Access Violation in SHGetDesktopFolder

We found an interesting issue the other day when a call to SHGetFileInfo crashed with an Access Violation. Entry in the call stack contained the following like this:

Access violation - code c0000005

...shell32!SHGetDesktopFolder+0xa0...shell32!SHGetFileInfoW+0x11bISVApplication!Function+0x01

After some debugging and help from an expert, it appears that Vista has another mechanism than XP to handle pointers to Desktop Folder. Previously the Desktop Folder might stay around even if Release were called on the pointer acquired through SHGetDesktopFolder. In our case we were mistakenly calling Release on a smart pointer. Thereby we decremented the reference count to 0 prematurely, causing the instance to be deleted, leaving a dangling pointer. Next time a call was made: crash boom, Access Violation.

Note that this is by no means limited to SHGetFileInfo. A majority of the Shell functions are impacted. So if you crash in shell32 with c0000005, set a breakpoint on the Release of the DesktopFolder and check if you Release only your share.

maartenb

Comments

  • Anonymous
    September 02, 2006
    Depending on Implementation details like this is evil. ie, something is globally cached and doesn't respond to release calls in one version change to being locally created and disposed of. Sadly, people often won't admit it is a bug in their own code and will instead blame someone else (or the system).