[Bug 45769] New: 0CC-FamiTracker etc. crashes after saving, due to AfxFormatString1(out=in)
https://bugs.winehq.org/show_bug.cgi?id=45769 Bug ID: 45769 Summary: 0CC-FamiTracker etc. crashes after saving, due to AfxFormatString1(out=in) Product: Wine Version: 3.14 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: jimbo1qaz(a)gmail.com Distribution: --- 0CC-FamiTracker 0.3.14.5 (http://hertzdevil.info/programs/0CCft_v0314r5.7z ) and my j0CC fork (https://github.com/jimbo1qaz/j0CC-FamiTracker/releases/download/j0.6.0a/j0CC... ) crash after saving. Confirmed on multiple machines including Ubuntu with 3.14 and 3.15, and a Debian x64 VM with a .wine created under Debian version, and upgraded to 3.0.2. Instructions: - Open 0CC (and optionally open an existing file. - Press Space (to enable editing) and mash the keyboard a bit to enter notes. - Press Ctrl+S and specify a filename. - Mash a few keys and press Ctrl+S a few times. At this point 0CC will usually crash with an assertion error in CString, often with a backtrace consisting of a single entry of 0x0. One time I got a backtrace pointing to MFC UI code. ------------ I think this is a memory corruption issue arising from calling `AfxFormatString1(text, IDS_FILE_SAVED, text);` with the same input and output = https://github.com/HertzDevil/0CC-FamiTracker/blob/v0.3.14.5/Source/FamiTrac... But it doesn't crash on Windows. Is that a program bug or Wine bug? - I think MFC is statically linked. I thought it was a regression from some unknown earlier revision, but I installed a Debian Stretch 64 VM, `apt-get install wine wine32` (https://packages.debian.org/stretch/wine = 1.8.7-2), and `wine 0CC-FamiTracker.exe` experiences the same issue. Maybe the crash doesn't manifest on Wine 32? IDK. ----------- The code in question has been removed from 0CC, and I will be including a workaround (don't call AfxFormatString1(out=in)) into j0CC soon. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45769 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4(a)web.de --- Comment #1 from Fabian Maurer <dark.shadow4(a)web.de> --- Can you try removing the code in question, recompile, and run it again under wine? If it doesn't crash, that's the problem. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45769 --- Comment #2 from jimbo1qaz <jimbo1qaz(a)gmail.com> --- Replacing `AfxFormatString1(text, IDS_FILE_SAVED, text);` with `return TRUE;`, or introducing a new `CString out; AfxFormatString1(out,...` fixes the crash I think. (i swear i posted this yesterday but I guess not) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45769 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #3 from Fabian Maurer <dark.shadow4(a)web.de> --- Confirming, actually does crash inside AfxFormatString1 due to overlapped structure. When re-allocating the CString, the old content (for some reason) loses its nullterminator, which leads in the string getting bigger than expected, not fitting the resized string anymore. Does more look like just undefined behavior than an issue in wine though. Or maybe there is a bug that it loses the null terminator? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45769 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://hertzdevil.info/prog | |rams/0CCft_v0314r5.7z Component|-unknown |ntdll Keywords| |download -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45769 --- Comment #4 from Fabian Maurer <dark.shadow4(a)web.de> --- Created attachment 62258 --> https://bugs.winehq.org/attachment.cgi?id=62258 Test case Attaching a simple test case of what I think is happening here. No idea if we even want to have this working in wine, it's undefined behavior due to usage of a freed pointer. How to deal with this kind of issue? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45769 --- Comment #5 from Fabian Maurer <dark.shadow4(a)web.de> --- I have to add, it works pretty reliable on windows: https://testbot.winehq.org/JobDetails.pl?Key=41733 But I wouldn't know how to fix it in wine. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=45769 KRosUser <kyle.kcsoftwares(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kyle.kcsoftwares(a)gmail.com --- Comment #6 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- Wine 10.7 and Famitracker 0.4.6 : Save / Save As work without problem. RESOLVED ? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=45769 --- Comment #7 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- Tested OK too with OCC-Famitracker 0.3.15.3 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla