Hello, I am writing on behalf of our software development group at Bio-Rad Laboratories. We discovered a crash in our software on a Japanese system that appears to point at a problem inside SVN code. Details are as follows:
Our software (Bio-Rad KnowItAll 9.5) uses the standard File Open dialog box to import files into the software. On one Japanese system, there is a crash almost every time a user invokes the file open dialog box. The Windows event log (exception code 0xc0000374) indicates a heap corruption, and the crash dump that you can find below also points to the file open dialog box (location 0x4ec49b60 inside NT.dll). We did a thorough review of all relevant code in our software and could not find any problem. Then we noticed that Tortoise SVN (latest version) was installed on that particular system. Uninstalling it fixed the problem. Among other modules, the Windows shell code also loads some SVN DLLs if it is installed every time the file open dialog box is invoked. This is why we believe that the SVN code that is executed as part of the standard Windows File Open dialog box is responsible for the heap corruption. Unfortunately we were not able to identify a particular reason why the problem only showed up on this Japanese system. We have been using SVN for a long period of time, and we have never seen any crash problems. We assume that a specific file on the Japanese system causes a heap corruption (buffer overrun?) within the SVN code. Although we are unfortunately not able to tell you specific steps to reproduce the problem, we thought that it would be worth reporting the issue to you. There is a possibility that Japanese characters in a file name or some other processing of Japanese characters cause a problem. Please feel free to contact me any time in case you need more information. Thank you. With kind regards, Karl Nedwed Senior Chemistry Software Engineer Bio-Rad Laboratories, Inc. Informatics Division Radegunderstr. 108 C 8045 Graz Austria Phone/Fax: +43 316 695592 Email: karl_ned...@inode.at Web: http://www.informatics.bio-rad.com _____________________________ The information contained in this transmission may be privileged and confidential and is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _____________________________ ntdll.dll!_KiFastSystemCallRet@0() user32.dll!_NtUserWaitMessage@0() + 0xc bytes user32.dll!_DialogBox2@16() + 0xe8 bytes user32.dll!_InternalDialogBox@24() + 0xb2 bytes user32.dll!_DialogBoxIndirectParamAorW@24() + 0x36 bytes user32.dll!_DialogBoxIndirectParamW@20() + 0x1b bytes comdlg32.dll!CFileOpenSave::Show() + 0x146 bytes comdlg32.dll!_InvokeNewFileOpenSave() + 0xab bytes comdlg32.dll!_CreateNewFileOpenSaveInProc() + 0xae bytes comdlg32.dll!NewGetFileName() + 0x121 bytes comdlg32.dll!_NewGetOpenFileName@4() + 0xf bytes comdlg32.dll!_GetFileName@8() + 0xcd bytes comdlg32.dll!_GetOpenFileNameW@4() + 0x6a bytes > mfc100u.dll!CCommDlgWrapper::_GetOpenFileNameW(tagOFNW * unnamed1) Line 362 + > 0x67 bytes C++ mfc100u.dll!CFileDialog::DoModal() Line 753 C++ BRDataIO.dll!CBRIOCenter::DisplayDlgAndImportMultipleFiles(IBRDataImportEvents * pEvents, unsigned int dataMask, unsigned int dataSubMask, unsigned int flags, HWND__ * hWndParent, unsigned int dataMaskPrimary) Line 1383 + 0xb bytes C++ RefineIt.dll!CSpectrumHolderWnd::LoadDataSet(bool openNewDoc) Line 96 + 0x43 bytes C++ RefineIt.dll!CProcessItFrameWnd::OnFileOpen() Line 510 + 0x10 bytes C++ mfc100u.dll!_AfxDispatchCmdMsg(CCmdTarget * pTarget, unsigned int nID, int nCode, void (void)* pfn, void * pExtra, unsigned int nSig, AFX_CMDHANDLERINFO * pHandlerInfo) Line 82 C++ mfc100u.dll!CCmdTarget::OnCmdMsg(unsigned int nID, int nCode, void * pExtra, AFX_CMDHANDLERINFO * pHandlerInfo) Line 381 + 0x16 bytes C++ mfc100u.dll!CFrameWnd::OnCmdMsg(unsigned int nID, int nCode, void * pExtra, AFX_CMDHANDLERINFO * pHandlerInfo) Line 973 + 0x13 bytes C++ RefineIt.dll!CProcessItFrameWnd::OnCmdMsg(unsigned int nID, int nCode, void * pExtra, AFX_CMDHANDLERINFO * pHandlerInfo) Line 1738 + 0x11 bytes C++ mfc100u.dll!CWnd::OnCommand(unsigned int wParam, long lParam) Line 2675 + 0xd bytes C++ mfc100u.dll!CFrameWnd::OnCommand(unsigned int wParam, long lParam) Line 370 + 0xd bytes C++ mfc100u.dll!CWnd::OnWndMsg(unsigned int message, unsigned int wParam, long lParam, long * pResult) Line 2081 + 0x10 bytes C++ RefineIt.dll!CBRFrameWnd::OnWndMsg(unsigned int message, unsigned int wParam, long lParam, long * pResult) Line 410 + 0x13 bytes C++ mfc100u.dll!CWnd::WindowProc(unsigned int message, unsigned int wParam, long lParam) Line 2067 + 0x17 bytes C++ mfc100u.dll!AfxCallWndProc(CWnd * pWnd, HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 248 + 0x11 bytes C++ mfc100u.dll!AfxWndProc(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 410 + 0x10 bytes C++ RefineIt.dll!AfxWndProcDllStatic(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 54 + 0x15 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb3 bytes user32.dll!_SendMessageWorker@20() + 0xee bytes user32.dll!_SendMessageW@16() + 0x49 bytes comctl32.dll!_TBOnLButtonUp@20() + 0x131 bytes comctl32.dll!_ToolbarWndProc@16() + 0x2f64 bytes user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb3 bytes user32.dll!_CallWindowProcAorW@24() + 0x51 bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes mfc100u.dll!CWnd::DefWindowProcW(unsigned int nMsg, unsigned int wParam, long lParam) Line 1075 + 0x13 bytes C++ mfc100u.dll!CWnd::WindowProc(unsigned int message, unsigned int wParam, long lParam) Line 2068 + 0x13 bytes C++ mfc100u.dll!CControlBar::WindowProc(unsigned int nMsg, unsigned int wParam, long lParam) Line 506 + 0xc bytes C++ mfc100u.dll!AfxCallWndProc(CWnd * pWnd, HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 248 + 0x11 bytes C++ mfc100u.dll!AfxWndProc(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 410 + 0x10 bytes C++ RefineIt.dll!AfxWndProcDllStatic(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 54 + 0x15 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb3 bytes user32.dll!_DispatchMessageWorker@8() + 0xe6 bytes user32.dll!_DispatchMessageW@4() + 0xf bytes user32.dll!_IsDialogMessageW@8() + 0xe7 bytes mfc100u.dll!CWnd::IsDialogMessageW(tagMSG * lpMsg) Line 197 + 0xc bytes C++ mfc100u.dll!CWnd::PreTranslateInput(tagMSG * lpMsg) Line 4659 + 0x6 bytes C++ mfc100u.dll!CControlBar::PreTranslateMessage(tagMSG * pMsg) Line 445 + 0x8 bytes C++ mfc100u.dll!CWnd::WalkPreTranslateTree(HWND__ * hWndStop, tagMSG * pMsg) Line 3258 + 0xb bytes C++ mfc100u.dll!AfxInternalPreTranslateMessage(tagMSG * pMsg) Line 233 + 0xe bytes C++ mfc100u.dll!CWinThread::PreTranslateMessage(tagMSG * pMsg) Line 777 + 0x8 bytes C++ RefineIt.dll!BRPlugInImpl<CMainObject,CRefineItIRFrameWnd>::FilterDllMsg(tagMSG * lpMsg) Line 303 + 0xa bytes C++ KnowItAll.exe!CKnowItAllApp::PreTranslateMessage(tagMSG * pMsg) Line 1311 + 0x11 bytes C++ mfc100u.dll!AfxPreTranslateMessage(tagMSG * pMsg) Line 255 C++ mfc100u.dll!AfxInternalPumpMessage() Line 178 + 0xf bytes C++ mfc100u.dll!CWinThread::Run() Line 629 + 0x7 bytes C++ mfc100u.dll!AfxWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpCmdLine, int nCmdShow) Line 47 + 0x7 bytes C++ KnowItAll.exe!__tmainCRTStartup() Line 547 + 0x1c bytes C kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes
