crache on diff large PE-files #1
Description
Windows 7 x64 Home
IDA 6.5 with idasdk
patchdiff2 checouted from master-branche and build with VS 2013 Express
all by default
Perform diff large PE-file with pdb-symbols, such as mshtml.dll (etc. >10M size), crache with ida-dump file size==0.
If attache VS-debugger to worked IDA-exe before crache, see next stacktrace:
dbghelp.dll!Win32LiveSystemProvider::TibGetThreadTebInfo(void *,unsigned __int64,unsigned __int64 *,unsigned __int64 *,unsigned __int64 *,unsigned __int64 *,unsigned __int64 *)
dbghelp.dll!NtWin32LiveSystemProvider::GetThreadTebInfo(void *,void *,unsigned __int64 *,unsigned long *,unsigned __int64 *,unsigned __int64 *,unsigned __int64 *,unsigned __int64 *,unsigned __int64 *)
dbghelp.dll!GenAllocateThreadObject(struct _MINIDUMP_STATE *,struct _INTERNAL_PROCESS *,unsigned long,unsigned long,struct _INTERNAL_THREAD * *)
dbghelp.dll!GenGetProcessInfo(struct _MINIDUMP_STATE *,struct _INTERNAL_PROCESS * *)
dbghelp.dll!_MiniDumpProvideDump@40�()
dbghelp.dll!_MiniDumpWriteDump@28�()
idaq.exe!000de31a()
[invalide frames, idaq.exe symbols not loaded]
[external code]
idaq.exe!002618fc()
[external code]
> patchdiff2.plw!clist_insert_dsig(c_list * cl, dc_sig * ds)line 137 C++
patchdiff2.plw!clist_remove(c_list * cl, dc_sig * ds)line 223 C++
patchdiff2.plw!clist_update_crefs(c_list * cl, dc_sig * ds, int type)line 505 C++
patchdiff2.plw!clist_update_and_remove(c_list * cl, dc_sig * ds)line 521 C++
patchdiff2.plw!diff_run(dengine * eng, c_list * cl1, c_list * cl2, int min_type, int max_type, bool pclass)line 565 C++
patchdiff2.plw!diff_run(dengine * eng, c_list * cl1, c_list * cl2, int min_type, int max_type, bool pclass)line 575 C++
......
It's last patchdiff2-frame - clist.cpp:
static int clist_insert_dsig(clist_t * cl, dpsig_t * ds)
{
dpsig_t * prev, * cur;
int ret;
ds->prev = NULL;
ds->next = NULL;
ds->removed = true;
prev = NULL;
cur = cl->msigs;
while (cur)
{
// sig_compare is reversed
ret = sig_compare(&ds->sig, &cur->sig) ; <<<<<<<<<crache here
if (!ret && cur->sig->startEA == ds->sig->startEA)
return -1;
if (ret <= 0)
break;
prev = cur;
cur = cur->next;
}
ds->prev = prev;
ds->next = cur;
if (!prev)
cl->msigs= ds;
else
prev->next = ds;
if (cur) cur->prev = ds;
cl->nmatch++;
return 0;
}
with locals:
+ cl 0x34f04060 {num=155 pos=0x34f69c20 {sig=0x2f944510 {name=0x039629f0 "CDoc::CutCopyMove(CMarkupPointer *,CMarkupPointer *,CMarkupPointer *,int,ulong)" ...} ...} ...} c_list *
+ ds 0x34f692b8 {sig=0x2fac87e8 {name=0x2dd739b0 "CElement::FireElementResizeEvents(void)" startEA=1671056475 ...} ...} dc_sig *
ret -858993460 int
+ prev 0x00000000 <NULL> dc_sig *
+ cur 0x34f69c20 {sig=0x2f944510 {name=0x039629f0 "CDoc::CutCopyMove(CMarkupPointer *,CMarkupPointer *,CMarkupPointer *,int,ulong)" ...} ...} dc_sig *