64 位 ACE OLEDB 提供程序导致 SysFreeString 中的访问冲突
64 bit ACE OLEDB provider causes access violation in SysFreeString
由于遗留原因,我的应用程序使用 MS Access mdb 文件。它使用带有以下连接字符串的 ADO 连接到数据库:
Provider=Microsoft.Jet.OLEDB.4.0;Persist Security Info=False;Data Source=Dummy.mdb
最近我开始将我的应用程序移植到 64 位。由于 Jet OLEDB 提供程序在 64 位系统上不可用,我使用具有以下连接字符串的 ACE OLEDB 提供程序:
Provider=Microsoft.ACE.OLEDB.12.0;Persist Security Info=False;Data Source=Dummy.mdb
该应用程序还使用 MS XML DOM 来处理 XML 文件。有时 64 位版本会因 SysFreeString 中的访问冲突异常而崩溃,这是从 MS XML 包装器方法之一调用的。 32 位版本没有这些问题。我将问题提炼到测试器应用程序中。
#define _WIN32_WINNT 0x0501
#include <stdio.h>
#include <windows.h>
#include <process.h>
#include <conio.h>
#include <ObjBase.h>
#import <msxml6.dll>
#import <msado15.dll> rename("EOF", "EndOfFile")
using namespace ADODB;
bool s_bRepeat = true;
unsigned __stdcall XmlThreadFunc(void*)
{
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
MSXML2::IXMLDOMDocumentPtr l_pXMLDom;
l_pXMLDom.CreateInstance(__uuidof(DOMDocument), NULL, CLSCTX_INPROC_SERVER);
l_pXMLDom->async = VARIANT_FALSE;
MSXML2::IXMLDOMElementPtr l_pRoot = l_pXMLDom->createElement("root");
l_pXMLDom->appendChild(l_pRoot);
unsigned int l_nCnt = 0;
while (s_bRepeat)
{
if (0 == l_nCnt++ % 1000)
{
printf(".");
}
l_pRoot->setAttribute("test", "Test1");
Sleep(0);
}
CoUninitialize();
_endthreadex(0);
return 0;
}
unsigned __stdcall DbThreadFunc(void*)
{
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
_ConnectionPtr l_pConnection;
l_pConnection.CreateInstance(__uuidof(Connection));
#ifdef _WIN64
LPCSTR l_cszConnectStr = "Provider=Microsoft.ACE.OLEDB.12.0;Persist Security Info=False;Data Source=Dummy.mdb";
#else
LPCSTR l_cszConnectStr = "Provider=Microsoft.Jet.OLEDB.4.0;Persist Security Info=False;Data Source=Dummy.mdb";
#endif
while (s_bRepeat)
{
l_pConnection->Open(l_cszConnectStr, "", "", adConnectUnspecified);
Sleep(1000);
printf("(");
l_pConnection->Close();
printf(")");
}
CoUninitialize();
_endthreadex(0);
return 0;
}
int main()
{
HANDLE l_hXmlThread = reinterpret_cast<HANDLE>(_beginthreadex(NULL, 0, &XmlThreadFunc, NULL, 0, NULL));
HANDLE l_hDbThread = reinterpret_cast<HANDLE>(_beginthreadex(NULL, 0, &DbThreadFunc, NULL, 0, NULL));
_getch();
s_bRepeat = false;
HANDLE l_Handles[2] = { l_hXmlThread, l_hDbThread };
WaitForMultipleObjects(2, l_Handles, TRUE, INFINITE);
CloseHandle(l_hXmlThread);
CloseHandle(l_hDbThread);
return 0;
}
崩溃调用堆栈如下:
OLEAUT32!SysFreeString
TestCrash64Lean!_bstr_t::Data_t::_Free
TestCrash64Lean!_bstr_t::Data_t::~Data_t
TestCrash64Lean!_bstr_t::Data_t::`scalar deleting destructor'
TestCrash64Lean!_bstr_t::Data_t::Release
TestCrash64Lean!_bstr_t::_Free
TestCrash64Lean!_bstr_t::~_bstr_t
TestCrash64Lean!MSXML2::IXMLDOMElement::setAttribute
TestCrash64Lean!XmlThreadFunc
MSVCR80D!_callthreadstartex
MSVCR80D!_threadstartex
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
发生崩溃时,数据库线程始终处于以下状态:
MSVCR90!memset
mso!Ordinal4118
mso!Ordinal7994
mso!MsoUninitOffice
ACECORE
ACECORE
ACEOLEDB!DllGetClassObject
ACEOLEDB!DllGetClassObject
ACEOLEDB!DllGetClassObject
ACEOLEDB!DllGetClassObject
oledb32!CAcm::FinalRelease
oledb32!ATL::CComPolyObject<CDCM>::~CComPolyObject<CDCM>
oledb32!ATL::CComPolyObject<CDCM>::Release
oledb32!CDCMCreator::DestroyResource
comsvcs!CHolder::SafeDispenserDriver::DestroyResource
comsvcs!CHolder::ProcessDestroyList
comsvcs!CHolder::FreeResource
oledb32!CDCMCreator::ReleaseResource
oledb32!CDPO::ReturnDCMToPool
oledb32!CDPO::FinalRelease
oledb32!ATL::CComPolyObject<CDPO>::`scalar deleting destructor'
oledb32!ATL::CComPolyObject<CDPO>::Release
msado15!CConnection::_Close
msado15!CConnection::Close
TestCrash64Lean!ADODB::Connection15::Close
TestCrash64Lean!DbThreadFunc
MSVCR80D!_callthreadstartex
MSVCR80D!_threadstartex
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
我发现作为一种解决方法,如果我保持一个与某个空数据库文件的连接打开,我可以打开和关闭与实际数据库文件的连接并且应用程序不会崩溃。无论如何,我宁愿了解崩溃的实际原因。如果有任何建议,我将不胜感激。
我的配置如下:
Microsoft Visual Studio 2005 Version 8.0.50727.4039 (QFE.050727-4000)
Windows Server 2008 R2 Standard 64 bit
Processor: Intel(R) Xeon(R) E5645 @ 2.40GHz
Memory: 16.0 GB
看起来这是来自 Microsoft Access Database Engine 2010 Redistributable 的 ACE OLEDB 提供程序的问题。从 Microsoft Access 2013 运行时切换到提供程序解决了该问题。
由于遗留原因,我的应用程序使用 MS Access mdb 文件。它使用带有以下连接字符串的 ADO 连接到数据库:
Provider=Microsoft.Jet.OLEDB.4.0;Persist Security Info=False;Data Source=Dummy.mdb
最近我开始将我的应用程序移植到 64 位。由于 Jet OLEDB 提供程序在 64 位系统上不可用,我使用具有以下连接字符串的 ACE OLEDB 提供程序:
Provider=Microsoft.ACE.OLEDB.12.0;Persist Security Info=False;Data Source=Dummy.mdb
该应用程序还使用 MS XML DOM 来处理 XML 文件。有时 64 位版本会因 SysFreeString 中的访问冲突异常而崩溃,这是从 MS XML 包装器方法之一调用的。 32 位版本没有这些问题。我将问题提炼到测试器应用程序中。
#define _WIN32_WINNT 0x0501
#include <stdio.h>
#include <windows.h>
#include <process.h>
#include <conio.h>
#include <ObjBase.h>
#import <msxml6.dll>
#import <msado15.dll> rename("EOF", "EndOfFile")
using namespace ADODB;
bool s_bRepeat = true;
unsigned __stdcall XmlThreadFunc(void*)
{
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
MSXML2::IXMLDOMDocumentPtr l_pXMLDom;
l_pXMLDom.CreateInstance(__uuidof(DOMDocument), NULL, CLSCTX_INPROC_SERVER);
l_pXMLDom->async = VARIANT_FALSE;
MSXML2::IXMLDOMElementPtr l_pRoot = l_pXMLDom->createElement("root");
l_pXMLDom->appendChild(l_pRoot);
unsigned int l_nCnt = 0;
while (s_bRepeat)
{
if (0 == l_nCnt++ % 1000)
{
printf(".");
}
l_pRoot->setAttribute("test", "Test1");
Sleep(0);
}
CoUninitialize();
_endthreadex(0);
return 0;
}
unsigned __stdcall DbThreadFunc(void*)
{
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
_ConnectionPtr l_pConnection;
l_pConnection.CreateInstance(__uuidof(Connection));
#ifdef _WIN64
LPCSTR l_cszConnectStr = "Provider=Microsoft.ACE.OLEDB.12.0;Persist Security Info=False;Data Source=Dummy.mdb";
#else
LPCSTR l_cszConnectStr = "Provider=Microsoft.Jet.OLEDB.4.0;Persist Security Info=False;Data Source=Dummy.mdb";
#endif
while (s_bRepeat)
{
l_pConnection->Open(l_cszConnectStr, "", "", adConnectUnspecified);
Sleep(1000);
printf("(");
l_pConnection->Close();
printf(")");
}
CoUninitialize();
_endthreadex(0);
return 0;
}
int main()
{
HANDLE l_hXmlThread = reinterpret_cast<HANDLE>(_beginthreadex(NULL, 0, &XmlThreadFunc, NULL, 0, NULL));
HANDLE l_hDbThread = reinterpret_cast<HANDLE>(_beginthreadex(NULL, 0, &DbThreadFunc, NULL, 0, NULL));
_getch();
s_bRepeat = false;
HANDLE l_Handles[2] = { l_hXmlThread, l_hDbThread };
WaitForMultipleObjects(2, l_Handles, TRUE, INFINITE);
CloseHandle(l_hXmlThread);
CloseHandle(l_hDbThread);
return 0;
}
崩溃调用堆栈如下:
OLEAUT32!SysFreeString
TestCrash64Lean!_bstr_t::Data_t::_Free
TestCrash64Lean!_bstr_t::Data_t::~Data_t
TestCrash64Lean!_bstr_t::Data_t::`scalar deleting destructor'
TestCrash64Lean!_bstr_t::Data_t::Release
TestCrash64Lean!_bstr_t::_Free
TestCrash64Lean!_bstr_t::~_bstr_t
TestCrash64Lean!MSXML2::IXMLDOMElement::setAttribute
TestCrash64Lean!XmlThreadFunc
MSVCR80D!_callthreadstartex
MSVCR80D!_threadstartex
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
发生崩溃时,数据库线程始终处于以下状态:
MSVCR90!memset
mso!Ordinal4118
mso!Ordinal7994
mso!MsoUninitOffice
ACECORE
ACECORE
ACEOLEDB!DllGetClassObject
ACEOLEDB!DllGetClassObject
ACEOLEDB!DllGetClassObject
ACEOLEDB!DllGetClassObject
oledb32!CAcm::FinalRelease
oledb32!ATL::CComPolyObject<CDCM>::~CComPolyObject<CDCM>
oledb32!ATL::CComPolyObject<CDCM>::Release
oledb32!CDCMCreator::DestroyResource
comsvcs!CHolder::SafeDispenserDriver::DestroyResource
comsvcs!CHolder::ProcessDestroyList
comsvcs!CHolder::FreeResource
oledb32!CDCMCreator::ReleaseResource
oledb32!CDPO::ReturnDCMToPool
oledb32!CDPO::FinalRelease
oledb32!ATL::CComPolyObject<CDPO>::`scalar deleting destructor'
oledb32!ATL::CComPolyObject<CDPO>::Release
msado15!CConnection::_Close
msado15!CConnection::Close
TestCrash64Lean!ADODB::Connection15::Close
TestCrash64Lean!DbThreadFunc
MSVCR80D!_callthreadstartex
MSVCR80D!_threadstartex
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
我发现作为一种解决方法,如果我保持一个与某个空数据库文件的连接打开,我可以打开和关闭与实际数据库文件的连接并且应用程序不会崩溃。无论如何,我宁愿了解崩溃的实际原因。如果有任何建议,我将不胜感激。
我的配置如下:
Microsoft Visual Studio 2005 Version 8.0.50727.4039 (QFE.050727-4000)
Windows Server 2008 R2 Standard 64 bit
Processor: Intel(R) Xeon(R) E5645 @ 2.40GHz
Memory: 16.0 GB
看起来这是来自 Microsoft Access Database Engine 2010 Redistributable 的 ACE OLEDB 提供程序的问题。从 Microsoft Access 2013 运行时切换到提供程序解决了该问题。