OK - I definitely appear to have caught it in the
act.
Here's the assembly for the loop that calls
WaitForRX():
511: if ( (DWORD)psThreadData
== 0x00000001)
02CD1B7B
cmp
esi,ebx
02CD1B7D
jne CommsRXThreadProc+45h
(02cd1b81)
512:
psThreadData->bTerminate = FALSE ;
02CD1B7F
mov dword ptr
[esi],edi
513:
dwNumBytes = WaitForRX(*psThreadData, sNotifyOverlapData);
02CD1B81
lea
eax,[sNotifyOverlapData]
02CD1B84
push eax
02CD1B85
push esi
02CD1B86
call WaitForRX
(02cd1bbb)
02CD1B8B
pop
ecx
It did NOT hit the breakpoint set at lines 511 /
512, so the pointer was still valid when it went into the call.
Here's
WaitForRX(), with the breakpoint I added and it triggered:
DWORD
WaitForRX(COMMS_RX_THREAD_DATA_S& rsThreadData, OVERLAPPED&
rsNotifyOverlapData)
{
BOOL bDone ;
COMSTAT sStatus ;
DWORD dwEvent, dwError, dwDummy, dwNumBytes
;
dwNumBytes = 0
; // Until we have definitely been
notified of something
// being received.
//
JDEBUG
if ( (DWORD)&rsThreadData ==
0x00000001)
dwDummy = 0
; <== Hit breakpoint
here
if
(!::WaitCommEvent(rsThreadData.hPortHandle,
&dwEvent,
&rsNotifyOverlapData)
)
{
As you can clearly
see, it got corrupted on entry to the call! Bearing in mind it will have gone
through this call hundreds of times successfully before it (apparently) suddenly
fails...
I can confirm that the only other place the structure is
referenced by the pointer passed to the comms thread is in ReceiveBytes(), which
doesn't get called until AFTER WaitForRX(), and there are checks to make sure
the pointer isn't going wrong after that - and it is not. The original structure
is not being used beyond when the thread is created and its address is initially
passed, and it is not going out of scope.
How is this
possible?
--
Jason Teagle
[EMAIL PROTECTED]
_______________________________________________ msvc mailing list [email protected] See http://beginthread.com/mailman/listinfo/msvc_beginthread.com for subscription changes, and list archive.
