Apache OpenOffice (AOO) Bugzilla – Issue 721
presentation module crash at start /win 98/ oo v. 625
Last modified: 2003-12-06 14:52:34 UTC
Below stack summary from dr. watson Command line: "C:\progs\opoffice\program\soffice.exe" private:factory/simpress Trap 0e 0000 - B³¹d niew³aœciwej strony eax=00a22efc ebx=00b12e78 ecx=00100000 edx=00a2000c esi=00a22efc edi=000eff7c eip=bff7a115 esp=0108fea0 ebp=0108fee0 -- -- -- nv up EI pl nz AC po nc cs=015f ss=0167 ds=0167 es=0167 fs=3527 gs=0000 KERNEL32.DLL:.text+0x1115: >015f:bff7a115 8b03 mov eax,dword ptr [ebx] sel type base lim/bot ---- ---- -------- -------- cs 015f r-x- 00000000 ffffffff ss 0167 rw-e 00000000 0000ffff ds 0167 rw-e 00000000 0000ffff es 0167 rw-e 00000000 0000ffff fs 3527 rw-- 81789f20 00000037 gs 0000 ---- stack base: 00f90000 TIB limits: 0108e000 - 01090000 -- exception record -- Exception Code: c0000005 (naruszenie dostêpu) Exception Address: bff7a115 (KERNEL32.DLL:.text+0x1115) Exception Info: 00000000 00b12e78 KERNEL32.DLL:.text+0x1115: >015f:bff7a115 8b03 mov eax,dword ptr [ebx] 015f:bff7a0f9 e83f010000 call bff7a23d = KERNEL32.DLL:.text+0x123d 015f:bff7a0fe c20800 retd 0008 015f:bff7a101 53 push ebx 015f:bff7a102 56 push esi 015f:bff7a103 8b742410 mov esi,dword ptr [esp+10] 015f:bff7a107 57 push edi 015f:bff7a108 8b7c2418 mov edi,dword ptr [esp+18] 015f:bff7a10c 55 push ebp 015f:bff7a10d b900001000 mov ecx,00100000 015f:bff7a112 8d1c3e lea ebx,[esi+edi] KERNEL32.DLL:.text+0x1115: *015f:bff7a115 8b03 mov eax,dword ptr [ebx] 015f:bff7a117 a801 test al,01 015f:bff7a119 7425 jz bff7a140 = KERNEL32.DLL:.text+0x1140 015f:bff7a11b 25fcffff0f and eax,0ffffffc 015f:bff7a120 8b5308 mov edx,dword ptr [ebx+08] 015f:bff7a123 03f8 add edi,eax 015f:bff7a125 8b4b04 mov ecx,dword ptr [ebx+04] 015f:bff7a128 895108 mov dword ptr [ecx+08],edx 015f:bff7a12b 8b5308 mov edx,dword ptr [ebx+08] 015f:bff7a12e 8b4304 mov eax,dword ptr [ebx+04] 015f:bff7a131 8d8b0b100000 lea ecx,[ebx+0000100b] -------------------- -- stack summary -- 0167:0108fee0 015f:bff7a115 KERNEL32.DLL:.text+0x1115 (00a20000,00a22e78,00000084,00000000, 81789f18,0108ff44,00000008,00000000) 0167:0108ff08 015f:bff7a541 KERNEL32.DLL:.text+0x1541 (00a20000,00000084,00000000,0108ff48, 65f2443b,00a20000,00000000,00000080) 0167:0108ff1c 015f:bff88d9b KERNEL32.DLL:.text+0xfd9b (00a20000,00000000,00000080,81789f18, 00000000,65f20f55,00d7c620,00000002) 0167:0108ff48 015f:65f2443b OLE32.DLL:.text+0x2343b (00000000,00000000,0108ff98,004022da, 00000000,00000000,7800265a,00d7c6a0) 0167:0108ff58 015f:65f20ec1 OLE32.DLL:.text+0x1fec1 (00000000,00000000,7800265a,00d7c6a0, 81789f18,8177b318,00000008,bffbfe14) 0167:0108ff98 015f:004022da SAL2.DLL:.text+0x12da (00d7c620,81789f18,8177b318,00000008, 00000007,0108ffa4,0108fcd0,ffffffff) 0167:0108ffcc 015f:bff88ef7 KERNEL32!ThreadStartup -- stack trace -- 0167:0108fee0 015f:bff7a115 KERNEL32.DLL:.text+0x1115 (00a20000,00a22e78,00000084,00000000, 81789f18,0108ff44,00000008,00000000) 015f:bff7a0f9 e83f010000 call bff7a23d = KERNEL32.DLL:.text+0x123d 015f:bff7a0fe c20800 retd 0008 015f:bff7a101 53 push ebx 015f:bff7a102 56 push esi 015f:bff7a103 8b742410 mov esi,dword ptr [esp+10] 015f:bff7a107 57 push edi 015f:bff7a108 8b7c2418 mov edi,dword ptr [esp+18] 015f:bff7a10c 55 push ebp 015f:bff7a10d b900001000 mov ecx,00100000 015f:bff7a112 