32.77D1FFC7             0012F860
0012F888   77D2152B   COMCTL32.77D1FECD                     COMCTL32.77D21526             0012F884
0012F8AC   77D217B8   COMCTL32.77D214D7                     COMCTL32.77D217B3             0012F8A8
0012F92C   77D21B03   COMCTL32.77D21550                     COMCTL32.77D21AFE             0012F928
0012F930   00021BD8     Arg1 = 00021BD8
0012F934   00000000     Arg2 = 00000000
0012F938   000002E7     Arg3 = 000002E7
0012F93C   00000048     Arg4 = 00000048
0012F940   00000001     Arg5 = 00000001
0012F944   00000000     Arg6 = 00000000
0012F94C   77D22536   COMCTL32.77D21AE8                     COMCTL32.77D22531             0012F948
0012FABC   77E2B6E3   Includes COMCTL32.77D22536            USER32.77E2B6E0               0012FAB8
0012FAE8   77E2B874   ? USER32.77E2B6BB                     USER32.77E2B86F               0012FAE4
0012FB60   77E2BFCE   ? USER32.77E2B7D2                     USER32.77E2BFC9               0012FB5C
0012FB64   00000000     Arg1 = 00000000
0012FB68   77D21CDF     Arg2 = 77D21CDF
0012FB6C   00021BD8     Arg3 = 00021BD8
0012FB70   00000201     Arg4 = 00000201
0012FB74   00000001     Arg5 = 00000001
0012FB78   004802E7     Arg6 = 004802E7
0012FB7C   00000000     Arg7 = 00000000
0012FB80   00000000     Arg8 = 00000000
0012FB90   77E40463   ? USER32.77E2BF7D                     USER32.77E4045E               0012FB8C
0012FBB0   004622E1   ? USER32.CallWindowProcA              xnview.004622DB               0012FBAC
0012FBB4   FFFF141B     PrevProc = FFFF141B
0012FBB8   00021BD8     hWnd = 00021BD8 ('Icon List',class
0012FBBC   00000201     Message = WM_LBUTTONDOWN
0012FBC0   00000001     Keysage = MK_LBUTTON
0012FBC4   004802E7     X = 743. Y = 72.


00405A44  |.  E8 8DE51500   CALL <_atoi>
00405A49  |.  83C4 04       ADD ESP, 4
00405A4C  |>  57            PUSH EDI
00405A4D  |.  8BCE          MOV ECX, ESI
00405A4F  |.  895E 04       MOV DWORD PTR [ESI+4], EBX
00405A52  |.  895E 08       MOV DWORD PTR [ESI+8], EBX
00405A55  |.  895E 0C       MOV DWORD PTR [ESI+C], EBX
00405A58  |.  E8 830C0000   CALL 004066E0



00477B6A  |.  6A 01         PUSH 1
00477B6C  |.  8BD9          MOV EBX, ECX
00477B6E  |.  8BCE          MOV ECX, ESI
00477B70  |.  53            PUSH EBX
00477B71  |.  E8 EADDF8FF   CALL 00405960


0047B890  /$  8B4424 04     MOV EAX, DWORD PTR [ESP+4]
0047B894  |.  6A EB         PUSH -15                                        ; /Index = GWL_USERDATA
0047B896  |.  50            PUSH EAX                                        ; |hWnd
0047B897  |.  FF15 24976700 CALL NEAR DWORD PTR [<USER32>]  ; \GetWindowLongA
0047B89D  |.  85C0          TEST EAX, EAX
0047B89F  |.  74 24         JE SHORT 0047B8C5
0047B8A1  |.  8B4C24 18     MOV ECX, DWORD PTR [ESP+18]
0047B8A5  |.  8B5424 14     MOV EDX, DWORD PTR [ESP+14]
0047B8A9  |.  85C9          TEST ECX, ECX
0047B8AB  |.  0F94C1        SETE CL
0047B8AE  |.  85D2          TEST EDX, EDX
0047B8B0  |.  6A FF         PUSH -1                                         ; /Arg5 = FFFFFFFF
0047B8B2  |.  51            PUSH ECX                                        ; |Arg4
0047B8B3  |.  8B4C24 10     MOV ECX, DWORD PTR [ESP+10]                     ; |
0047B8B7  |.  6A 00         PUSH 0                                          ; |Arg3 = 00000000
0047B8B9  |.  0F95C2        SETNE DL                                        ; |
0047B8BC  |.  52            PUSH EDX                                        ; |Arg2 (1)
0047B8BD  |.  51            PUSH ECX                                        ; |Arg1 (0012EE48)
0047B8BE  |.  8BC8          MOV ECX, EAX                                    ; |
0047B8C0  |.  E8 2BC0FFFF   CALL 004778F0                                   ; \xnview.004778F0
0047B8C5  \>  C3            RETN


