Leaks with jsproxy in CScriptTracer::Register

Tech-Archive recommends: Speed Up your PC by fixing your registry

Hello, All!

I'm trying my application with Application Verifier with TLS profiling.

Applicaiton Verifier sais that code in function CScriptTracer::Register()
allocates TLS record, but on deletion the TLS record is not freed and still
in use.

==============================
Here is a call stack on allocation:
# ChildEBP RetAddr Args to Child
00 05b4ef58 06351c65 01e25888 774e1a70 06361a9c
jscript!CScriptTracer::Register
01 05b4f004 06361c56 002a44e8 05b4f0bc 00000000
jscript!CScriptTracer::Startup+0x76
02 05b4f018 7750180a 002e5fb4 774e1a60 05b4f0b8
jscript!DllGetClassObject+0x9b
03 05b4f034 7752d6cc 002e5fb4 774e1a60 05b4f0b8
ole32!CClassCache::CDllPathEntry::DllGetClassObject+0x2d
04 05b4f04c 7752d3e6 05b4f060 774e1a60 05b4f0b8
ole32!CClassCache::CDllFnPtrMoniker::BindToObjectNoSwitch+0x1f
05 05b4f078 7752cf3b 05b4f0bc 00000000 05b4f6b0
ole32!CClassCache::GetClassObject+0x38
06 05b4f0f4 7752cddf 77607150 00000000 05b4f6b0
ole32!CServerContextActivator::CreateInstance+0x106
07 05b4f134 7752d02e 05b4f6b0 00000000 05b4fbfc
ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
08 05b4f188 7752cfa5 77607154 00000000 05b4f6b0
ole32!CApartmentActivator::CreateInstance+0x110
09 05b4f1a8 7752ddf4 77607154 00000001 00000000
ole32!CProcessActivator::CCICallback+0x6d
0a 05b4f1c8 7752ddab 7760714c 05b4f50c 00000000
ole32!CProcessActivator::AttemptActivation+0x2c
0b 05b4f200 7752d08f 7760714c 05b4f50c 00000000
ole32!CProcessActivator::ActivateByContext+0x42
0c 05b4f228 7752cddf 7760714c 00000000 05b4f6b0
ole32!CProcessActivator::CreateInstance+0x49
0d 05b4f268 7752cd7a 05b4f6b0 00000000 05b4fbfc
ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
0e 05b4f4b8 7752cddf 77607114 00000000 05b4f6b0
ole32!CClientContextActivator::CreateInstance+0x8f
0f 05b4f4f8 7752cc24 05b4f6b0 00000000 05b4fbfc
ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
10 05b4fca8 774ffaba 05b4fd7c 00000000 00000001
ole32!ICoCreateInstanceEx+0x3c9
11 05b4fcd0 774ffa89 05b4fd7c 00000000 00000001
ole32!CComActivator::DoCreateInstance+0x28
12 05b4fcf4 774ffaf7 05b4fd7c 00000000 00000001
ole32!CoCreateInstanceEx+0x1e
13 05b4fd24 65af1588 05b4fd7c 00000000 00000001 ole32!CoCreateInstance+0x37
14 05b4fdd0 65af1d92 00318f48 00000000 0032c6f8
jsproxy!CScriptSite::Init+0xb2
15 05b4fdfc 690109fb 00000000 00000001 00000000
jsproxy!AUTOCONF_InternetInitializeAutoProxyDll+0xd9


