none
Crash in MSHTML.DLL with method of IHTMLInputElement RRS feed

  • 问题

  • Thinks everybody.

    I use MFC with Browser ActiveX control for my self browser.

    When I found some input element and call the put_value method, then i got a exception in MSHTML.dll.

    Use IE7 Core.

    Win7 x64.

    VS2012

    The code is:

    BOOL CWebDlg::Search_InputWord(IHTMLFormElement* lpFormElem, LPCTSTR lpInoutWords)
    {
        if ( (lpFormElem == NULL) || (lpInoutWords == NULL) )
        {
            return FALSE;
        }
    
        //===============================================
        // Obtain the count
        //===============================================
        LONG lElemCount = 0;
        HRESULT hr = lpFormElem->get_length(&lElemCount);
        if ( FAILED(hr) )
        {
            return FALSE;
        }
    
        BOOL bSuccess = FALSE;
        BOOL bFindInput = FALSE;
        for ( int i = 0; i < lElemCount; ++i )
        {
            //===============================================
            // Obtain the coutn of IHTMLInputElement
            //===============================================
            IDispatch* lpDisp = NULL;
            hr = lpFormElem->item(CComVariant(i), CComVariant(), &lpDisp);
            if ( FAILED(hr) )
            {
                continue;
            }
    
            IHTMLInputElement* lpInputElem = NULL;
            hr = lpDisp->QueryInterface(IID_IHTMLInputElement, (void**)&lpInputElem);
            if ( FAILED(hr) || (lpInputElem == NULL) )
            {
                continue;
            }
    
            //===============================================
            // Obtain the name
            //===============================================
            BSTR bstrName = NULL;
            hr = lpInputElem->get_name(&bstrName);
            if ( FAILED(hr) || (bstrName == NULL) )
            {
                continue;
            }
    
            //===============================================
            // 
            //===============================================
            if ( ::_tcsicmp(bstrName, TEXT("word")) == 0 )
            {
                bFindInput = TRUE;
            }
            else if ( ::_tcsicmp(bstrName, TEXT("q")) == 0 )
            {
                bFindInput = TRUE;
            }      
            ::SysFreeString(bstrName);
    
            //===============================================
            // Input what u want
            //===============================================
            if ( bFindInput )
            {
                //lpInputElem->select();
                lpInputElem->put_value(CComBSTR(lpInoutWords));
    
                bSuccess = TRUE;
                break;
            }
        }
    
        return bSuccess;
    }


    This code will be crash at the lien 

    lpInputElem->put_value(CComBSTR(lpInoutWords));

    The crash stack:

    When i use CComDispatchDriver to call GetPropertyByName or PutPropertyByName method, it's also crash.

    Thinks !!!!

    2018年8月2日 16:50

全部回复

  • Hi,

    thanks for posting here.

    >>When I found some input element and call the put_value method, then i got a exception in MSHTML.dll.

    According to this document, passing the address of an initialized CComBSTR to a function as an [out] parameter causes a memory leak. To avoid the leak, call the Empty method on existing CComBSTR objects before passing the address as an [out] parameter.

    You could also use Windows debuggers to analyze crash dump files if you have. For more information, please refer to this document below.

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/crash-dump-files

    Hope this could be help of you.

    Best Regards,

    Baron Bi


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    2018年8月6日 5:39