.text:0047B890 ; int __cdecl sub_47B890(HWND hWnd,LPCSTR Str2,int,int,int,int)
.text:0047B890 sub_47B890      proc near               ; CODE XREF: sub_465180:loc_465430p
.text:0047B890                                         ; sub_480A80+4Ep
.text:0047B890
.text:0047B890 hWnd            = dword ptr  4
.text:0047B890 Str2            = dword ptr  8
.text:0047B890 arg_10          = dword ptr  14h
.text:0047B890 arg_14          = dword ptr  18h
.text:0047B890
.text:0047B890                 mov     eax, [esp+hWnd]
.text:0047B894                 push    0FFFFFFEBh      ; nIndex
.text:0047B896                 push    eax             ; hWnd
.text:0047B897                 call    ds:GetWindowLongA
.text:0047B89D                 test    eax, eax
.text:0047B89F                 jz      short locret_47B8C5
.text:0047B8A1                 mov     ecx, [esp+arg_14]
.text:0047B8A5                 mov     edx, [esp+arg_10]
.text:0047B8A9                 test    ecx, ecx
.text:0047B8AB                 setz    cl
.text:0047B8AE                 test    edx, edx
.text:0047B8B0                 push    0FFFFFFFFh      ; uElapse
.text:0047B8B2                 push    ecx             ; char
.text:0047B8B3                 mov     ecx, [esp+8+Str2]
.text:0047B8B7                 push    0               ; int
.text:0047B8B9                 setnz   dl
.text:0047B8BC                 push    edx             ; int
.text:0047B8BD                 push    ecx             ; Str2
.text:0047B8BE                 mov     ecx, eax
.text:0047B8C0                 call    sub_4778F0
.text:0047B8C5
.text:0047B8C5 locret_47B8C5:                          ; CODE XREF: sub_47B890+Fj
.text:0047B8C5                 retn
.text:0047B8C5 sub_47B890      endp
.text:0047B8C5
fail4:
still comes from __wcslwr before __endthreadex.

Code: Select all

str1 == NULL.
for (i=0; i <len> |8B4424 3C     /MOV EAX, DWORD PTR [ESP+3C]
0040B9EE  |> \57             PUSH EDI
0040B9EF  |.  50            |PUSH EAX
0040B9F0  |.  E8 CB592200   |CALL 006313C0
0040B9F5  |.  8B5424 18     |MOV EDX, DWORD PTR [ESP+18]
0040B9F9  |.  57            |PUSH EDI
0040B9FA  |.  52            |PUSH EDX
0040B9FB  |.  8BD8          |MOV EBX, EAX
0040B9FD  |.  E8 BE592200   |CALL 006313C0
0040BA02  |.  8BE8          |MOV EBP, EAX
0040BA04  |.  8B4424 24     |MOV EAX, DWORD PTR [ESP+24]
0040BA08  |.  57            |PUSH EDI
0040BA09  |.  50            |PUSH EAX
0040BA0A  |.  E8 61C3FFFF   |CALL <_is_wctype>

Posted: Tue Nov 06, 2007 2:26 pm
by azsd
sorry I don't want make anymore reports in this bug reports subforum after you say "I have test it on dual core system and it no problem", but the application really did it.
I think it's better to point line number of source file if I have an detail mapfile generated at same link circle of public 1.91.6 release, or I can offer remote debuger server for proven my innocent. :|

Posted: Tue Nov 06, 2007 2:38 pm
by xnview
azsd wrote:sorry I don't want make anymore reports in this bug reports subforum after you say "I have test it on dual core system and it no problem", but the application really did it.
I think it's better to point line number of source file if I have an detail mapfile generated at same link circle of public 1.91.6 release, or I can offer remote debuger server for proven my innocent. :|
How to reproduce this crash?

Posted: Tue Nov 06, 2007 3:19 pm
by azsd
open xnview, click browse, and select my folder "moeren", drag scroller to end.
then I can do nothing but wait it hang in diffrent address.
when exception/access violation dialog popup up, I can still drag the scroller on right and the content can scroll as well.

here I attached an screenshot of crash.
Image

the folder contain 13188 pictures, mostly jpeg, some gif/png. If I wait the progress bar (thumb geration) run to end or press Esc to cancel geration before click any image, xnview.exe will live longer.

Posted: Wed Nov 07, 2007 9:55 am
by xnview
azsd wrote:open xnview, click browse, and select my folder "moeren", drag scroller to end.
then I can do nothing but wait it hang in diffrent address.
when exception/access violation dialog popup up, I can still drag the scroller on right and the content can scroll as well.
If you scroll to the end, xnview crash? Only that?

Posted: Wed Nov 07, 2007 11:43 am
by azsd
Hi pierre
thanks you reply,

I can reproduce the problem quickly by followed steps:
start xnview,
click browse to select an floder that havn't any image,
then use favorites tab to browse target folder,
scroll to end and click an image near end,
wait some seconds, xnview crash.

If I directly use browse to open target folder, or check "Launch browser at startup", it will take me more than 5 minuts to wait xnview get responable, sometimes may hang in half.

if I do not click any image, its will crash later more than 1 minutes.
the action "scroll to end" and "click an image before thunbm generate done" helps me reproduce the problem ealier.
lots of image in folder helps me make the thunmb generate slower 8) or I will have no chance to oprate after it refreshed done.

if xnview.exe havn't crash before all thunmb fetched, mostly I can view pictures onby in _that_ folder freely more than five minutes or upon to half hour, otherwise I will get access violate quickly.

sometimes it have access violate crash while I browse between lots folder have only handred pictures in it.
but mosttimes if I browse between more than one folder each have ten thousands images, It will hang without any suspect.

in past 1.91.3 tests I disabled muitli processor support in boot.ini (/NUMPROC=1), xnview runing much stable and only crash rarely.
but if I use PEEditor to make OS only assign a cpu for xnview 1.91.6 (No muliprocessor systems in characteristics), I can see only one cpu grabbed by xnview but it still crash as often as unchaged executeable.
1.91.3 looks can keep alive longer if I disable one cpu for xnview process in windows taskmanager.

I disabled xnview cache generation because It's unaccessable for my folder.
I also disabled "lanuch bwoser at startup" yesterday for that test.
1.82.4 never crashed at sametime I testing 1.91.x

I always using 1.91.x with crash -> launch -> crash circle because tree view in 1.82.4 takes me spend more than five minuts to get it unfreeze.

I have remote debuger server from visual studio 2008 installed on my working system, or I can offer msvcmon in vc 6.0 on alernative clean windows server 2008 installion on same box.
I can calculte source line number If I have an release version exe and corresponding map file.
can you please allow me to help the xnview?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited