Uninits and leaks when using CoInitialize/CoCreateInstance

[derekbruening]

From [email protected] on May 30, 2011 06:06:33

As of r313 ,

#include <windows.h>

#include <stdio.h>
#include <shobjidl.h>
#include <shlguid.h>

#pragma comment(lib, "ole32.lib")

int main() {
::CoInitialize(NULL);

IShellLink* obj;
HRESULT hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER,
                                IID_IShellLink, (LPVOID*)&obj);
if (!SUCCEEDED(hres)) {
     ::CoUninitialize();
     printf("FAIL\n");
     return 1;
}   
// For more tests see http://msdn.microsoft.com/en-us/library/bb776891(v=vs.85).aspx#Shellink_Creating_Shortcut obj->Release();

::CoUninitialize();
printf("PASS\n");
return 0;

}

Gives the following reports (besides known false positives):

Error #7: UNINITIALIZED READ: reading 0x001672e0-0x001672e1 1 byte(s)
@0:00:05.344 in thread 16412
0x76fda30f <CLBCatQ.DLL+0xa30f> CLBCatQ.DLL!DestroyStgDatabase
0x76fd7178 <CLBCatQ.DLL+0x7178> CLBCatQ.DLL!PostError
0x76fd7132 <CLBCatQ.DLL+0x7132> CLBCatQ.DLL!PostError
0x76fd6d24 <CLBCatQ.DLL+0x6d24> CLBCatQ.DLL!PostError
0x76fd73d4 <CLBCatQ.DLL+0x73d4> CLBCatQ.DLL!PostError
0x76fd6c72 <CLBCatQ.DLL+0x6c72> CLBCatQ.DLL!PostError
0x76fd74c8 <CLBCatQ.DLL+0x74c8> CLBCatQ.DLL!PostError
0x76fd308f <CLBCatQ.DLL+0x308f> CLBCatQ.DLL!?
0x7c90118a <ntdll.dll+0x118a> ntdll.dll!LdrInitializeThunk
0x7c9224ca <ntdll.dll+0x224ca> ntdll.dll!RtlDestroyEnvironment
0x7c81caae <KERNEL32.dll+0x1caae> KERNEL32.dll!IsValidLocale
0x7c81cb26 <KERNEL32.dll+0x1cb26> KERNEL32.dll!ExitProcess

Error #8: UNINITIALIZED READ: reading 0x00167424-0x00167425 1 byte(s)
@0:00:05.391 in thread 16412
0x76fda30f <CLBCatQ.DLL+0xa30f> CLBCatQ.DLL!DestroyStgDatabase
0x76fd7132 <CLBCatQ.DLL+0x7132> CLBCatQ.DLL!PostError
0x76fd6d24 <CLBCatQ.DLL+0x6d24> CLBCatQ.DLL!PostError
0x76fd73d4 <CLBCatQ.DLL+0x73d4> CLBCatQ.DLL!PostError
0x76fd6c72 <CLBCatQ.DLL+0x6c72> CLBCatQ.DLL!PostError
0x76fd74c8 <CLBCatQ.DLL+0x74c8> CLBCatQ.DLL!PostError
0x76fd308f <CLBCatQ.DLL+0x308f> CLBCatQ.DLL!?
0x7c90118a <ntdll.dll+0x118a> ntdll.dll!LdrInitializeThunk
0x7c9224ca <ntdll.dll+0x224ca> ntdll.dll!RtlDestroyEnvironment
0x7c81caae <KERNEL32.dll+0x1caae> KERNEL32.dll!IsValidLocale
0x7c81cb26 <KERNEL32.dll+0x1cb26> KERNEL32.dll!ExitProcess
0x00402aa2 <test.exe+0x2aa2> test.exe!__crtExitProcess

Original issue: http://code.google.com/p/drmemory/issues/detail?id=425

[derekbruening]