==============================
Here is call stack on access violation on heap free:
# ChildEBP RetAddr Args to Child
00 05b4f99c 00373760 05b4cc16 00368e90 7c97fc10 ntdll!DbgBreakPoint
01 05b4fba0 003a3174 003a7c88 00000350 001aabba
vrfcore!VerifierStopMessageEx+0x4b5
02 05b4fbc4 003a15d8 00000350 00393cd4 001aabba
vfbasics!VfBasicsStopMessage+0x114
03 05b4fbfc 003a0edc 01674f90 01674f90 00b4fc1c
vfbasics!AVrfpCheckAndFreeDllLeakedTlsSlots+0x88
04 05b4fc1c 7c954a69 00368e40 06350000 00071000
vfbasics!AVrfpDllUnloadCallback+0x6c
05 05b4fc40 7c93d4d4 00368e90 05b4fda4 05b4fd80
ntdll!AVrfDllUnloadNotification+0x78
06 05b4fd2c 003a1833 06350000 00000000 00368e40 ntdll!LdrUnloadDll+0x2cd
07 05b4fd44 7c80abf7 06350000 05b4fd80 05b4fda4
vfbasics!AVrfpLdrUnloadDll+0x73
08 05b4fd58 77513442 06350000 05b4fdc0 77513456 kernel32!FreeLibrary+0x3f
09 05b4fd64 77513456 05b4fd8c 05b4fd8c 776067e0
ole32!CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
0a 05b4fd78 77530729 05b4fda4 05b4fda4 05b4fd8c
ole32!CClassCache::CFinishComposite::Finish+0x1d
0b 05b4fdc0 7752fd6a 7752fee4 00000000 002e2db8
ole32!CClassCache::CleanUpDllsForProcess+0x1b2
0c 05b4fdc4 7752fee4 00000000 002e2db8 00000000
ole32!ProcessUninitialize+0x37
0d 05b4fdd8 774fee88 05b4fdf0 00000000 00000001 ole32!wCoUninitialize+0x11b
0e 05b4fdf4 775131f0 774e0000 774fd1a2 05b4fe24 ole32!CoUninitialize+0x5b
0f 05b4fdfc 774fd1a2 05b4fe24 774fd141 774e0000
ole32!DoThreadSpecificCleanup+0x47
10 05b4fe04 774fd141 774e0000 00000003 00000000
ole32!ThreadNotification+0x37
11 05b4fe24 774fd0e9 774e0000 00000003 00000000 ole32!DllMain+0x147
12 05b4fe44 00377fcb 774e0000 00000003 00000000
ole32!_DllMainCRTStartup+0x52
13 05b4fe8c 003a118e 774e0000 00000003 00000000
vrfcore!VfCoreStandardDllEntryPointRoutine+0x127
14 05b4fee4 7c9011a7 774e0000 00000003 00000000
vfbasics!AVrfpStandardDllEntryPointRoutine+0x10e
15 05b4ff04 7c919213 003a1080 774e0000 00000003
ntdll!LdrpCallInitRoutine+0x14
16 05b4ff7c 7c80c096 0221f6ec 0221f738 01676588 ntdll!LdrShutdownThread+0xd7
17 05b4ffb4 7c80b688 00000000 0221f6ec 0221f738 kernel32!ExitThread+0x3e
18 05b4ffec 00000000 00395310 01676588 00000000
kernel32!BaseThreadStart+0x3c


==============================
Here is a code that causes such problem:
HMODULE module = ::LoadLibrary(_T("jsproxy.dll"));
char *wpad_LocalFullFileNameCopy = "Z:\\temp\\wpad.dat";
Function_InitializeDll functionInitializeDll =
reinterpret_cast<Function_InitializeDll>(GetProcAddress(m_module,
"InternetInitializeAutoProxyDll"));
Function_DeInitializeDll functionDeInitializeDll =
reinterpret_cast<Function_DeInitializeDll>(GetProcAddress(m_module,
"InternetDeInitializeAutoProxyDll"));
functionInitializeDll(0, wpad_LocalFullFileNameCopy, 0, 0, 0);
functionDeInitializeDll(0, 0);
FreeLibrary(module);

Unfortunatelly the code problem is reporduced only in mine huge applicaiton,
and under several conditions, that process runs as NT Service and under
local system account.
I do not know what exact in mine applicaiton could damage work of JSProxy
and any hint would be useful for me.


Thanks in advance,
Voronkov Konstantin


.