MFC unsafely uses GetModuleHandle behind the scenes, causing crash

MFC unsafely uses GetModuleHandle behind the scenes, causing crash by Gigaplex

Closed

as Fixed

Type:	Bug
ID:	711714
Opened:	12/5/2011 5:32:57 PM
Access Restriction:	Public
Moderator Decision:	Sent to Engineering Team for consideration

Workaround(s)

view

User(s) can reproduce this bug

According to the documentation of the GetModuleHandle function, it is unsafe to assume that the handle returned remains valid between the time the handle is returned and the time it is used (most relevant in multithreaded applications). Unfortunately, MFC uses GetModuleHandle unsafely behind the scenes in the class CDllIsolationWrapperBase (afxcomctl32.h).

The CDllIsolationWrapperBase class first attempts to query and store for an extended period the handle to the module in question using GetModuleHandle, and if that fails it falls back to LoadLibrary. LoadLibrary increases the reference count, GetModuleHandle does not. If something temporarily loads the module before the first use of this class and unloads it later, the class assumes it's still valid and a crash is likely.

Details (expand)

Visual Studio 2010 SP1

1) Have a short lived COM object make use of something that uses comdlg32.dll
2) Make use of a class (such as CFileDialog) that internally uses CDllIsolationWrapperBase - if on Vista or later, disable Vista style using the FALSE flag in the CFileDialog constructor.
3) Allow the COM object to unload, freeing up comdlg32.dll
4) Attempt to make use of CFileDialog a second time.

English

Windows 7

English

Subsequent calls into CFileDialog::DoModal will crash.

Subsequent calls into CFileDialog::DoModal will work properly, reloading comdlg32.dll if required (or holding a reference count via LoadLibrary on first use to prevent it unloading).

File Name	Submitted By	Submitted On	File Size
repro.zip	Gigaplex	12/5/2011	137 KB

Posted by Microsoft on 12/7/2011 at 10:37 AM

Hello,

Thanks for the report. This issue has been fixed in Visual Studio 11, because all of the CDllIsolationWrapperBase code has been removed. None of the code related to activation context remains, it has all been removed for Visual Studio 11. The isolation macros from Windows are used via the ISOLATION_AWARE_ENABLED macro.

Pat Brenner
Visual C++ Libraries Development

Posted by MS-Moderator07 [Feedback Moderator] on 12/6/2011 at 1:30 AM

Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.

Posted by Gigaplex on 12/5/2011 at 7:14 PM

The attached repro project shows this in action, simply build the solution and use the "Open..." menu in the test application more than once.

Posted by MS-Moderator01 on 12/5/2011 at 5:43 PM

Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)

Posted by Gigaplex on 12/5/2011 at 5:37 PM

Current workaround is to explicitly call LoadLibrary on libraries known to have issues with CDllIsolationWrapperBase to ensure a longer lifetime.