From [email protected] on June 02, 2011 07:00:19

if I add the following line:
obj->SetPath("ZZZ");
before the ->Release line, I also get the following leak report:
Error #17: POSSIBLE LEAK 264 direct bytes 0x00187f30-0x00188038 + 0 indirect bytes
0x77e781f9 <RPCRT4.dll+0x81f9> RPCRT4.dll!I_RpcBCacheFree
0x77e781d0 <RPCRT4.dll+0x81d0> RPCRT4.dll!I_RpcBCacheFree
0x77e78ab4 <RPCRT4.dll+0x8ab4> RPCRT4.dll!NdrOleFree
0x77e78498 <RPCRT4.dll+0x8498> RPCRT4.dll!I_RpcBCacheFree
0x77e8076f <RPCRT4.dll+0x1076f> RPCRT4.dll!I_RpcTransGetThreadEvent
0x77e8519c <RPCRT4.dll+0x1519c> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize
0x77e84fd5 <RPCRT4.dll+0x14fd5> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize
0x77e848de <RPCRT4.dll+0x148de> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize
0x77e849f5 <RPCRT4.dll+0x149f5> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize
0x77e84944 <RPCRT4.dll+0x14944> RPCRT4.dll!NdrNonEncapsulatedUnionMemorySize
0x77e7febc <RPCRT4.dll+0xfebc> RPCRT4.dll!NdrConformantStructUnmarshall
0x77e78ed9 <RPCRT4.dll+0x8ed9> RPCRT4.dll!I_RpcGetBufferWithObject
0x77e78f10 <RPCRT4.dll+0x8f10> RPCRT4.dll!I_RpcGetBuffer
0x77e79571 <RPCRT4.dll+0x9571> RPCRT4.dll!NdrGetBuffer
0x77ef560b <RPCRT4.dll+0x8560b> RPCRT4.dll!NdrClientCall2
0x77de1ee8 <ADVAPI32.dll+0x11ee8> ADVAPI32.dll!LsaOpenPolicy
0x77de1e6a <ADVAPI32.dll+0x11e6a> ADVAPI32.dll!LsaOpenPolicy
0x77dfb93d <ADVAPI32.dll+0x2b93d> ADVAPI32.dll!LookupPrivilegeValueW
0x77928fe3 <SETUPAPI.dll+0x8fe3> SETUPAPI.dll!pSetupConcatenatePaths
0x77929ffd <SETUPAPI.dll+0x9ffd> SETUPAPI.dll!CM_Get_Device_Interface_List_Size_ExW
0x77929060 <SETUPAPI.dll+0x9060> SETUPAPI.dll!CM_Get_Device_Interface_List_Size_ExW
0x7ca076aa <SHELL32.dll+0x476aa> SHELL32.dll!SHGetImageList
0x7ca07648 <SHELL32.dll+0x47648> SHELL32.dll!SHGetImageList
0x7ca07521 <SHELL32.dll+0x47521> SHELL32.dll!SHGetImageList
0x7ca075ed <SHELL32.dll+0x475ed> SHELL32.dll!SHGetImageList
0x7c9ea6c6 <SHELL32.dll+0x2a6c6> SHELL32.dll!Ordinal57
0x7ca2e881 <SHELL32.dll+0x6e881> SHELL32.dll!SHGetMalloc
0x7ca2e804 <SHELL32.dll+0x6e804> SHELL32.dll!SHGetMalloc
0x7c9efae8 <SHELL32.dll+0x2fae8> SHELL32.dll!SHGetSpecialFolderLocation
0x7c9efa01 <SHELL32.dll+0x2fa01> SHELL32.dll!SHGetSpecialFolderLocation
0x7c9ebe05 <SHELL32.dll+0x2be05> SHELL32.dll!SHGetDesktopFolder
0x7ca2ea91 <SHELL32.dll+0x6ea91> SHELL32.dll!SHGetMalloc
0x7c9ee143 <SHELL32.dll+0x2e143> SHELL32.dll!SHParseDisplayName
0x7c9ee090 <SHELL32.dll+0x2e090> SHELL32.dll!SHParseDisplayName
0x7c9ee629 <SHELL32.dll+0x2e629> SHELL32.dll!SHILCreateFromPath
0x7ca2ac07 <SHELL32.dll+0x6ac07> SHELL32.dll!SHGetDataFromIDListW
0x7ca41307 <SHELL32.dll+0x81307> SHELL32.dll!ShellExecuteA
0x7cb07ff0 <SHELL32.dll+0x147ff0> SHELL32.dll!Ordinal712
0x0040106c <test.exe+0x106c> test.exe!main
test.cpp:21

I've seen exactly the same leak on Chromium base_unittests locally and some similar leaks on net_: http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20%28DrMemory%29/builds/3925/steps/memory%20test%3A%20net_1/logs/stdio POSSIBLE LEAK 264 direct bytes 0x00191690-0x00191798 + 0 indirect bytes

1 0x77e781f9 I_RpcBCacheFree RPCRT4.dll

2 0x77e781d0 I_RpcBCacheFree RPCRT4.dll

3 0x77e78ab4 NdrOleFree RPCRT4.dll

4 0x77e78498 I_RpcBCacheFree RPCRT4.dll

5 0x77e78998 NdrOleFree RPCRT4.dll

6 0x77e78ef5 I_RpcGetBufferWithObject RPCRT4.dll

7 0x77e78f10 I_RpcGetBuffer RPCRT4.dll

8 0x77e79571 NdrGetBuffer RPCRT4.dll

9 0x77ef560b NdrClientCall2 RPCRT4.dll

...
#24 0x71ab4a5a connect WS2_32.dll

[derekbruening]

From [email protected] on June 29, 2011 06:06:55

looks very much related: http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20%28DrMemory%29/builds/4409/steps/memory%20test%3A%20net/logs/stdio (w/o PDB symbols)
LEAK 132 direct bytes 0x001edb20-0x001edba4 + 264 indirect bytes

1 I_RpcBCacheFree RPCRT4.dll+0x81f9

2 I_RpcBCacheFree RPCRT4.dll+0x81d0

3 NdrConformantArrayFree RPCRT4.dll+0xd232

4 RpcBindingFromStringBindingW RPCRT4.dll+0xe8df

5 ? DHCPCSVC.DLL+0x2a99

6 RpcStringBindingComposeW RPCRT4.dll+0xec3a

7 RpcStringBindingComposeW RPCRT4.dll+0xec67

8 NdrClientCall2 RPCRT4.dll+0x8558d

9 DhcpRequestOptions DHCPCSVC.DLL+0x460c

#10 DhcpRequestParams DHCPCSVC.DLL+0x116f0
#11 net::DhcpProxyScriptAdapterFetcher::GetPacURLFromDhcp net\proxy\dhcp_proxy_script_adapter_fetcher_win.cc:277
#12 net::DhcpProxyScriptAdapterFetcher::WorkerThread::ImplGetPacURLFromDhcp net\proxy\dhcp_proxy_script_adapter_fetcher_win.cc:156
#13 net::DhcpProxyScriptAdapterFetcher::WorkerThread::ThreadFunc net\proxy\dhcp_proxy_script_adapter_fetcher_win.cc:135
#14 DispatchToMethod<...>

(also see issue #476 )

[derekbruening]

From [email protected] on July 18, 2011 06:43:30

One more code snippet:

#include <windows.h>
#include <dshow.h>

#include <stdio.h>

#pragma comment(lib, "ole32.lib")
#pragma comment(lib, "strmiids.lib")

class ScopedCOMInitializer {
public:
ScopedCOMInitializer() : hr_(CoInitialize(NULL)) { }

ScopedCOMInitializer::~ScopedCOMInitializer() {
  if (SUCCEEDED(hr_))
    CoUninitialize();
}

private:
HRESULT hr_;
};

int main() {
ScopedCOMInitializer sci;

ICreateDevEnum *dev_enum;
HRESULT hr = CoCreateInstance(CLSID_SystemDeviceEnum, NULL, CLSCTX_INPROC,
                              IID_ICreateDevEnum, (LPVOID*)&dev_enum);
if (!SUCCEEDED(hr)) {
    printf("FAIL\n");
    return 1;
}

IEnumMoniker *moniker;
hr = dev_enum->CreateClassEnumerator(CLSID_VideoInputDeviceCategory, &moniker, 0);
if (SUCCEEDED(hr)) {
    printf("PASS\n");
} else {
    printf("FAIL\n");
    return 1;
}
dev_enum->Release();

return 0;

}

->
[XP 32-bits, w/o symbols]
Error #43: UNINITIALIZED READ: reading 0x003a3088-0x003a308c 4 byte(s)
@0:00:05.223 in thread 6020
0x736b2ca4 <msdmo.dll+0x2ca4> msdmo.dll!DMOEnum
0x736b2d45 <msdmo.dll+0x2d45> msdmo.dll!DMOEnum
0x75f4772d <DEVENUM.DLL+0x772d> DEVENUM.DLL!DllUnregisterServer
0x75f478ad <DEVENUM.DLL+0x78ad> DEVENUM.DLL!DllUnregisterServer
0x75f483f9 <DEVENUM.DLL+0x83f9> DEVENUM.DLL!DllUnregisterServer
0x75f442c4 <DEVENUM.DLL+0x42c4> DEVENUM.DLL!?
0x75f48344 <DEVENUM.DLL+0x8344> DEVENUM.DLL!DllUnregisterServer
0x75f46e0e <DEVENUM.DLL+0x6e0e> DEVENUM.DLL!DllUnregisterServer
0x00401099 <test.exe+0x1099> test.exe!main
test.cpp:34

[XP 32-bits, w/o symbols]
Error #39: UNINITIALIZED READ: reading 0x003a3088-0x003a308c 4 byte(s)
@0:00:05.520 in thread 5244
0x736b2ca4 <msdmo.dll+0x2ca4> msdmo.dll!CArrayContainerCEnumDMOCLSID::Entry::GetNth
0x736b2d45 <msdmo.dll+0x2d45> msdmo.dll!CEnumDMOCLSID::Next
0x75f4772d <DEVENUM.DLL+0x772d> DEVENUM.DLL!CCreateSwEnum::CreatePnpMonikers
0x75f478ad <DEVENUM.DLL+0x78ad> DEVENUM.DLL!CCreateSwEnum::CreateDmoMonikers
0x75f483f9 <DEVENUM.DLL+0x83f9> DEVENUM.DLL!CCreateSwEnum::CreateClassEnumerator
0x75f442c4 <DEVENUM.DLL+0x42c4> DEVENUM.DLL!CClassManagerBase::CreateClassEnumerator
0x75f48344 <DEVENUM.DLL+0x8344> DEVENUM.DLL!CCreateSwEnum::CreateClassEnumerator
0x75f46e0e <DEVENUM.DLL+0x6e0e> DEVENUM.DLL!CCreateSwEnum::CreateClassEnumerator
0x00401099 <test.exe+0x1099> test.exe!main
test.cpp:34