[Bug 48442] New: MPGUI crash on start in MSVCRT__wctomb_s_l in msvcr100
https://bugs.winehq.org/show_bug.cgi?id=48442 Bug ID: 48442 Summary: MPGUI crash on start in MSVCRT__wctomb_s_l in msvcr100 Product: Wine Version: 5.0-rc4 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: msvcrt Assignee: wine-bugs(a)winehq.org Reporter: lorenzofer(a)live.it Distribution: --- Created attachment 66220 --> https://bugs.winehq.org/attachment.cgi?id=66220 stacktrace Hi, MPGUI (a C++/CLI application, so C++ app that use the .NET runtime )crash on start with a Unhandled exception: page fault on read access to 0x00000020 in 32-bit code (0x7c6e61a0). PArt of the stacktrace: 0 0x7c6e61a0 MSVCRT__wctomb_s_l+0x1180() in msvcr100 (0x0032f378) 1 0x7c6e87f0 MSVCRT_vsnprintf+0x3f() in msvcr100 (0x0032f3c8) 2 0x7c6e8952 MSVCRT_sprintf_s+0x21() in msvcr100 (0x0032f3f8) 0x7c6e61a0 MSVCRT__wctomb_s_l+0x1180 in msvcr100: movzbl 0x0(%edi),%eax This part of the stacktrace suggest that native dotnet may be a workaround: 10 0x6c54c5ee mono_jit_runtime_invoke+0x46d(exc=<is not available>) [Z:\vagrant\mono\mono\mini\mini-runtime.c:3184] in libmono-2.0-x86 (0x005f6b48) 11 0x6c71da32 object_new_handle_common_tail+0x1d1(o=<is not available>, klass=<is not available>, error=<is not available>) [Z:\vagrant\mono\mono\metadata\object.c:3029] in libmono-2.0-x86 (0x00000000) 12 0x6c722105 mono_runtime_object_init+0xd4() [Z:\vagrant\mono\mono\metadata\object.c:5151] in libmono-2.0-x86 (0x00000000) 13 0x6c5a3372 mono_jit_exec+0x191() [Z:\vagrant\mono\mono\mini\driver.c:1325] Full stacktrace attached. Prefix is new. 32bit Wine Log is empty. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #1 from Lorenzo Ferrillo <lorenzofer(a)live.it> --- This is with compiled debug symbols: =>0 0xf7438320 pf_printf_a+0x40(pf_puts=0xf7430530, puts_ctx=0x32f398, fmt=<is not available>, locale=(nil), options=0, pf_args=0xf74309e0, args_ctx=0x0(nil), valist=0x32f3dc) [Z:\home\lorenzo\PKGBUILDS\wine-tkg-git\src\wine-tkg-staging-fsync-git-32-build\dlls\msvcr100\..\..\..\wine-mirror-git\dlls\msvcr100\..\msvcrt\printf.h:411] in msvcr100 (0x0032f368) 1 0xf743a940 vsnprintf+0x3f(valist=<couldn't compute location>) [Z:\home\lorenzo\PKGBUILDS\wine-tkg-git\src\wine-tkg-staging-fsync-git-32-build\dlls\msvcr100\..\..\..\wine-mirror-git\dlls\msvcr100\..\msvcrt\wcs.c:691] in msvcr100 (0x0032f3b8) 2 0xf743aaa2 sprintf_s+0x21() [Z:\home\lorenzo\PKGBUILDS\wine-tkg-git\src\wine-tkg-staging-fsync-git-32-build\dlls\msvcr100\..\..\..\wine-mirror-git\dlls\msvcr100\..\msvcrt\wcs.c:1311] in msvcr100 (0x0032f3e8) Used Tk-glitch pkgbuild but without any patch active. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 Lorenzo Ferrillo <lorenzofer(a)live.it> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|MPGUI crash on start in |MPGUI crash on start in |MSVCRT__wctomb_s_l in |MSVCRT__wctomb_s_l+0x1180 |msvcr100 |(pf_printf_a+0x40) in | |msvcr100 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #2 from Lorenzo Ferrillo <lorenzofer(a)live.it> --- Confirm installing dontet452 fix the crash. So it seems that the wine-mono runtime may do an invalid call in this circumstance, or the msvcr100 doesn't handle correctly an edge case. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #3 from Nikolay Sivov <bunglehead(a)gmail.com> --- Is MPGUI itself enough to reproduce? Could you post download link for version you tested with? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 Lorenzo Ferrillo <lorenzofer(a)live.it> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://www.nexusmods.com/o | |blivion/mods/41447 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #4 from Lorenzo Ferrillo <lorenzofer(a)live.it> --- Sorry forgot to add link. Yes just start MPGUI should trigger the bug. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 Piotr Caban <piotr.caban(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |piotr.caban(a)gmail.com Component|msvcrt |-unknown --- Comment #5 from Piotr Caban <piotr.caban(a)gmail.com> --- It crashes in the same way when native msvcr100 is used. sprintf_s is called with incorrect arguments. Changing component to unknown. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #6 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- Created attachment 69990 --> https://bugs.winehq.org/attachment.cgi?id=69990 output Still present in wine-6.8 with wine-mono-6.1.1. 'winetricks -q dotnet40' is enough to work around. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 Gijs Vermeulen <gijsvrm(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |mscoree Summary|MPGUI crash on start in |MPGUI crashes on start with |MSVCRT__wctomb_s_l+0x1180 |Wine-Mono |(pf_printf_a+0x40) in | |msvcr100 | --- Comment #7 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- Marking as a wine-mono bug as native dotnet fixes it and native msvcr100 makes no difference. If this is not the right assumption to make, let me know. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #8 from Esme Povirk <madewokherd(a)gmail.com> --- Yes, it's likely incorrect generation of the sprintf_s wrapper in Mono. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #9 from Lorenzo Ferrillo <lorenzofer(a)live.it> --- Hi Esme Can you point me to where this wrapper is generated? Mono code is a bit of mess in an architectural sense. Do you prefers to have an issue on github for this? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #10 from Esme Povirk <madewokherd(a)gmail.com> --- It's too complex to point to just one place, but the most relevant parts are probably marshal.c and marshal-ilgen.c. You may find MONO_VERBOSE_METHOD=sprintf_s to be a useful tool, as it will show the output of the code generation process, as well as the function address which can be used to show disassembly if you have winedbg attached. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #11 from Esme Povirk <madewokherd(a)gmail.com> --- I get a different error: Unhandled Exception: System.Runtime.InteropServices.MarshalDirectiveException: Type System.ArgIterator which is passed to unmanaged code must have a StructLayout attribute. at (wrapper managed-to-native) <Module>.vsprintf_s(sbyte modopt(System.Runtime.CompilerServices.IsSignUnspecifiedByte)*,uint,sbyte modopt(System.Runtime.CompilerServices.IsSignUnspecifiedByte) modopt(System.Runtime.CompilerServices.IsConst)*,System.ArgIterator) at <Module>.llLogger.WriteNextLine (llLogger* , System.Int32 _level, System.SByte* _format) [0x00077] in <d6ddfbb4dbaf4ec1a1dec038c2023081>:0 at <Module>.llAddGame.Exec (llAddGame* ) [0x0000c] in <d6ddfbb4dbaf4ec1a1dec038c2023081>:0 Corresponding code on GitHub: https://github.com/Gruftikus/lltool/blob/master/src/lllogger.cpp#L54 Based on a wrapper log it seems like it's been able to call sprintf_s without crashing, but I can't tell if the particular call that crashed for others is working now. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #12 from Esme Povirk <madewokherd(a)gmail.com> --- I think this requires an implementation of marshaling ArgIterator to va_list. How hard that is probably depends on the ABI for va_list. I can't seem to find any documentation for it. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #13 from Esme Povirk <madewokherd(a)gmail.com> ---
From compiling a test program and looking at disassembly, it seems like va_list on Windows is just a pointer to a buffer containing the arguments. That leaves a lot of ambiguity in terms of how things are packed, but in most cases they're likely to be pointer-sized.
-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #14 from Esme Povirk <madewokherd(a)gmail.com> --- I implemented ArgIterator marshaling: https://github.com/madewokherd/wine-mono/commit/bc7c9941c4f7bf11078ad0309eac... The program starts with those changes, but since I don't have any games or mods to work with I can't test it. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 --- Comment #15 from Esme Povirk <madewokherd(a)gmail.com> --- CI build available here: https://github.com/madewokherd/wine-mono/actions/runs/1191747348 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 Esme Povirk <madewokherd(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Fixed by SHA1| |e6513521ff8b81ba838bb96d10f | |b20c64c1c2306 --- Comment #16 from Esme Povirk <madewokherd(a)gmail.com> --- The fix was included in Wine Mono 6.4.0 which will be in Wine 6.18. It's enough to start the program, but as I said earlier I wasn't able to test the functionality. Please file a new bug if you encounter further problems. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48442 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #17 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 6.18. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla