MSXML Crashing w/ invalid XML
Devon
Hey folks--
Hopefully someone here has some insight into my problem with MSXML. Here's
the short story:
From within the X86 Emulator and eVC++ 4.2 w/ sp3, I am using the MSXML
parser to parse some XML. This seems to work fine as long as the XML I'm
passing it is valid. As soon as I do some negative testing (by passing the
parser the string "hello", for example) it crashes with TLSKERN_NOFAULT.
Here's the longer story (some may be unnecessary, but I'm relatively new at
this, and so I don't want to leave something important out):
1) Using PB 4.2 I created a 'custom platform' and configured and built an
SDK that contains both an X86 configuration and an X86
emulator.
2) I then installed this 'custom platform' SDK onto my VC++ machine (just
FYI, I'm using two separate development machines; one running PB and the
other running eVC++).
3) I created a simple 'console application' and attempt to run the following
code snippet in my 'Custom Platform' emulator:
...
// initialize COM
HRESULT hr = CoInitializeEx(0, 0);
// Create an empty XML document
hr = CoCreateInstance(MSXML::CLSID_DOMDocument, NULL,
CLSCTX_INPROC_SERVER,
MSXML::IID_IXMLDOMDocument, (void**)&m_doc);
VARIANT_BOOL success; // aka a 'short'. Interestingly, '-1' is 'TRUE' for
this.
BSTR content = MyCreateABstrFromCstr("<x>hello</x>");
hr = m_doc->loadXML(content, &success);
SysFreeString(content);
...
(during the above, 'msxml3.dll' is loaded)
The above code works fine, but if I replace the string "<x>hello</x>" with
just "hello", the thread crashes with:
Exception ffffffff Thread =83ef2d6c Proc=83ccffd2 'Test.exe'
AKY=00000401 PC=03f85ece ESP=1603f660 EA=00105490
TLSKERN_NOFAULT set...bypassing kernal debugger
First-chance exception in Test.exe: 0xE0000001: (no name)
I would expect the MSXML parser to handle "bad" XML without crashing...so
I'm a bit confused at this point.
Anyone have any ideas?
Thanks!
--Devon
![John Spaith [MS]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
John Spaith [MS]
http://www.pocketpcdn.com/articles/xmlfaq.html.
Is this actually crashing your thread or were you just looking at the
debugout and assuming there was a problem? Do you need to put a try/except
around the call to MSXML to catch this exception? This definitely should
not be. Please let me know.
--
John Spaith
Software Design Engineer, Windows CE
Microsoft Corporation
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Let
us know!
https://www.windowsembeddedeval.com/community/newsgroups
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2003 Microsoft Corporation. All rights
reserved.
"Devon" <ke...@cox.net> wrote in message
news:%23FFOeWR...@TK2MSFTNGP11.phx.gbl...
Devon
Thanks for your interest in my issue.
I looked at the link you sent, and I recognize the DebugOut strings, with
the exception of the "TLSKERN_NOFAULT" line...
It appears to be hanging my thread. The call to m_doc->loadXML() never
returns, so I'm assuming that it's crashing. I've used the desktop version
of the MSXML parser quite a bit before, but I haven't seen this before.
I tried putting try/*catch* around the problem call, and manually adding the
necessary /GX parameter to the "Settings/C++/General Category/Project
options" dialog box, but that didn't catch any exception...should I try the
try/except?
Not that I think it should matter, (but i've been wrong before) the MSXML
code (below) is in a static library to the main .exe. And I also added the
/GX command to the main.exe's Settings dialog as well. (and there are other
static libs being linked in, where I didn't set the /GX parameter.)
Thanks!
--Devon
"John Spaith [MS]" <jsp...@ONLINE.microsoft.com> wrote in message
news:uV8ZAxba...@TK2MSFTNGP12.phx.gbl...
Davide Sanna
same thing happened to me.
Same environment configuration.
I was thinking about some loop
inside MSXML load() function, maybe
some code that can't find
start-end tags or something like this,
I didn't think about a crash, but, ok
it is.
I guess CoInitialize(0,0) in Devon's code is equal to
::CoInitializeEx(NULL,COINIT_MULTITHREADED)
that I think I've seen in xml examples.
Please let me know if I'm wrong or if this is really
not important.
Actually, I don't know if I have to write some
code to validate XML syntax in order to
prevent this problem. Please let me know.
Later,
Davide
John Spaith [MS]
RaiseExecption try/except and has no dependency on C++.
Since someone else has recently started having problems with this and it's
only 4.2, I'm wondering if some QFE in another area is causing this to go
wrong. We would never ship MSXML knowingly if it had a bug like this and
4.2 has been out a long time and I've never heard anything about this until
out of the blue 2 people start seeing problems. Obviously it's too early
for me to say anything definitively yet, but I'm very curious.
Could you try compiling this code on your platform and seeing what happens.
It tries to simulate how MSXML raises an exception when garbage XML is
encourtered. It's possible that the repro of what you're seeing requires
more than this test (or it could be in MSXML all along and not in
exceptions), but if you could let me know if this runs to completion that
would be helpful. You may have to set WINCEOEM=1 either in a project file
or before windows.h #include in order to get this to compile.
Davide - could you try this out too and let me know.
Thanks.
<<<
#include <windows.h>
#include <stdio.h>
void CallBar2() {
UTlsPtr()[TLSSLOT_KERNEL] |= TLSKERN_NOFAULT;
RaiseException(0xE0000001, 0, 0, 0);
}
void CallBar() { CallBar2(); }
void CallFoo() { CallBar(); }
int
WINAPI
WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPWSTR lpCmdLine,
int nCmdShow)
{
// It's OK to replace RETAILMSG with printf/wprintf
RETAILMSG(1,(L"Beginning test...\r\n"));
__try {
CallFoo();
}
__except(1) {
RETAILMSG(1,(L"Exception was caught!!!\r\n"));
UTlsPtr()[TLSSLOT_KERNEL] &= ~TLSKERN_NOFAULT;
}
RETAILMSG(1,(L"Test completed...\r\n"));
return 0;
}
>>>
--
John Spaith
Software Design Engineer, Windows CE
Microsoft Corporation
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Let
us know!
https://www.windowsembeddedeval.com/community/newsgroups
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2003 Microsoft Corporation. All rights
reserved.
"Devon" <ke...@cox.net> wrote in message
news:uB2p3jea...@tk2msftngp13.phx.gbl...
Devon
I ran your snippet from within PB and I got the following output (by the
way, I #included <pkfuncs.h> also):
4294824126 PID:a3da7e8a TID:a3d410f2 0x83d412e0: Beginning test...
4294824126 PID:a3da7e8a TID:a3d410f2 0x83d412e0: Exception ffffffff
Thread=83d412e0 Proc=a3da7e8a 'Test.exe'
4294824126 PID:a3da7e8a TID:a3d410f2 0x83d412e0: AKY=00000101 PC=03f85ece
ESP=1203f9a0 EA=00000001
4294824126 PID:a3da7e8a TID:a3d410f2 0x83d412e0: TLSKERN_NOFAULT set...
bypassing kernel debugger.
4294824126 PID:a3da7e8a TID:a3d410f2 0x83d412e0: Exception was caught!!!
4294824136 PID:a3da7e8a TID:a3d410f2 0x83d412e0: Test completed...
So it looks like the exception is being thrown okay...I'll put the
try/except around my problem call and see what happens.
Just as an aside, you probably already know this, but I couldn't compile
your code from within eVC++ because the private kernal functions aren't
available...
-Devon
"John Spaith [MS]" <jsp...@ONLINE.microsoft.com> wrote in message
news:uu6ZKHqa...@TK2MSFTNGP11.phx.gbl...
Devon
So, as you may have read earlier, the code works as expected if it's run
from within PB 4.2 and using the emulator (that's to say that "bad xml" will
cause the call to return an error code. It doesn't hit the exception).
However, if I create and export an SDK to eVC++ 4.2, and then run the code
from within there on the emulator, it hangs in the call to loadXML(), as
before (and the __except() isn't triggered).
Both the PB and eVC++ are on different machines.
What could be different in the two environments that's causing MSXML to
hang?
--Devon
"John Spaith [MS]" <jsp...@ONLINE.microsoft.com> wrote in message
news:uu6ZKHqa...@TK2MSFTNGP11.phx.gbl...
Davide Sanna
> Davide - could you try this out too and let me know.
>
ok, actually at the office I'm really busy
I'll try it at home.
Later,
Davide
John Spaith [MS]
that. I've forwarded this problem to one of our SDK people internally and
hopefully they can figure out what's going on here.
If no one gets back to you in a few days, go ahead and send me a mail
directly (just remove the "online." from my email address in this post,
which is a spam-guard) and I'll bug the folks who would know more again.
--
John Spaith
Software Design Engineer, Windows CE
Microsoft Corporation
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Let
us know!
https://www.windowsembeddedeval.com/community/newsgroups
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2003 Microsoft Corporation. All rights
reserved.
"Devon" <ke...@cox.net> wrote in message
news:u0Z2cisa...@tk2msftngp13.phx.gbl...
Davide Sanna
> from within PB 4.2 and using the emulator (that's to say that "bad xml"
will
> cause the call to return an error code. It doesn't hit the exception).
> However, if I create and export an SDK to eVC++ 4.2, and then run the code
> from within there on the emulator, it hangs in the call to loadXML(), as
> before (and the __except() isn't triggered).
>
> Both the PB and eVC++ are on different machines.
>
> What could be different in the two environments that's causing MSXML to
> hang?
>
I was thinking about different implementation of exception handling,
more robust in PB but it isn't 'cause no exception is thrown in PB.
It's absolutely very strange, 'cause MSXML DLLs should be exactly
the same in same emulation environment (or it isn't?). I don't
know how to check DLL version using emulator, maybe you
just can downoad it to desktop and try, I really don't know...
But this doesn't explain why an exception is thrown or at least
should be thrown using evc4 (instead of hanging).
Better, I'd expect just an error return code.
In my code, I just tried to use something like:
<tag>... and I didn't put any closing tag... (no </tag>).
Program hanged.
Later,
Davide
MichelleW
We have observed the exact same problem with a custom SDK and CE 4.2.
We have also begun our port to CE 5.0 and verified that the same problem
exists with a custom SDK and CE 5.0.
Has the MS SDK group found a solution to the problem yet?
Thanks,
Michelle.
John Spaith [MS]
Here's an email thread between us. I'm removing his name in the thread
below.
-----Original Message-----
From:
Sent: Tuesday, October 12, 2004 12:44 PM
To: John Spaith
Subject: RE: MSXML Crashing w/ invalid XML
Yes. That is a practical short-term work-around. If you already have PB
running debug then use that debugger instead of eVC. They could still
launch the application Ctrl-F5 from eVC as long as the eVC debugger does not
attach to the process, the problem will not happen. If someone does take
that route they should modify their output directory to be the PB Release
directory so that PB can find the debug files (.PDB).
-----Original Message-----
From: John Spaith
Sent: Tuesday, October 12, 2004 12:38 PM
To:
Subject: RE: MSXML Crashing w/ invalid XML
It sounds like a workaround is for him not to use EVC, but instead to use
the PB debugger. I only use the PB debugger in my real development, so I'm
wondering is this a practical short-term workaround to give to people who
are out "in the wild"?
Thanks again.
John
-----Original Message-----
From:
Sent: Tuesday, October 12, 2004 12:35 PM
To: John Spaith
Subject: RE: MSXML Crashing w/ invalid XML
The problem Devon is experiencing is actually a debugger problem, not XML.
I'm debugging currently and it appears that eVC Debug proxy is not waiting
on the debug event for the test applications thread at the time of an
exception. This only happens when stepping through code in eVC while the
device is also connected to PB KITL debugger.
It hangs because no-one sets the "continue" event to kick the thread out
of it's break condition.
Thank you,
--
John Spaith
Software Design Engineer, Windows CE
Microsoft Corporation
Check out the new CE Networking Team Blog at http://blogs.msdn.com/cenet/.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2003 Microsoft Corporation. All rights
reserved.
"MichelleW" <Mich...@discussions.microsoft.com> wrote in message
news:B129898E-60EB-4D33...@microsoft.com...
Werner
I have encountered exactly the same problem today. Indeed debugging with
PB4.2 works. But as we want to debug through eVC4.2, I wonder if a QFE will
be present to fix this problem. Can you give some update of the status,
please.
I also found another problem when debugging MSXML3. When I am finished with
loading, parsing,... an existing xml file, after a few seconds I get this
error message (probably when DLL is unloaded from memory again?? -> not
blocking, but also not nice):
"CloseHandle/WaitForSingleObject: invalid handle h=0"
I took a call stack trace from PB4.2 (..\NK\KERNEL\objdisp.c line 1182)
> NK!ObjectCall(_OBJCALLSTRUCT * 0x1033fb38) line 1182
> NK!Int20SyscallHandler() line 1339
> COREDLL!xxx_CloseHandle(void * 0x00000000) line 62 + 10 bytes
> MSXML3!DeleteTlsData() line 289 + 13 bytes
> MSXML3!DllMain(void * 0x837f3a18, unsigned long 0x00000003, void * 0x00000000) line 516
> MSXML3!_DllMainCRTStartup(void * 0x837f3a18, unsigned long 0x00000003, void * 0x00000000) line 29 + 17 bytes
> COREDLL!Int_CloseHandle(void * 0x837f3a18) line 51 + 11 bytes
> NK!SC_ThreadDetachAllDLLs() line 3850 + 13 bytes
> NK!CallDLLEntry(Module * 0x03356140, unsigned long 0x00000001, void * 0x002d4288) line 1968 + 140 bytes
> COREDLL!ExitThread(unsigned long 0x00000000) line 238
> COREDLL!ThreadBaseFunc(void * 0x0335610a ThreadStartRoutine(THREAD *), unsigned long 0x002d4288) line 419 + 9 bytes
Regards
Werner DOT Willemsens AT xeikon DOT com