[Qemu-devel] qemu dsound and crash

[Qemu-devel] qemu dsound and crash

[ZIGLIO, Frediano, VF-IT]

I analyzed the dsound problem (using Windows dsound audio driver cause
crash when closing console window cf "Qemu impressions"). The problem is
very complicated. Is seems that for some reasons dsound dll is unloaded
before msvcrt (which hold atexit and exit function) so dsound free
memory then msvcrt calls at exit callbacks which try to access freed
structure... The problem occur on Windows XP and I got error using Qemu
downloaded at http://www.h7.dion.ne.jp/~qemu-win/ and compiling 0.8.1
from sources. dsound.dll is loaded calling CoCreateInstance in
audio/dsoundaudio.c (line 975) however is very strange this dll free
cause even dsound.dll depends on msvcrt.dll. Perhaps a workaround can be
to call SetConsoleCtrlHandler on main and calling exit by our own... I
noted that for some reason qemu.exe seems to load msvcrt.dll two
times...

This is a possible workaround

diff -ru qemu-0.8.1.orig/vl.c qemu-0.8.1/vl.c
--- qemu-0.8.1.orig/vl.c	Wed May  3 13:32:58 2006
+++ qemu-0.8.1/vl.c	Tue May 30 14:39:45 2006
@@ -5034,6 +5034,14 @@
 }
 #endif
 
+#ifdef _WIN32
+static BOOL WINAPI qemu_ctrl_handler(DWORD type)
+{
+    exit(1);
+    return TRUE;
+}
+#endif
+
 #define MAX_NET_CLIENTS 32
 
 int main(int argc, char **argv)
@@ -5726,6 +5734,9 @@
             vm_start();
         }
     }
+#ifdef _WIN32
+    SetConsoleCtrlHandler(qemu_ctrl_handler, TRUE);
+#endif
     main_loop();
     quit_timers();
     return 0;

freddy77

Re: [Qemu-devel] qemu dsound and crash

[Kazu]

ZIGLIO, Frediano wrote:

>I analyzed the dsound problem (using Windows dsound audio driver cause
>crash when closing console window cf "Qemu impressions"). The problem is
>very complicated. Is seems that for some reasons dsound dll is unloaded
>before msvcrt (which hold atexit and exit function) so dsound free
>memory then msvcrt calls at exit callbacks which try to access freed
>structure... The problem occur on Windows XP and I got error using Qemu
>downloaded at http://www.h7.dion.ne.jp/~qemu-win/ and compiling 0.8.1
>from sources. dsound.dll is loaded calling CoCreateInstance in
>audio/dsoundaudio.c (line 975) however is very strange this dll free
>cause even dsound.dll depends on msvcrt.dll. Perhaps a workaround can be
>to call SetConsoleCtrlHandler on main and calling exit by our own... I
>noted that for some reason qemu.exe seems to load msvcrt.dll two
>times...

Thanks for your info. I wondered what caused the problem. It seems that
optimization also have effect on the problem.

Regards,
Kazu

RE: [Qemu-devel] qemu dsound and crash

[ZIGLIO, Frediano, VF-IT]

> 
> ZIGLIO, Frediano wrote:
> 
> >I analyzed the dsound problem (using Windows dsound audio 
> driver cause
> >crash when closing console window cf "Qemu impressions"). 
> The problem is
> >very complicated. Is seems that for some reasons dsound dll 
> is unloaded
> >before msvcrt (which hold atexit and exit function) so dsound free
> >memory then msvcrt calls at exit callbacks which try to access freed
> >structure... The problem occur on Windows XP and I got error 
> using Qemu
> >downloaded at http://www.h7.dion.ne.jp/~qemu-win/ and compiling 0.8.1
> >from sources. dsound.dll is loaded calling CoCreateInstance in
> >audio/dsoundaudio.c (line 975) however is very strange this dll free
> >cause even dsound.dll depends on msvcrt.dll. Perhaps a 
> workaround can be
> >to call SetConsoleCtrlHandler on main and calling exit by 
> our own... I
> >noted that for some reason qemu.exe seems to load msvcrt.dll two
> >times...
> 
> Thanks for your info. I wondered what caused the problem. It 
> seems that
> optimization also have effect on the problem.
> 
> Regards,
> Kazu
> 

Thanks,
  at least I know someone read my mails :)

Well... how I discovered the cause
- launched qemu, closing with "X" crash
- I compiled qemu (without dsound support) and accidentally "X" works...
- after recompiling with dsound + fmod qemu crash with "X"
- now what cause the error

---------------------------
qemu.exe - Application Error
---------------------------
The instruction at "0x00438213" referenced memory at "0x0b112210". The
memory could not be "read". 
Click on OK to terminate the program
---------------------------
OK   
---------------------------
- 0x00438213 is in dsoundaudio.c (enabled mapfile on linker to discover
this)
- I added many printf and discovered that problem was dsound->Release()
- added others printf, Release is not called two times
- opened debugger and placed a break point on access of 0x0b112210
(after DSound creation)
- memory change in a HeapFree called from dsound.DllMain from
ntdll.LdrShutdownProcess from kernel32

What did I do next (today) ? I didn't understand why qemu.exe imports
msvcrt two times... I linked with --verbose flags and I noted that some
libraries are linked twice but removing these duplications have no
effects (as I expected). I noted that -lmsvcrt and -lmoldname are linked
together. This caused some problems in another project some time ago so
I decided to remove -lmoldname... after a lot of replacement in sources
(like open -> _open, read -> _read and so on) I got it linked with one
msvcrt import from qemu.exe, but this not solve initial problem... so
this is not the cause... I can confirm that my workaround works fine but
I'm unable to explain the dsound problem... why the hell should windows
free dsound before msvcrt?

freddy77