[Bug 48814] New: Microsoft Word 6.0 for Windows installer crashes after wine-4.8-247-g0d7d0427d0

https://bugs.winehq.org/show_bug.cgi?id=48814

Bug ID: 48814 Summary: Microsoft Word 6.0 for Windows installer crashes after wine-4.8-247-g0d7d0427d0 Product: Wine Version: 5.4 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: user16 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---

Hello folks,

found a regression while checking some old bugs (bug 7102).

Microsoft Word 6.0 for Windows installer crashes when clicking initial 'OK' button, while transitioning to 'Name and Organization Information' dialog.

Offending commit:

https://source.winehq.org/git/wine.git/commitdiff/0d7d0427d0a1b8b8e4b84019db... ("user.exe: Avoid using libwine functions.")

--- snip --- $ pwd /home/focht/Downloads/Microsoft Word 6.0 (3.5-1.44mb)/unpacked

$ wine ./SETUP.EXE ... Unhandled exception: page fault on execute access to 0xf0ffffff in 32-bit code (0xf0ffffff). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f0ffffff ESP:007ef82c EBP:007ef858 EFLAGS:00010202( R- -- I - - - ) EAX:f0ffffff EBX:00020074 ECX:00000012 EDX:00000000 ESI:007ef8dc EDI:00000000 ... Backtrace: =>0 0xf0ffffff (0x007ef858) 1 0x7e8c628d call_window_proc+0x4c(hwnd=0x20074) [/home/focht/projects/wine/custom-src/dlls/user32/winproc.c:249] in user32 (0x007ef8a8) 2 0x7e8c85f3 CallWindowProcA+0x62() [/home/focht/projects/wine/custom-src/dlls/user32/winproc.c:1008] in user32 (0x007ef8f8) 3 0xf7ac105a call_window_proc_callback+0x19() [/home/focht/projects/wine/custom-src/dlls/user.exe16/message.c:88] in user.exe16 (0x007ef938) 4 0xf7ac3171 WINPROC_CallProc16To32A+0x750(wParam=0xffff, lParam=0x52f049) [/home/focht/projects/wine/custom-src/dlls/user.exe16/message.c:905] in user.exe16 (0x007ef9e8) 5 0xf7ac4e6b CallWindowProc16+0x8a() [/home/focht/projects/wine/custom-src/dlls/user.exe16/message.c:1540] in user.exe16 (0x007efa48) 6 0xf7ac57af DispatchMessage16+0x13e(msg=<couldn't compute location>) [/home/focht/projects/wine/custom-src/dlls/user.exe16/message.c:1774] in user.exe16 (0x007efa98) 7 0xf7ac58eb IsDialogMessage16+0x7a(hwndDlg=<couldn't compute location>, msg16=<couldn't compute location>) [/home/focht/projects/wine/custom-src/dlls/user.exe16/message.c:1841] in user.exe16 (0x007efaf8) 8 0xf7ab863a iLangRight+0x1e639() in user.exe16 (0x007efb28) 9 0x7e56f254 free_delay_imports+0x2d73() [/home/focht/projects/wine/custom-src/dlls/winecrt0/delay_load.c:64] in krnl386.exe16 (0x007efb58) 10 0x14a7:0x1076 (0x1337:0xa2c8) ... 21 0x0512:0x4700 (0x1337:0x0000) 0xf0ffffff: -- no code accessible -- Modules: Module Address Debug info Name (94 modules) ELF 7b400000-7b841000 Deferred kernel32<elf> -PE 7b430000-7b841000 \ kernel32 ELF 7bc00000-7bd35000 Deferred ntdll<elf> -PE 7bc30000-7bd35000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ELF 7e282000-7e297000 Deferred comm.drv16.so PE 7e290000-7e297000 Deferred comm.drv16 ELF 7e297000-7e2ac000 Deferred system.drv16.so PE 7e2a0000-7e2ac000 Deferred system.drv16 ... ELF 7e545000-7e5ef000 Dwarf krnl386.exe16.so PE 7e560000-7e5ef000 DIA krnl386.exe16 ELF 7e5ef000-7e61a000 Deferred version<elf> -PE 7e600000-7e61a000 \ version ELF 7e61a000-7e6af000 Deferred advapi32<elf> -PE 7e630000-7e6af000 \ advapi32 ELF 7e6af000-7e7fc000 Deferred gdi32<elf> -PE 7e6d0000-7e7fc000 \ gdi32 ELF 7e7fc000-7ea30000 Dwarf user32<elf> -PE 7e830000-7ea30000 \ user32 ... ELF 7efe9000-7f000000 Deferred winevdm<elf> -PE 7eff0000-7f000000 \ winevdm ... ELF f7cf5000-f7d0a000 Deferred keyboard.drv16.so PE f7d00000-f7d0a000 Deferred keyboard.drv16 ELF f7d0a000-f7d20000 Deferred display.drv16.so PE f7d10000-f7d20000 Deferred display.drv16 ELF f7d22000-f7d2b000 Deferred libuuid.so.1 ELF f7d2b000-f7ee1000 Dwarf libwine.so.1 ELF f7ee3000-f7f0c000 Deferred ld-linux.so.2 ELF f7f0f000-f7f10000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000029 (D) C:\windows\system32\winevdm.exe 0000002c 0 <== 0000002b 0 0000002a 0 --- snip ---

Trace log:

--- snip --- $ WINEDEBUG=+seh,+relay,+winevdm,+win,+msg wine ./SETUP.EXE >>log.txt 2>&1 ... 002e:Call USER.109: PEEKMESSAGE(11df:18d6,0000,0000,0000,0001) ret=11cf:140b ds=11df 002e:Call user32.PeekMessageA(013df8ec,00000000,00000000,00000000,00000001) ret=00bba7e0 002e:Call krnl386.exe16.ReleaseThunkLock(013df798) ret=00bbc0f9 002e:Ret krnl386.exe16.ReleaseThunkLock() retval=00000000 ret=00bbc0f9 002e:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000000,00000000,00000000,000004ff,00000000) ret=7e8c6bd3 002e:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000102 ret=7e8c6bd3 002e:Call krnl386.exe16.RestoreThunkLock(00000002) ret=00bbc115 002f:Ret krnl386.exe16.RestoreThunkLock() retval=00000063 ret=00bbc115 002f:trace:msg:peek_message got type 6 msg 118 (WM_SYSTIMER) hwnd 0x20098 wp ffff lp ffff000e ... 002f:Ret user32.GetMessageA() retval=00000001 ret=00bbab51 002f:trace:msg:GetMessage32_16 message 0118, hwnd 00000000, filter(0000 - 0000) 002f:Ret USER.108: GETMESSAGE() retval=00000001 ret=14a7:0784 ds=1547 002f:Call USER.90: ISDIALOGMESSAGE(007e,1337:a2d6) ret=14a7:1076 ds=1547 002f:Call user32.IsChild(0002007e,00020098) ret=00bbae91 002f:Ret user32.IsChild() retval=00000001 ret=00bbae91 002f:Call user32.TranslateMessage(0157f904) ret=00bbaec2 002f:Ret user32.TranslateMessage() retval=00000000 ret=00bbaec2 002f:Call KERNEL32.GetTickCount() ret=00bbacd6 002f:Ret KERNEL32.GetTickCount() retval=0027b1cd ret=00bbacd6 002f:Call user32.CallWindowProcA(f0ffffff,00020098,00000118,0000ffff,0027b1cd) ret=00bba72b 002f:Call window proc 0xf0ffffff (hwnd=0x20098,msg=WM_SYSTIMER,wp=0000ffff,lp=0027b1cd) 002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf0ffffff ip=f0ffffff tid=002f 002f:trace:seh:raise_exception info[0]=00000008 002f:trace:seh:raise_exception info[1]=f0ffffff 002f:trace:seh:raise_exception eax=f0ffffff ebx=00020098 ecx=00000012 edx=00000000 esi=0157f77c edi=00000000 002f:trace:seh:raise_exception ebp=0157f6f8 esp=0157f6cc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 002f:trace:seh:call_vectored_handlers calling handler at 0x7e496ba0 code=c0000005 flags=0 002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e495c76 ip=7e495c76 tid=002f 002f:trace:seh:raise_exception info[0]=00000000 002f:trace:seh:raise_exception info[1]=f0ffffff 002f:trace:seh:raise_exception eax=00000001 ebx=00000023 ecx=0157f2e0 edx=00000023 esi=f0ffffff edi=0157f3a8 002f:trace:seh:raise_exception ebp=0157f298 esp=0157f250 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010286 002f:trace:seh:call_vectored_handlers calling handler at 0x7e496ba0 code=c0000005 flags=0 002f:trace:seh:call_vectored_handlers handler at 0x7e496ba0 returned 0 002f:trace:seh:call_stack_handlers calling handler at 0x7e4c5460 code=c0000005 flags=0 002f:trace:seh:call_stack_handlers handler at 0x7e4c5460 returned 1 002f:trace:seh:call_stack_handlers calling handler at 0x7bcd6b30 code=c0000005 flags=0 ... --- snip ---

$ sha1sum Microsoft\ Word\ 6.0\ (3.5-1.44mb).7z eff83e8ce77c02e8782ca9faee85454b9d0cf402 Microsoft Word 6.0 (3.5-1.44mb).7z

$ du -sh Microsoft\ Word\ 6.0\ (3.5-1.44mb).7z 13M Microsoft Word 6.0 (3.5-1.44mb).7z

$ wine --version wine-5.4-356-gab0a3cb2ff

Regards