Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why AddRef returns zero

I'm debugging C++/COM application, looking at how we AddRef and Release COM objects. I came around weird case when AddRef returns 0. Here is how I get the return value:

ULONG TraceAddRef(LPUNKNOWN pUnk, const std::string &a_msg) {
    ULONG count = pUnk->AddRef(); // count == 0 at some point after execution
    ATLTRACE("%s *** AddRef:  pUnk = 0x%p, referenceCount = %lu\n", a_msg.c_str(), pUnk, count);
    return count;
}

pUnk is actually IWebBrowser2 COM interface to a web control:

pUnk    0x20d763ac  IUnknown *
__vfptr 0x5d85b0d8  const CFrameWebOC::`vftable'{for `IWebBrowser2'}

I've looked into Disassembly (Debug build mode) for that line:

    ULONG count = pUnk->AddRef();
6515A52C  mov         eax,dword ptr [pUnk]  
6515A52F  mov         ecx,dword ptr [eax]  
6515A531  mov         esi,esp  
6515A533  mov         edx,dword ptr [pUnk]  
6515A536  push        edx  
6515A537  mov         eax,dword ptr [ecx+4]  
6515A53A  call        eax  
6515A53C  cmp         esi,esp  
6515A53E  call        _RTC_CheckEsp (65323F90h)  
6515A543  mov         dword ptr [count],eax

At that moment eax is 0 on the line 6515A543.

In the debugger when I go into the line 6515A53A, there it will show the following code:

    CFrameWebOC::AddRef:
5D707B6D  mov         edi,edi  
5D707B6F  push        ebp  
5D707B70  mov         ebp,esp  
5D707B72  push        edi  
5D707B73  mov         edi,dword ptr [ebp+8]  
5D707B76  inc         dword ptr [edi-18h]  
5D707B79  cmp         dword ptr [edi-18h],2  
5D707B7D  je          CFrameWebOC::AddRef+26h (5D707B93h)  
5D707B7F  test        dword ptr [edi-4],0FFFFFFFCh  
5D707B86  jne         5DF2DD04  
5D707B8C  xor         eax,eax  
5D707B8E  pop         edi  
5D707B8F  pop         ebp  
5D707B90  ret         4  
5D707B93  push        esi  
5D707B94  lea         esi,[edi-8]  
5D707B97  call        CTrackerHelper::SetAsRoot (5D85AD2Fh)  
5D707B9C  pop         esi  
5D707B9D  jmp         CFrameWebOC::AddRef+12h (5D707B7Fh)  
5D707B9F  nop  

On the line 5D707B76 the value dword ptr [edi-18h] seems to be a reference counter, the value of which is correct, non-zero before and after the inc command.

I know that the return value of AddRef is for debugging purposes only. AddRef returning 0 seems like a bug. Can this bug affect the behavior of COM objects I'm using, lifetime in particular?

If that helps I'm on Win7 64bit inside of VirtualBox, using MSVS 2010. The DLL AddRef is in: mshtml.dll

mshtml.dll  C:\Windows\SysWOW64\mshtml.dll  Symbols loaded (source information stripped).   C:\SYMBOLS\PUBLIC\mshtml.pdb\049E32F8F9F84F8EB494D8324AC1C3112\mshtml.pdb   104 10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)  10/24/2013 8:37 PM  5D380000-5E137000   [0x21DFC] MyApplication.exe: Native
like image 711
Sergey Avdeev Avatar asked Jun 29 '26 02:06

Sergey Avdeev


1 Answers

It does seem weird, but Alan's guess sound about right. Returning zero from AddRef should not affect anything inside COM because as you mention the value is used for debugging only.

like image 168
bara Avatar answered Jun 30 '26 14:06

bara



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!