8d1c3e lea ebx,[esi+edi] KERNEL32.DLL:.text+0x1115: *015f:bff7a115 8b03 mov eax,dword ptr [ebx] 015f:bff7a117 a801 test al,01 015f:bff7a119 7425 jz bff7a140 = KERNEL32.DLL:.text+0x1140 015f:bff7a11b 25fcffff0f and eax,0ffffffc 015f:bff7a120 8b5308 mov edx,dword ptr [ebx+08] 015f:bff7a123 03f8 add edi,eax 015f:bff7a125 8b4b04 mov ecx,dword ptr [ebx+04] 015f:bff7a128 895108 mov dword ptr [ecx+08],edx 015f:bff7a12b 8b5308 mov edx,dword ptr [ebx+08] 015f:bff7a12e 8b4304 mov eax,dword ptr [ebx+04] 015f:bff7a131 8d8b0b100000 lea ecx,[ebx+0000100b] -------------------- 0167:0108ff08 015f:bff7a541 KERNEL32.DLL:.text+0x1541 (00a20000,00000084,00000000,0108ff48, 65f2443b,00a20000,00000000,00000080) 015f:bff7a523 8b4604 mov eax,dword ptr [esi+04] 015f:bff7a526 8b4dfc mov ecx,dword ptr [ebp-04] 015f:bff7a529 894104 mov dword ptr [ecx+04],eax 015f:bff7a52c 894e04 mov dword ptr [esi+04],ecx 015f:bff7a52f e953ffffff jmp bff7a487 = KERNEL32.DLL:.text+0x1487 015f:bff7a534 ff7510 push dword ptr [ebp+10] 015f:bff7a537 ff750c push dword ptr [ebp+0c] 015f:bff7a53a 53 push ebx 015f:bff7a53b 56 push esi 015f:bff7a53c e8a6fdffff call bff7a2e7 = KERNEL32.DLL:.text+0x12e7 KERNEL32.DLL:.text+0x1541: *015f:bff7a541 89450c mov dword ptr [ebp+0c],eax 015f:bff7a544 85c0 test eax,eax 015f:bff7a546 7436 jz bff7a57e = KERNEL32.DLL:.text+0x157e 015f:bff7a548 ff7510 push dword ptr [ebp+10] 015f:bff7a54b 56 push esi 015f:bff7a54c 0d000000a0 or eax,a0000000 015f:bff7a551 8903 mov dword ptr [ebx],eax 015f:bff7a553 e888fbffff call bff7a0e0 = KERNEL32.DLL:.text+0x10e0 015f:bff7a558 8d4304 lea eax,[ebx+04] 015f:bff7a55b eb49 jmp bff7a5a6 = KERNEL32.DLL:.text+0x15a6 015f:bff7a55d 6a08 push +08 -------------------- 0167:0108ff1c 015f:bff88d9b KERNEL32.DLL:.text+0xfd9b (00a20000,00000000,00000080,81789f18, 00000000,65f20f55,00d7c620,00000002) 015f:bff88d7e 8b450c mov eax,dword ptr [ebp+0c] 015f:bff88d81 8b4d0c mov ecx,dword ptr [ebp+0c] 015f:bff88d84 83e008 and eax,+08 015f:bff88d87 83e104 and ecx,+04 015f:bff88d8a c1e003 shl eax,03 015f:bff88d8d 0bc1 or eax,ecx 015f:bff88d8f 50 push eax 015f:bff88d90 ff7510 push dword ptr [ebp+10] 015f:bff88d93 ff7508 push dword ptr [ebp+08] 015f:bff88d96 e8a016ffff call bff7a43b = KERNEL32.DLL:.text+0x143b KERNEL32.DLL:.text+0xfd9b: *015f:bff88d9b 5d pop ebp 015f:bff88d9c c20c00 retd 000c 015f:bff88d9f 56 push esi 015f:bff88da0 57 push edi 015f:bff88da1 8b74240c mov esi,dword ptr [esp+0c] 015f:bff88da5 8b7e38 mov edi,dword ptr [esi+38] 015f:bff88da8 8b4754 mov eax,dword ptr [edi+54] 015f:bff88dab 85c0 test eax,eax 015f:bff88dad 7453 jz bff88e02 = KERNEL32.DLL:.text+0xfe02 015f:bff88daf 8b4008 mov eax,dword ptr [eax+08] 015f:bff88db2 ff742410 push dword ptr [esp+10] -------------------- 0167:0108ff48 015f:65f2443b OLE32.DLL:.text+0x2343b (00000000,00000000,0108ff98,004022da, 00000000,00000000,7800265a,00d7c6a0) 015f:65f2441e f265ab ? rep stos dword ptr es:[edi],eax 015f:65f24421 7bf9 jnp 65f2441c = OLE32.DLL:.text+0x2341c 015f:65f24423 6556 ?push esi 015f:65f24425 a100f0fa65 mov eax,dword ptr [65faf000] 015f:65f2442a 57 push edi 015f:65f2442b 8bf1 mov esi,ecx 015f:65f2442d 6880000000 push 00000080 015f:65f24432 6a00 push +00 015f:65f24434 50 push eax 015f:65f24435 ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL! HeapAlloc OLE32.DLL:.text+0x2343b: *015f:65f2443b 8bf8 mov edi,eax 015f:65f2443d 8906 mov dword ptr [esi],eax 015f:65f2443f 85ff test edi,edi 015f:65f24441 0f846d3a0200 jz 65f47eb4 = OLE32.DLL:.text+0x46eb4 015f:65f24447 33c0 xor eax,eax 015f:65f24449 b920000000 mov ecx,00000020 015f:65f2444e f3ab rep stos dword ptr es:[edi],eax 015f:65f24450 8b06 mov eax,dword ptr [esi] 015f:65f24452 c7400401000000 mov dword ptr [eax+04],00000001 015f:65f24459 ff36 push dword ptr [esi] 015f:65f2445b ff3504f0fa65 push dword ptr [65faf004] -------------------- 0167:0108ff58 015f:65f20ec1 OLE32.DLL:.text+0x1fec1 (00000000,00000000,7800265a,00d7c6a0, 81789f18,8177b318,00000008,bffbfe14) 015f:65f20e99 55 push ebp 015f:65f20e9a b800000000 mov eax,00000000 015f:65f20e9f 833d08f0fa6500 cmp dword ptr [65faf008],+00 015f:65f20ea6 8bec mov ebp,esp 015f:65f20ea8 0f854c6e0200 jnz 65f47cfa = OLE32.DLL:.text+0x46cfa 015f:65f20eae 84c0 test al,al 015f:65f20eb0 0f85516e0200 jnz 65f47d07 = OLE32.DLL:.text+0x46d07 015f:65f20eb6 ff750c push dword ptr [ebp+0c] 015f:65f20eb9 ff7508 push dword ptr [ebp+08] 015f:65f20ebc e804000000 call 65f20ec5 = OLE32.DLL:.text+0x1fec5 OLE32.DLL:.text+0x1fec1: *015f:65f20ec1 5d pop ebp 015f:65f20ec2 c20800 retd 0008 015f:65f20ec5 55 push ebp 015f:65f20ec6 8bec mov ebp,esp 015f:65f20ec8 83ec08 sub esp,+08 015f:65f20ecb 56 push esi 015f:65f20ecc 8b750c mov esi,dword ptr [ebp+0c] 015f:65f20ecf 8bc6 mov eax,esi 015f:65f20ed1 83e00e and eax,+0e 015f:65f20ed4 3bc6 cmp eax,esi 015f:65f20ed6 0f85836e0200 jnz 65f47d5f = OLE32.DLL:.text+0x46d5f -------------------- 0167:0108ff98 015f:004022da SAL2.DLL:.text+0x12da (00d7c620,81789f18,8177b318,00000008, 00000007,0108ffa4,0108fcd0,ffffffff) 015f:004022c8 c3 retd 015f:004022c9 8bc6 mov eax,esi 015f:004022cb 5f pop edi 015f:004022cc 5e pop esi 015f:004022cd c3 retd 015f:004022ce 90 nop 015f:004022cf 90 nop 015f:004022d0 6a00 push +00 015f:004022d2 6a00 push +00 015f:004022d4 ff1534a54d00 call dword ptr [004da534] -> OLE32.DLL! CoInitializeEx SAL2.DLL:.text+0x12da: *015f:004022da 8b442404 mov eax,dword ptr [esp+04] 015f:004022de 8b4830 mov ecx,dword ptr [eax+30] 015f:004022e1 51 push ecx 015f:004022e2 ff502c call dword ptr [eax+2c] 015f:004022e5 83c404 add esp,+04 015f:004022e8 ff15c8c34100 call dword ptr [0041c3c8] -> OLE32.DLL! CoUninitialize 015f:004022ee 33c0 xor eax,eax 015f:004022f0 c20400 retd 0004 015f:004022f3 90 nop 015f:004022f4 90 nop 015f:004022f5 90 nop -------------------- 0167:0108ffcc 015f:bff88ef7 KERNEL32!ThreadStartup -- stack dump -- 0108fea0 0108fee0 -> 08 ff 08 01 41 a5 f7 bf 00 00 a2 00 78 2e a2 00 ....A.......x... 0108fea4 000eff7c 0108fea8 00000084 0108feac 00a22e78 -> 00 00 0f a0 0c 00 a2 00 3c 00 a2 00 2b 30 30 9d ........<...+00. 0108feb0 bff7a391 = KERNEL32.DLL:.text+0x1391 -------------------- 015f:bff7a376 2bfe sub edi,esi 015f:bff7a378 57 push edi 015f:bff7a379 894108 mov dword ptr [ecx+08],eax 015f:bff7a37c 8b5304 mov edx,dword ptr [ebx+04] 015f:bff7a37f 8b4308 mov eax,dword ptr [ebx+08] 015f:bff7a382 895004 mov dword ptr [eax+04],edx 015f:bff7a385 8d0433 lea eax,[ebx+esi] 015f:bff7a388 50 push eax 015f:bff7a389 ff7508 push dword ptr [ebp+08] 015f:bff7a38c e870fdffff call bff7a101 = KERNEL32.DLL:.text+0x1101 KERNEL32.DLL:.text+0x1391: *015f:bff7a391 eb36 jmp bff7a3c9 = KERNEL32.DLL:.text+0x13c9 015f:bff7a393 8b4d08 mov ecx,dword ptr [ebp+08] 015f:bff7a396 0fb64170 movzx eax,byte ptr [ecx+70] 015f:bff7a39a 0b45f4 or eax,dword ptr [ebp-0c] 015f:bff7a39d 50 push eax 015f:bff7a39e 8b45f8 mov eax,dword ptr [ebp-08] 015f:bff7a3a1 2b45fc sub eax,dword ptr [ebp-04] 015f:bff7a3a4 50 push eax 015f:bff7a3a5 ff75fc push dword ptr [ebp-04] 015f:bff7a3a8 e8f6feffff call bff7a2a3 = KERNEL32.DLL:.text+0x12a3 015f:bff7a3ad 85c0 test eax,eax -------------------- 0108feb4 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 0108feb8 00a22efc -> 31 00 00 00 05 d1 0f a0 0c 00 a2 00 3c 00 a2 00 1...........<... 0108febc 000eff7c 0108fec0 00000000 0108fec4 00a2000c -> 01 00 00 a0 74 2d a2 00 3c 00 a2 00 80 00 00 00 ....t- ..<....... 0108fec8 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 0108fecc 00a22e78 -> 00 00 0f a0 0c 00 a2 00 3c 00 a2 00 2b 30 30 9d ........<...+00. 0108fed0 00000000 ... 0108fed8 00000b12 0108fedc 00000a23 0108fee0 0108ff08 -> 1c ff 08 01 9b 8d f8 bf 00 00 a2 00 84 00 00 00 ................ 0108fee4 bff7a541 = KERNEL32.DLL:.text+0x1541 -------------------- 015f:bff7a523 8b4604 mov eax,dword ptr [esi+04] 015f:bff7a526 8b4dfc mov ecx,dword ptr [ebp-04] 015f:bff7a529 894104 mov dword ptr [ecx+04],eax 015f:bff7a52c 894e04 mov dword ptr [esi+04],ecx 015f:bff7a52f e953ffffff jmp bff7a487 = KERNEL32.DLL:.text+0x1487 015f:bff7a534 ff7510 push dword ptr [ebp+10] 015f:bff7a537 ff750c push dword ptr [ebp+0c] 015f:bff7a53a 53 push ebx 015f:bff7a53b 56 push esi 015f:bff7a53c e8a6fdffff call bff7a2e7 = KERNEL32.DLL:.text+0x12e7 KERNEL32.DLL:.text+0x1541: *015f:bff7a541 89450c mov dword ptr [ebp+0c],eax 015f:bff7a544 85c0 test eax,eax 015f:bff7a546 7436 jz bff7a57e = KERNEL32.DLL:.text+0x157e 015f:bff7a548 ff7510 push dword ptr [ebp+10] 015f:bff7a54b 56 push esi 015f:bff7a54c 0d000000a0 or eax,a0000000 015f:bff7a551 8903 mov dword ptr [ebx],eax 015f:bff7a553 e888fbffff call bff7a0e0 = KERNEL32.DLL:.text+0x10e0 015f:bff7a558 8d4304 lea eax,[ebx+04] 015f:bff7a55b eb49 jmp bff7a5a6 = KERNEL32.DLL:.text+0x15a6 015f:bff7a55d 6a08 push +08 -------------------- 0108fee8 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 0108feec 00a22e78 -> 00 00 0f a0 0c 00 a2 00 3c 00 a2 00 2b 30 30 9d ........<...+00. 0108fef0 00000084 0108fef4 00000000 0108fef8 81789f18 -> 07 00 01 00 60 92 7f c1 98 fc 08 01 00 00 09 01 ....`........... 0108fefc 0108ff44 -> 00 00 00 00 58 ff 08 01 c1 0e f2 65 00 00 00 00 ....X......e.... 0108ff00 00000008 0108ff04 00000000 0108ff08 0108ff1c -> 48 ff 08 01 3b 44 f2 65 00 00 a2 00 00 00 00 00 H...;D.e........ 0108ff0c bff88d9b = KERNEL32.DLL:.text+0xfd9b -------------------- 015f:bff88d7e 8b450c mov eax,dword ptr [ebp+0c] 015f:bff88d81 8b4d0c mov ecx,dword ptr [ebp+0c] 015f:bff88d84 83e008 and eax,+08 015f:bff88d87 83e104 and ecx,+04 015f:bff88d8a c1e003 shl eax,03 015f:bff88d8d 0bc1 or eax,ecx 015f:bff88d8f 50 push eax 015f:bff88d90 ff7510 push dword ptr [ebp+10] 015f:bff88d93 ff7508 push dword ptr [ebp+08] 015f:bff88d96 e8a016ffff call bff7a43b = KERNEL32.DLL:.text+0x143b KERNEL32.DLL:.text+0xfd9b: *015f:bff88d9b 5d pop ebp 015f:bff88d9c c20c00 retd 000c 015f:bff88d9f 56 push esi 015f:bff88da0 57 push edi 015f:bff88da1 8b74240c mov esi,dword ptr [esp+0c] 015f:bff88da5 8b7e38 mov edi,dword ptr [esi+38] 015f:bff88da8 8b4754 mov eax,dword ptr [edi+54] 015f:bff88dab 85c0 test eax,eax 015f:bff88dad 7453 jz bff88e02 = KERNEL32.DLL:.text+0xfe02 015f:bff88daf 8b4008 mov eax,dword ptr [eax+08] 015f:bff88db2 ff742410 push dword ptr [esp+10] -------------------- 0108ff10 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 0108ff14 00000084 0108ff18 00000000 0108ff1c 0108ff48 -> 58 ff 08 01 c1 0e f2 65 00 00 00 00 00 00 00 00 X......e........ 0108ff20 65f2443b = OLE32.DLL:.text+0x2343b -------------------- 015f:65f2441e f265ab ? rep stos dword ptr es:[edi],eax 015f:65f24421 7bf9 jnp 65f2441c = OLE32.DLL:.text+0x2341c 015f:65f24423 6556 ?push esi 015f:65f24425 a100f0fa65 mov eax,dword ptr [65faf000] 015f:65f2442a 57 push edi 015f:65f2442b 8bf1 mov esi,ecx 015f:65f2442d 6880000000 push 00000080 015f:65f24432 6a00 push +00 015f:65f24434 50 push eax 015f:65f24435 ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL! HeapAlloc OLE32.DLL:.text+0x2343b: *015f:65f2443b 8bf8 mov edi,eax 015f:65f2443d 8906 mov dword ptr [esi],eax 015f:65f2443f 85ff test edi,edi 015f:65f24441 0f846d3a0200 jz 65f47eb4 = OLE32.DLL:.text+0x46eb4 015f:65f24447 33c0 xor eax,eax 015f:65f24449 b920000000 mov ecx,00000020 015f:65f2444e f3ab rep stos dword ptr es:[edi],eax 015f:65f24450 8b06 mov eax,dword ptr [esi] 015f:65f24452 c7400401000000 mov dword ptr [eax+04],00000001 015f:65f24459 ff36 push dword ptr [esi] 015f:65f2445b ff3504f0fa65 push dword ptr [65faf004] -------------------- 0108ff24 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 0108ff28 00000000 0108ff2c 00000080 0108ff30 81789f18 -> 07 00 01 00 60 92 7f c1 98 fc 08 01 00 00 09 01 ....`........... 0108ff34 00000000 0108ff38 65f20f55 = OLE32.DLL:.text+0x1ff55 -------------------- 015f:65f20f3a 8908 mov dword ptr [eax],ecx 015f:65f20f3c 83f901 cmp ecx,+01 015f:65f20f3f b801000000 mov eax,00000001 015f:65f20f44 7411 jz 65f20f57 = OLE32.DLL:.text+0x1ff57 015f:65f20f46 5e pop esi 015f:65f20f47 8be5 mov esp,ebp 015f:65f20f49 5d pop ebp 015f:65f20f4a c20800 retd 0008 015f:65f20f4d 8d4dfc lea ecx,[ebp-04] 015f:65f20f50 e8cf340000 call 65f24424 = OLE32.DLL:.text+0x23424 OLE32.DLL:.text+0x1ff55: *015f:65f20f55 eba5 jmp 65f20efc = OLE32.DLL:.text+0x1fefc 015f:65f20f57 b9b02ffb65 mov ecx,65fb2fb0 015f:65f20f5c e89205feff call 65f014f3 = OLE32.DLL:.text+0x4f3 015f:65f20f61 56 push esi 015f:65f20f62 8d45fc lea eax,[ebp-04] 015f:65f20f65 50 push eax 015f:65f20f66 e809350000 call 65f24474 = OLE32.DLL:.text+0x23474 015f:65f20f6b 68b82ffb65 push 65fb2fb8 015f:65f20f70 8945f8 mov dword ptr [ebp-08],eax 015f:65f20f73 ff15f813f065 call dword ptr [65f013f8] -> KERNEL32.DLL! LeaveCriticalSection 015f:65f20f79 8b45f8 mov eax,dword ptr [ebp-08] -------------------- 0108ff3c 00d7c620 -> 93 e1 e9 ff ff ff ff ff 00 00 00 00 00 00 00 00 ................ 0108ff40 00000002 0108ff44 00000000 0108ff48 0108ff58 -> 98 ff 08 01 da 22 40 00 00 00 00 00 00 00 00 00 ....."@......... 0108ff4c 65f20ec1 = OLE32.DLL:.text+0x1fec1 -------------------- 015f:65f20e99 55 push ebp 015f:65f20e9a b800000000 mov eax,00000000 015f:65f20e9f 833d08f0fa6500 cmp dword ptr [65faf008],+00 015f:65f20ea6 8bec mov ebp,esp 015f:65f20ea8 0f854c6e0200 jnz 65f47cfa = OLE32.DLL:.text+0x46cfa 015f:65f20eae 84c0 test al,al 015f:65f20eb0 0f85516e0200 jnz 65f47d07 = OLE32.DLL:.text+0x46d07 015f:65f20eb6 ff750c push dword ptr [ebp+0c] 015f:65f20eb9 ff7508 push dword ptr [ebp+08] 015f:65f20ebc e804000000 call 65f20ec5 = OLE32.DLL:.text+0x1fec5 OLE32.DLL:.text+0x1fec1: *015f:65f20ec1 5d pop ebp 015f:65f20ec2 c20800 retd 0008 015f:65f20ec5 55 push ebp 015f:65f20ec6 8bec mov ebp,esp 015f:65f20ec8 83ec08 sub esp,+08 015f:65f20ecb 56 push esi 015f:65f20ecc 8b750c mov esi,dword ptr [ebp+0c] 015f:65f20ecf 8bc6 mov eax,esi 015f:65f20ed1 83e00e and eax,+0e 015f:65f20ed4 3bc6 cmp eax,esi 015f:65f20ed6 0f85836e0200 jnz 65f47d5f = OLE32.DLL:.text+0x46d5f -------------------- 0108ff50 00000000 ... 0108ff58 0108ff98 -> cc ff 08 01 f7 8e f8 bf 20 c6 d7 00 18 9f 78 81 ........ .....x. 0108ff5c 004022da = SAL2.DLL:.text+0x12da -------------------- 015f:004022c8 c3 retd 015f:004022c9 8bc6 mov eax,esi 015f:004022cb 5f pop edi 015f:004022cc 5e pop esi 015f:004022cd c3 retd 015f:004022ce 90 nop 015f:004022cf 90 nop 015f:004022d0 6a00 push +00 015f:004022d2 6a00 push +00 015f:004022d4 ff1534a54d00 call dword ptr [004da534] -> OLE32.DLL! CoInitializeEx SAL2.DLL:.text+0x12da: *015f:004022da 8b442404 mov eax,dword ptr [esp+04] 015f:004022de 8b4830 mov ecx,dword ptr [eax+30] 015f:004022e1 51 push ecx 015f:004022e2 ff502c call dword ptr [eax+2c] 015f:004022e5 83c404 add esp,+04 015f:004022e8 ff15c8c34100 call dword ptr [0041c3c8] -> OLE32.DLL! CoUninitialize 015f:004022ee 33c0 xor eax,eax 015f:004022f0 c20400 retd 0004 015f:004022f3 90 nop 015f:004022f4 90 nop 015f:004022f5 90 nop -------------------- 0108ff60 00000000 ... 0108ff68 7800265a = MSVCRT.DLL:.text+0x165a -------------------- 015f:78002637 0f8443990000 jz 7800bf80 = MSVCRT.DLL:.text+0xaf80 015f:7800263d ff1564e00278 call dword ptr [7802e064] -> KERNEL32.DLL! GetCurrentThreadId 015f:78002643 8906 mov dword ptr [esi],eax 015f:78002645 a138740378 mov eax,dword ptr [78037438] 015f:7800264a 85c0 test eax,eax 015f:7800264c 7402 jz 78002650 = MSVCRT.DLL:.text+0x1650 015f:7800264e ffd0 call eax 015f:78002650 8365fc00 and dword ptr [ebp-04],+00 015f:78002654 ff764c push dword ptr [esi+4c] 015f:78002657 ff5648 call dword ptr [esi+48] MSVCRT.DLL:.text+0x165a: *015f:7800265a e92e990000 jmp 7800bf8d = MSVCRT.DLL:.text+0xaf8d 015f:7800265f c3 retd 015f:78002660 a13c740378 mov eax,dword ptr [7803743c] 015f:78002665 85c0 test eax,eax 015f:78002667 7402 jz 7800266b = MSVCRT.DLL:.text+0x166b 015f:78002669 ffd0 call eax 015f:7800266b 56 push esi 015f:7800266c e820000000 call 78002691 = MSVCRT.DLL:.text+0x1691 015f:78002671 8bf0 mov esi,eax 015f:78002673 85f6 test esi,esi 015f:78002675 0f844f990000 jz 7800bfca = MSVCRT.DLL:.text+0xafca -------------------- 0108ff6c 00d7c6a0 -> 4c 00 00 00 93 e1 e9 ff 00 00 00 00 00 00 00 00 L............... 0108ff70 81789f18 -> 07 00 01 00 60 92 7f c1 98 fc 08 01 00 00 09 01 ....`........... 0108ff74 8177b318 -> 06 00 06 00 60 ce 62 c1 00 00 00 00 00 00 00 00 ....`.b......... 0108ff78 00000008 0108ff7c bffbfe14 = KERNEL32.DLL:.text+0x46e14 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 0108ff80 0108ff70 -> 18 9f 78 81 18 b3 77 81 08 00 00 00 14 fe fb bf ..x...w......... 0108ff84 ffffffff 0108ff88 0108ffbc -> ff ff ff ff 14 fe fb bf 50 90 f7 bf 00 00 00 00 ........P....... 0108ff8c 7800ef03 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 0108ff90 7802e2c8 = MSVCRT.DLL:.rdata+0x2c8 -> ff ff ff ff ab bf 00 78 bf bf 00 78 00 00 00 00 .......x...x.... 0108ff94 00000000 0108ff98 0108ffcc -> ec ff 08 01 66 69 f8 bf ff 25 00 78 20 c6 d7 00 ....fi...%.x ... 0108ff9c bff88ef7 = KERNEL32!ThreadStartup -------------------- 015f:bff88ed9 53 push ebx 015f:bff88eda 56 push esi 015f:bff88edb 57 push edi 015f:bff88edc 8965e8 mov dword ptr [ebp-18],esp 015f:bff88edf c745fc00000000 mov dword ptr [ebp-04],00000000 015f:bff88ee6 f6451090 test byte ptr [ebp+10],90 015f:bff88eea 7505 jnz bff88ef1 = KERNEL32.DLL:.text+0xfef1 015f:bff88eec e854edffff call bff87c45 = KERNEL32.DLL:.text+0xec45 015f:bff88ef1 ff750c push dword ptr [ebp+0c] 015f:bff88ef4 ff5508 call dword ptr [ebp+08] KERNEL32!ThreadStartup: *015f:bff88ef7 8945e4 mov dword ptr [ebp-1c],eax 015f:bff88efa eb1e jmp bff88f1a = KERNEL32.DLL:.text+0xff1a 015f:bff88efc ff75ec push dword ptr [ebp-14] 015f:bff88eff e8d8470100 call bff9d6dc = KERNEL32.DLL! UnhandledExceptionFilter 015f:bff88f04 c3 retd 015f:bff88f05 8b65e8 mov esp,dword ptr [ebp-18] 015f:bff88f08 a1dc9cfcbf mov eax,dword ptr [bffc9cdc] 015f:bff88f0d 8b00 mov eax,dword ptr [eax] 015f:bff88f0f 80482308 or byte ptr [eax+23],08 015f:bff88f13 6aff push -01 015f:bff88f15 e887420000 call bff8d1a1 = KERNEL32.DLL:.text+0x141a1 -------------------- 0108ffa0 00d7c620 -> 93 e1 e9 ff ff ff ff ff 00 00 00 00 00 00 00 00 ................ 0108ffa4 81789f18 -> 07 00 01 00 60 92 7f c1 98 fc 08 01 00 00 09 01 ....`........... 0108ffa8 8177b318 -> 06 00 06 00 60 ce 62 c1 00 00 00 00 00 00 00 00 ....`.b......... 0108ffac 00000008 0108ffb0 00000007 0108ffb4 0108ffa4 -> 18 9f 78 81 18 b3 77 81 08 00 00 00 07 00 00 00 ..x...w......... 0108ffb8 0108fcd0 -> a8 fd 08 01 c4 fd 08 01 fc fc 08 01 4d 68 f7 bf ............Mh.. 0108ffbc ffffffff 0108ffc0 bffbfe14 = KERNEL32.DLL:.text+0x46e14 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 0108ffc4 bff79050 = KERNEL32.DLL:.text+0x50 -> ff ff ff ff fc 8e f8 bf 05 8f f8 bf 00 00 00 00 ................ 0108ffc8 00000000 0108ffcc 0108ffec -> 00 00 00 00 63 68 f8 bf ff 25 00 78 20 c6 d7 00 ....ch...%.x ... 0108ffd0 bff86966 = KERNEL32.DLL:.text+0xd966 -------------------- 015f:bff86941 6800060000 push 00000600 015f:bff86946 e8b3abffff call bff814fe = KERNEL32.DLL:.text+0x84fe 015f:bff8694b ff7510 push dword ptr [ebp+10] 015f:bff8694e ff750c push dword ptr [ebp+0c] 015f:bff86951 ff7508 push dword ptr [ebp+08] 015f:bff86954 f6451001 test byte ptr [ebp+10],01 015f:bff86958 7407 jz bff86961 = KERNEL32.DLL:.text+0xd961 015f:bff8695a e839340000 call bff89d98 = KERNEL32.DLL:.text+0x10d98 015f:bff8695f eb05 jmp bff86966 = KERNEL32.DLL:.text+0xd966 015f:bff86961 e853250000 call bff88eb9 = KERNEL32.DLL:.text+0xfeb9 KERNEL32.DLL:.text+0xd966: *015f:bff86966 50 push eax 015f:bff86967 e873350000 call bff89edf = KERNEL32.DLL!ExitThread 015f:bff8696c 5f pop edi 015f:bff8696d 5e pop esi 015f:bff8696e 5b pop ebx 015f:bff8696f 5d pop ebp 015f:bff86970 c20c00 retd 000c 015f:bff86973 56 push esi 015f:bff86974 57 push edi 015f:bff86975 8b7c240c mov edi,dword ptr [esp+0c] 015f:bff86979 8b7738 mov esi,dword ptr [edi+38] -------------------- 0108ffd4 780025ff = MSVCRT.DLL:.text+0x15ff -------------------- 015f:780025e2 68ff250078 push 780025ff 015f:780025e7 ff750c push dword ptr [ebp+0c] 015f:780025ea ff7508 push dword ptr [ebp+08] 015f:780025ed ff1554e00278 call dword ptr [7802e054] -> KERNEL32.DLL! CreateThread 015f:780025f3 85c0 test eax,eax 015f:780025f5 0f8464990000 jz 7800bf5f = MSVCRT.DLL:.text+0xaf5f 015f:780025fb 5f pop edi 015f:780025fc 5e pop esi 015f:780025fd 5d pop ebp 015f:780025fe c3 retd MSVCRT.DLL:.text+0x15ff: *015f:780025ff 55 push ebp 015f:78002600 8bec mov ebp,esp 015f:78002602 6aff push -01 015f:78002604 68c8e20278 push 7802e2c8 015f:78002609 6803ef0078 push 7800ef03 015f:7800260e 64a100000000 mov eax,dword ptr fs:[00000000] 015f:78002614 50 push eax 015f:78002615 64892500000000 mov dword ptr fs:[00000000],esp 015f:7800261c 83ec0c sub esp,+0c 015f:7800261f 53 push ebx 015f:78002620 56 push esi -------------------- 0108ffd8 00d7c620 -> 93 e1 e9 ff ff ff ff ff 00 00 00 00 00 00 00 00 ................ 0108ffdc 00000048 0108ffe0 00000000 ... 0108fff0 bff86863 = KERNEL32.DLL:.text+0xd863 -------------------- 015f:bff8684c 56 push esi 015f:bff8684d e8c0a60000 call bff90f12 = KERNEL32.DLL:.text+0x17f12 015f:bff86852 ff8610020000 inc dword ptr [esi+00000210] 015f:bff86858 8bc6 mov eax,esi 015f:bff8685a 5f pop edi 015f:bff8685b 5e pop esi 015f:bff8685c 5b pop ebx 015f:bff8685d 8be5 mov esp,ebp 015f:bff8685f 5d pop ebp 015f:bff86860 c21400 retd 0014 KERNEL32.DLL:.text+0xd863: *015f:bff86863 55 push ebp 015f:bff86864 a1d89cfcbf mov eax,dword ptr [bffc9cd8] 015f:bff86869 8bec mov ebp,esp 015f:bff8686b 8b0ddc9cfcbf mov ecx,dword ptr [bffc9cdc] 015f:bff86871 53 push ebx 015f:bff86872 56 push esi 015f:bff86873 57 push edi 015f:bff86874 8b31 mov esi,dword ptr [ecx] 015f:bff86876 f6451010 test byte ptr [ebp+10],10 015f:bff8687a 8b38 mov edi,dword ptr [eax] 015f:bff8687c 740a jz bff86888 = KERNEL32.DLL:.text+0xd888 -------------------- 0108fff4 780025ff = MSVCRT.DLL:.text+0x15ff -------------------- 015f:780025e2 68ff250078 push 780025ff 015f:780025e7 ff750c push dword ptr [ebp+0c] 015f:780025ea ff7508 push dword ptr [ebp+08] 015f:780025ed ff1554e00278 call dword ptr [7802e054] -> KERNEL32.DLL! CreateThread 015f:780025f3 85c0 test eax,eax 015f:780025f5 0f8464990000 jz 7800bf5f = MSVCRT.DLL:.text+0xaf5f 015f:780025fb 5f pop edi 015f:780025fc 5e pop esi 015f:780025fd 5d pop ebp 015f:780025fe c3 retd MSVCRT.DLL:.text+0x15ff: *015f:780025ff 55 push ebp 015f:78002600 8bec mov ebp,esp 015f:78002602 6aff push -01 015f:78002604 68c8e20278 push 7802e2c8 015f:78002609 6803ef0078 push 7800ef03 015f:7800260e 64a100000000 mov eax,dword ptr fs:[00000000] 015f:78002614 50 push eax 015f:78002615 64892500000000 mov dword ptr fs:[00000000],esp 015f:7800261c 83ec0c sub esp,+0c 015f:7800261f 53 push ebx 015f:78002620 56 push esi -------------------- 0108fff8 00d7c620 -> 93 e1 e9 ff ff ff ff ff 00 00 00 00 00 00 00 00 ................ 0108fffc 00000048
This crash is reproducable also in a 627c. -> DL: Please have a look at Bugtracker-ID 87979. The crash occures at starting via Start-menu. If i.e. a Writer is still open, you can open a presentation via File/New without crash.
*** Issue 856 has been marked as a duplicate of this issue. ***
*** Issue 978 has been marked as a duplicate of this issue. ***
*** Issue 926 has been marked as a duplicate of this issue. ***
*** Issue 616 has been marked as a duplicate of this issue. ***
Dieter: It seems to be the same as the one you've fixed.
Dieter: Reassigned
Seems to be the same problem as BugID #87973#
A memory overwriter in CommandLineToArgvW in sal/systools.
Resolved a long time ago, simply forgot to close this one.