[Bug 39892] New: Regression in Wine 1.7.33+ causes UFile to crash with runtime error when rendering certain pages
https://bugs.winehq.org/show_bug.cgi?id=39892 Bug ID: 39892 Summary: Regression in Wine 1.7.33+ causes UFile to crash with runtime error when rendering certain pages Product: Wine Version: 1.9.0 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: anthony(a)anthonyfok.org Distribution: --- Created attachment 53271 --> https://bugs.winehq.org/attachment.cgi?id=53271 Winedbg 1.9.0 log of UFile 2013 crashing at the NetFile "Interview" page UFile 2013, which worked almost flawlessly and successfully submitted my Canadian tax returns over the Internet on my behalf with Wine 1.7.17: * https://appdb.winehq.org/objectManager.php?sClass=version&iId=30238 (from May 2014) now crashes consistently with a _CxxThrowException() error at msvcr100 upon clicking on the link to certain "Interview" pages. This has been tested on both Ubuntu 14.04.3 LTS and Debian sid (December 2015) with Wine-1.8 (provided by the distributions) and with Wine-1.9.0 (from WineHQ). This same problem also plagues the newer UFile 2014, and presumably with UFile 2015. After many trials to no avail, I finally went back to wine-unstable:i386 (1.7.17-1) from snapshot.debian.org, and... it worked! Some more tests later, I found that wine-development:i386 (1.7.32-1) was the last good working version. From 1.7.33 on, up to 1.7.55, 1.8 and 1.9.0, Wine would crash when I click on a UFile "Interview" page like "NetFile". The "Interview" pages that crash seem to be the ones that involve some kind of HTML rendering, e.g., where an image or a hyperlink is included in the introductory text. Just to make sure it has nothing to do with the new GCC 5.x toolchain, I took Debian's old 1.7.32-1 package from December 2014 and recompiled it inside a pbuilder/cowbuilder environment for sid-i386. Both Debian's old 1.7.32-1 package and my recompiled package work flawlessly, while both Debian's old 1.7.33-1 and my recompiled package crash at the same place. Note, however, that HTML Help dialog works fine with all the above Wine versions up to Wine 1.9.0. Nevertheless, since the runtime exception seems to have initiated from UFile's own DtHtmlLabelDll.dll, and pages with plain-text introductory text renders fine in Wine 1.7.33 to 1.9.0, I suspect that some changes in MSHTML introduced in 1.7.33 could be the cause of this regression. Thanks in advance! Anthony -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #1 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53272 --> https://bugs.winehq.org/attachment.cgi?id=53272 Winedbg 1.7.33 log of UFile 2013 crashing at the NetFile "Interview" page -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #2 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53273 --> https://bugs.winehq.org/attachment.cgi?id=53273 Screenshot of UFile 2013 rendering the NetFile "Interview" page in 1.7.32 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #3 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53274 --> https://bugs.winehq.org/attachment.cgi?id=53274 Screenshot of UFile 2013 crashing at the NetFile "Interview" page in Wine 1.9.0 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Anthony Fok <anthony(a)anthonyfok.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #53273|Screenshot of UFile 2013 |Screenshot of UFile 2013 description|rendering the NetFile |rendering the NetFile |"Interview" page in 1.7.32 |"Interview" page in Wine | |1.7.32 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Anthony Fok <anthony(a)anthonyfok.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |anthony(a)anthonyfok.org, | |jacek(a)codeweavers.com Component|-unknown |mshtml Regression SHA1| |1454e302a80c218343420a7402d | |a4d6e2dec4c76 --- Comment #4 from Anthony Fok <anthony(a)anthonyfok.org> --- Following the instructions at http://wiki.winehq.org/RegressionTesting, I did a regression test inside a sid-i386 chroot environment, and found the following: foka(a)debian:~/wine-dirs/wine-source$ git bisect good 1454e302a80c218343420a7402da4d6e2dec4c76 is the first bad commit commit 1454e302a80c218343420a7402da4d6e2dec4c76 Author: Jacek Caban <jacek(a)codeweavers.com> Date: Mon Dec 1 12:55:51 2014 +0100 mshtml: Added support for flag 2 in getAttribute. :040000 040000 e310a1e23bff845038a76d07a587ff60d212f07f 2e8691d55751082174d77f70ab68b55e7cbf7df9 M dlls And here is the git bisect log: foka(a)debian:~/wine-dirs/wine-source$ git bisect log git bisect start # bad: [aa026e061446d5afee9d55b808402998fae94f1f] Release 1.7.33. git bisect bad aa026e061446d5afee9d55b808402998fae94f1f # good: [fe2466ffdfa505329d009dac14cf933e77a14495] Release 1.7.32. git bisect good fe2466ffdfa505329d009dac14cf933e77a14495 # bad: [14324fec97b8c9740dcbca59d44a5cba13b00323] ws2_32/tests: Add SO_BSP_STATE tests. git bisect bad 14324fec97b8c9740dcbca59d44a5cba13b00323 # bad: [685c68ba61cb01f1ab4d68bd5f75fb9bed74bd3b] cabinet/tests: Add test for calling FDIIsCabinet with hf == 0. git bisect bad 685c68ba61cb01f1ab4d68bd5f75fb9bed74bd3b # bad: [f1cd8d4ac9ece36bebc0f7ab3e15edc3e425248d] localspl: Remove unused strings (Clang). git bisect bad f1cd8d4ac9ece36bebc0f7ab3e15edc3e425248d # good: [08b06b7d8f7396937c3d278219ce3b6cefa0476a] wined3d: Unbind shader resource views in state_unbind_resources(). git bisect good 08b06b7d8f7396937c3d278219ce3b6cefa0476a # good: [d57ccd54f8d751b57490d5a74c3a81ac31297313] ws2_32/tests: Fix several copy and paste errors. git bisect good d57ccd54f8d751b57490d5a74c3a81ac31297313 # bad: [1454e302a80c218343420a7402da4d6e2dec4c76] mshtml: Added support for flag 2 in getAttribute. git bisect bad 1454e302a80c218343420a7402da4d6e2dec4c76 # good: [71cb0cea7442440cc9ea3cf142255e9c261c01a6] mshtml: Added "indent" command support to execCommand. git bisect good 71cb0cea7442440cc9ea3cf142255e9c261c01a6 # first bad commit: [1454e302a80c218343420a7402da4d6e2dec4c76] mshtml: Added support for flag 2 in getAttribute. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Anthony Fok <anthony(a)anthonyfok.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #5 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53276 --> https://bugs.winehq.org/attachment.cgi?id=53276 Wine-1.7.32 mshtml trace after first "onclick" (JScript ignored, but no crash) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #6 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53277 --> https://bugs.winehq.org/attachment.cgi?id=53277 Wine-1.7.33 mshtml trace after first "onclick": IID_ISupportErrorInfo... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #7 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53278 --> https://bugs.winehq.org/attachment.cgi?id=53278 Wine-1.9.0 mshtml trace after first "onclick": IID_ISupportErrorInfo... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #8 from Anthony Fok <anthony(a)anthonyfok.org> --- The onclick events that apparently leads to the <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm\");'>click here</a> <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_efile_eol.htm\");'>click here</a> <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm#xmit\");'>click here</a> <p> If you do not use NetFile, you must <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_print.htm\");'>print your tax return</a> and mail it to the government. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #9 from Anthony Fok <anthony(a)anthonyfok.org> --- Sorry, I pressed the wrong key and sent out the last comment prematurely. It seems that Wine (1.7.33 to Wine-1.9.0) crashes after encountering an "onclick" that looks like the following: <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm\");'>click here</a> <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_efile_eol.htm\");'>click here</a> <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm#xmit\");'>click here</a> <p> If you do not use NetFile, you must <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_print.htm\");'>print your tax return</a> and mail it to the government. These strings are extracted from "C:\Program Files\UFile 2013\UB1X13A.dte". -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Regression in Wine 1.7.33+ |UFile crashes with runtime |causes UFile to crash with |error when rendering |runtime error when |certain pages |rendering certain pages | Severity|major |normal -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #10 from Nikolay Sivov <bunglehead(a)gmail.com> --- Does it have freely available demo/full version to test? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #11 from Anthony Fok <anthony(a)anthonyfok.org> --- (In reply to Nikolay Sivov from comment #10)
Does it have freely available demo/full version to test?
Yes, the full version may be downloaded from: http://downloads.drtax.ca/ufile/UF2013EGYH34U86GA23WHUS4/UFile2013.exe (The download URL was found in pages like http://support.drtax.ca/KB/faqs-windows-english/source/webpages/kpt240-20140... and http://community.ufile.ca/index.php?/topic/4931-availability-of-downloadable... .) It can be installed simply by running "wine UFile2013.exe". However, UFile for Windows requires an activation key before it can be used... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #12 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53280 --> https://bugs.winehq.org/attachment.cgi?id=53280 Prevent type mismatch error with getAttribute("onclick", 2) It appears that UFile tries to do this: getAttribute("onclick", 2); However, HTMLElement_get_onclick() somehow gives back an AttributeValue of VT_NULL, which of course fails to be converted to VT_BSTR, thus VariantChangeType() returns a HRESULT of 0x80020005 (Type Mismatch), which HTMLElement_getAttribute() also returns, leading to the runtime error and crash. In Wine 1.7.32, HTMLElement_getAttribute() did not do any VariantChangeType(), and happily returns S_OK as the HRESULT, so UFile kept on running happily without crashing. So, the attached patch adds a test case for VT_NULL and change it to a VT_BSTR(NULL) and returns S_OK, reverting to the behaviour in Wine 1.7.32. No more crashing. Yay! However, I do suspect the real problem lies with HTMLElement_get_onclick() and other JScript-related HTMLElement_get_xxxxxx() functions. Shouldn't it be able to return an AttributeValue as a string (i.e., BSTR)? How did it become VT_NULL? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Anthony Fok <anthony(a)anthonyfok.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #13 from Anthony Fok <anthony(a)anthonyfok.org> --- Created attachment 53285 --> https://bugs.winehq.org/attachment.cgi?id=53285 Add getAttribute("onclick", 2) test to jstest.html This new test case in the attached mshtml-jstest-getAttribute-onclick-2.patch would trigger the same problem I saw in UFile 2013: cd ~/wine-dirs/wine-build/dlls/mshtml/tests WINEDEBUG=+mshtml,+variant make script.ok except that this WineTest hangs after err:mshtml:update_window_doc GetDocument failed: 00000000 instead of triggering _CxxThrowException() like UFile does. After applying prevent-0x80020005-type-mismatch-error-with-getAttribute-onclick-2.patch, this particular WineTest gives an error: script.c:632: Test failed: L"getAttribute('onclick') = " instead of giving the string value of the onclick attribute, but WineTest continues merrily on. Hope this helps! -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #14 from Jacek Caban <jacek(a)codeweavers.com> --- Created attachment 53314 --> https://bugs.winehq.org/attachment.cgi?id=53314 A fix for custom attributes Thank you for the analyse. Does the attached patch help? That's the proper solution for custom attributes. Proper support for event attributes is more tricky to get right, but hopefully this will be enough. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 --- Comment #15 from Anthony Fok <foka(a)debian.org> --- Hello Jacek, Thank you for your "A fix for custom attributes" patch! And yes, it works! :-) Your patch has indeed fixed the regression, and all "Interview" forms in UFile can now be displayed without hiccup or crash, just like it was in Wine 1.7.32. :-) (Alhough getAttribute("onclick", 2) is not yet able to retrieve onclick's string value, and such JavaScript-based buttons do not yet work, these buttons are only used in the help text and do not affect UFile's overall usability.) So yes, your patch looks very good to me. Many thanks for your expert help! Cheers, Anthony -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Jacek Caban <jacek(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #16 from Jacek Caban <jacek(a)codeweavers.com> --- Thanks for testing, I sent the patch: http://source.winehq.org/patches/data/117774 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Jacek Caban <jacek(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |f394dca92a014fa07e0cec59f97 | |fb9fd2ba157da Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #17 from Jacek Caban <jacek(a)codeweavers.com> --- Fixed in Git. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #18 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 1.9.1. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Michael Stefaniuc <mstefani(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |1.8.x CC| |mstefani(a)redhat.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39892 Michael Stefaniuc <mstefani(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|1.8.x |--- --- Comment #19 from Michael Stefaniuc <mstefani(a)redhat.com> --- Removing 1.8.x milestone from bugs included in 1.8.5. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org