2

I have the following call stack in one of my crash-dumps:

ChildEBP RetAddr  Args to Child              
1ac5f400 74e68ed7 1ac5feb4 1ac5f6d8 1ac5f420 mfc80u!ATL::CSimpleStringT<wchar_t,1>::GetString (FPO: [0,0,0]) (CONV: thiscall) [f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h @ 548]
1ac5fec0 6e8c818e 19850020 06b11c25 00000000 msvcr80!_NLG_Return (FPO: [Uses EBP] [3,0,4]) [F:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\eh\i386\lowhelpr.asm @ 73]
1ac5ff48 74e429bb 068be410 06b11cdd 00000000 mfc80u!_AfxThreadEntry+0xf2 (CONV: stdcall) [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp @ 109]
1ac5ff80 74e42a47 00000000 76833677 18f8c190 msvcr80!_callthreadstartex+0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
1ac5ff88 76833677 18f8c190 1ac5ffd4 77569f02 msvcr80!_threadstartex+0x66 (FPO: [1,0,4]) (CONV: stdcall) [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
1ac5ff94 77569f02 18f8c190 4f59c6d6 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
1ac5ffd4 77569ed5 74e429e1 18f8c190 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
1ac5ffec 00000000 74e429e1 18f8c190 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

Now, what seems clear from this call stack is that it was one of the threads in the application that is started with AfxBeginThread: hence the _AfxThreadEntry on the call stack. Looking at line 109 of thrdcore.cpp of my VS2005 installation folder, I can also see that this is the line where the thread procedure is invoked:

// C:\Program Files (x86)\Microsoft Visual Studio 8\VC\atlmfc\src\mfc\thrdcore.cpp
107 if (pThread->m_pfnThreadProc != NULL)
108 {
109     nResult = (*pThread->m_pfnThreadProc)(pThread->m_pThreadParams);
110     ASSERT_VALID(pThread);
111 }

Now this all looks good, but the above two lines don't make any sense to me -- OK, there was some form of crash in a string operation ... !analyze -voutputs:

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_mfc80u.dll!ATL::CSimpleStringT_wchar_t,1_::GetString

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_mfc80u!ATL::CSimpleStringT_wchar_t,1_::GetString+0

and this does seem rather fishy, as looking at this function it seems there can't be any access violation there.

Still knowing what msvcr80!_NLG_Return is might help me get closer to what the actual problem was ...?

Martin Ba
  • 37,187
  • 33
  • 183
  • 337

1 Answers1

2

This is an indication that you have an exception thrown from a destructor. Look it up with s-d esp l100000 1003f.

deemok
  • 2,735
  • 19
  • 11
  • What does searching for `0x1003F` mean? (It isn't anywhere on the call stack.) – Martin Ba Feb 22 '13 at 09:04
  • 1003f is a value of CONTEXT's ContextFlags (take a look inside winnt.h), if you're lucky you can dig out and use to switch thread context to the context of the exception. It is stored by the system when it's running exception handling code. So if you run the search, you might get lucky and find such exception context, switch to it (.cxr
    ) and see what exception is being thrown from destructor of which object.
     – deemok Feb 22 '13 at 16:48