Acrobat 6 Reader OLE Hosted by MfcEmbed Crashed in unloaded ADMPlugin

RESOLVED INCOMPLETE

Status

--
critical
RESOLVED INCOMPLETE
13 years ago
3 years ago

People

(Reporter: timeless, Unassigned)

Tracking

({crash})

x86
Windows XP
crash

Details

(Reporter)

Description

13 years ago
yes, i know, this really really isn't our bug. the fault is entirely in acrobat reader 6's application which was ole hosting for the acrobat 6 plugin which had loaded in mfcembed. that said, i'm chronicalling my experiences and would love for other vendors (adobe in this case) to be able to fix these crashes :).

the specific nature of this crash is that acrobat reader managed to leave a callback hook to ADMPlugin.apl with windows (probably in the form of a window) and then unloaded ADMPlugin.apl w/o clearing those hooks/windows. and then windows called the callback which was to code in the library that was unloaded. and well, acrobat crashed.

FAULTING_IP: 
ntdll!DbgBreakPoint+0
7c901230 cc               int     3

EXCEPTION_RECORD:  0012f870 -- (.exr 12f870)
.exr 12f870
ExceptionAddress: 040f8be0 (<Unloaded_ADMPlugin.apl>+0x000f8be0)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 040f8be0
Attempt to read from address 040f8be0

FAULTING_THREAD:  00002e04

BUGCHECK_STR:  80000003

DEFAULT_BUCKET_ID:  APPLICATION_FAULT

PROCESS_NAME:  AcroRd32.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

CONTEXT:  0012f88c -- (.cxr 12f88c)
.cxr 12f88c
eax=7fffe000 ebx=00000000 ecx=00000000 edx=7c90eb94 esi=040f8be0 edi=0012fbbc
eip=040f8be0 esp=0012fb58 ebp=0012fb80 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00050202
<Unloaded_ADMPlugin.apl>+0xf8be0:
040f8be0 ??               ???
.cxr
Resetting default scope

LAST_CONTROL_TRANSFER:  from 77d48734 to 040f8be0

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fb54 77d48734 000e14f4 0000036d 00000008 <Unloaded_ADMPlugin.apl>+0xf8be0
0012fb80 77d48816 040f8be0 000e14f4 0000036d USER32!InternalCallWinProc+0x28
0012fbe8 77d4c63f 00276860 040f8be0 000e14f4 USER32!UserCallWinProcCheckWow+0x150
0012fc18 77d4e905 ffff14e0 000e14f4 0000036d USER32!CallWindowProcAorW+0x98
0012fc38 0043c5a7 ffff14e0 000e14f4 0000036d USER32!CallWindowProcA+0x1b
0012fc88 77d48734 000e14f4 0000036d 00000008 AcroRd32+0x3c5a7
0012fcb4 77d48816 0043c0a0 000e14f4 0000036d USER32!InternalCallWinProc+0x28
0012fd1c 77d4b4c0 00276860 0043c0a0 000e14f4 USER32!UserCallWinProcCheckWow+0x150
0012fd70 77d4b50c 00f8c448 0000036d 00000008 USER32!DispatchClientMessage+0xa3
0012fd98 7c90eae3 0012fda8 00000018 00f8c448 USER32!__fnDWORD+0x24
0012fdbc 77d493e9 77d493a8 0012fe3c 01f90c28 ntdll!KiUserCallbackDispatcher+0x13
0012fde8 77d49402 0012fe3c 01f90c28 00000400 USER32!NtUserPeekMessage+0xc
0012fe14 77565df6 0012fe3c 01f90c28 00000400 USER32!PeekMessageW+0xbc
0012fe60 7751ad25 01f90c28 7751ab66 00243b00 ole32!PeekTillDone+0x5c
0012fe68 7751ab66 00243b00 00266ed8 7751ab0e ole32!OXIDEntry::WaitForApartmentShutdown+0x25
0012fe74 7751ab0e 00000001 774ffc77 00000080 ole32!OXIDEntry::StopServer+0x43
0012fe7c 774ffc77 00000080 00266ed8 0012feac ole32!CComApartment::StopServer+0x17
0012fe8c 774ffa2e 00000000 00000000 0012fedc ole32!ThreadStop+0x23
0012feac 774fefd9 00000000 00000000 00243b00 ole32!ApartmentUninitialize+0x2e
0012fec4 774fec40 0012fedc 00000000 0095a510 ole32!wCoUninitialize+0x41
0012fee0 00808455 00264a8c 0080846d 00000000 ole32!CoUninitialize+0x5b
00264a8c 00000000 00000000 00000000 00000000 AcroRd32+0x408455


FOLLOWUP_IP: 
ADMPlugin+f8be0
040f8be0 ??               ???

SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  ADMPlugin+f8be0

MODULE_NAME:  ADMPlugin

IMAGE_NAME:  ADMPlugin.apl

DEBUG_FLR_IMAGE_TIMESTAMP:  3f81996a

STACK_COMMAND:  .cxr 12f88c ; kb

FAILURE_BUCKET_ID:  80000003_ADMPlugin+f8be0

BUCKET_ID:  80000003_ADMPlugin+f8be0

Followup: MachineOwner
---------

Unloaded modules:
77b40000 77b62000   apphelp.dll
43800000 438f5000   PictureTasks.api
28000000 281e4000   PPKLite.api
44000000 4405f000   printme.api
28800000 28850000   reflow.api
32000000 32042000   SaveAsRTF.api
2a300000 2a334000   Search.api
2a000000 2a017000   Search5.api
2a800000 2a811000   SendMail.api
2d000000 2d054000   Soap.api
30800000 30842000   Updater.api
30900000 30916000   esdupdate.dll
2e000000 2e026000   weblink.api
43000000 43155000   XFA.api 
03000000 03024000   ExpressViews.apl
04000000 041a3000   ADMPlugin.apl

i have the full memory dump available on doppler if an adobe hacker wants to investigate it :).

Comment 1

10 years ago
timeless, OK to close?
Severity: normal → critical
(Reporter)

Comment 2

10 years ago
*shrug*. i don't use mfcembed often, i think i have seen similar style crashes from various plugins esp google and acrobat. however i don't really care. i was kinda hoping someone from adobe would have commented....
(Reporter)

Updated

9 years ago
Component: Plug-ins → PDF (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-reader
Version: Trunk → unspecified
(Reporter)

Updated

8 years ago
Version: unspecified → 6.x

Comment 3

8 years ago
(In reply to comment #2)
> *shrug*. i don't use mfcembed often, i think i have seen similar style crashes
> from various plugins esp google and acrobat. however i don't really care. i was
> kinda hoping someone from adobe would have commented....

seems unlikely given we're a couple versions past this.
please reopen if there is value.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
(Assignee)

Updated

3 years ago
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.