https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|winemenubuilder crashes |winemenubuilder crashes |when running any |during extraction of |application including |high-res Windows Vista+ |notepad |256x256 PNG compressed icon | |resources
--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming. Embarrassingly this bug exists for some years now.
I have 'winemenubuilder' disabled by default hence I didn't get those occasional crashes other people reported.
New bug reports with 'winemenubuilder' crashes appeared recently so I took an interest in this :)
In the case of the 'InnoSetup' installer there exist two icon groups in resource directory:
#1 "MAINICON"
--- snip --- 16 x 16 (256 colors) - Ordinal name: 1 32 x 32 (256 colors) - Ordinal name: 2 48 x 48 (256 colors) - Ordinal name: 3 16 x 16 (16.8mil colors) - Ordinal name: 4 32 x 32 (16.8mil colors) - Ordinal name: 5 48 x 48 (16.8mil colors) - Ordinal name: 6 128 x 128 (16.8mil colors) - Ordinal name: 7 256 x 256 (16.8mil colors) - Ordinal name: 8 --- snip ---
#2 "1"
--- snip --- 16 x 16 (256 colors) - Ordinal name: 9 32 x 32 (256 colors) - Ordinal name: 10 48 x 48 (256 colors) - Ordinal name: 11 16 x 16 (16.8mil colors) - Ordinal name: 12 32 x 32 (16.8mil colors) - Ordinal name: 13 48 x 48 (16.8mil colors) - Ordinal name: 14 128 x 128 (16.8mil colors) - Ordinal name: 15 256 x 256 (16.8mil colors) - Ordinal name: 16 --- snip ---
Relevant part of trace log:
--- snip --- ... 0028:Call KERNEL32.LoadLibraryExW(0033e71c L"C:\Program Files\Inno Setup 5\Compil32.exe",00000000,00000002) ret=7edb5790 0028:Ret KERNEL32.LoadLibraryExW() retval=00340001 ret=7edb5790 0028:Call KERNEL32.EnumResourceNamesW(00340001,0000000e,7edb56f2,0033d9c0) ret=7edb5934 0028:trace:resource:EnumResourceNamesW 0x340001 #000e 0x7edb56f2 33d9c0 0028:trace:resource:LdrFindResourceDirectory_U module 0x340001 type #000e name lang 0000 level 1 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 000e ret 0x3a58a8 0028:Call KERNEL32.FindResourceW(00340001,00136c88 L"MAINICON",0000000e) ret=7edb573d 0028:trace:resource:FindResourceExW 0x340001 #000e L"MAINICON" 0000 0028:trace:resource:LdrFindResource_U module 0x340001 type #000e name L"MAINICON" lang 0000 level 3 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 000e ret 0x3a58a8 0028:trace:resource:find_entry_by_name root 0x3a5600 dir 0x3a58a8 name L"MAINICON" ret 0x3a5ec8 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5ec8 id 0000 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5ec8 id 0409 ret 0x3a6308 0028:Ret KERNEL32.FindResourceW() retval=003a6308 ret=7edb573d 0028:Ret KERNEL32.EnumResourceNamesW() retval=00000000 ret=7edb5934 0028:Call KERNEL32.LoadResource(00340001,003a6308) ret=7edb59b5 0028:trace:resource:LoadResource 0x340001 0x3a6308 0028:Ret KERNEL32.LoadResource() retval=003fa5dc ret=7edb59b5 0028:Call KERNEL32.LockResource(003fa5dc) ret=7edb59d0 0028:Ret KERNEL32.LockResource() retval=003fa5dc ret=7edb59d0 0028:Call ntdll.RtlAllocateHeap(00110000,00000000,00055fc0) ret=7edb494b 0028:Ret ntdll.RtlAllocateHeap() retval=00137200 ret=7edb494b 0028:Call ntdll.RtlAllocateHeap(00110000,00000000,00000080) ret=7edb49dc 0028:Ret ntdll.RtlAllocateHeap() retval=0018d1c8 ret=7edb49dc 0028:Call ole32.CreateStreamOnHGlobal(00000000,00000001,0033d8ec) ret=7edb4a59 ... --- snip ---
Icon group "MAINICON" resources #1 .. #8
--- snip --- ... 0028:Call KERNEL32.FindResourceW(00340001,00000001,00000003) ret=7edb4699 0028:trace:resource:FindResourceExW 0x340001 #0003 #0001 0000 0028:trace:resource:LdrFindResource_U module 0x340001 type #0003 name #0001 lang 0000 level 3 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 0003 ret 0x3a5708 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5708 id 0001 ret 0x3a5aa8 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5aa8 id 0000 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5aa8 id 0409 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5aa8 id 0009 not found 0028:Ret KERNEL32.FindResourceW() retval=003a6048 ret=7edb4699 0028:Call KERNEL32.LoadResource(00340001,003a6048) ret=7edb46bb 0028:trace:resource:LoadResource 0x340001 0x3a6048 0028:Ret KERNEL32.LoadResource() retval=003a81f0 ret=7edb46bb 0028:Call KERNEL32.LockResource(003a81f0) ret=7edb46d6 0028:Ret KERNEL32.LockResource() retval=003a81f0 ret=7edb46d6 0028:Call KERNEL32.FreeResource(003a81f0) ret=7edb4889 0028:Ret KERNEL32.FreeResource() retval=00000000 ret=7edb4889 ... 0028:trace:resource:FindResourceExW 0x340001 #0003 #0008 0000 0028:trace:resource:LdrFindResource_U module 0x340001 type #0003 name #0008 lang 0000 level 3 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 0003 ret 0x3a5708 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5708 id 0008 ret 0x3a5b50 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5b50 id 0000 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5b50 id 0409 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5b50 id 0009 not found 0028:Ret KERNEL32.FindResourceW() retval=003a60b8 ret=7edb4699 0028:Call KERNEL32.LoadResource(00340001,003a60b8) ret=7edb46bb 0028:trace:resource:LoadResource 0x340001 0x3a60b8 0028:Ret KERNEL32.LoadResource() retval=003be188 ret=7edb46bb 0028:Call KERNEL32.LockResource(003be188) ret=7edb46d6 0028:Ret KERNEL32.LockResource() retval=003be188 ret=7edb46d6 0028:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf74c88e6 ip=f74c88e6 tid=0028 0028:trace:seh:raise_exception info[0]=00000000 0028:trace:seh:raise_exception info[1]=003fb000 0028:trace:seh:raise_exception eax=003faf90 ebx=f753a000 ecx=000031a0 edx=00189fa0 esi=00000800 edi=00003800 0028:trace:seh:raise_exception ebp=0033d898 esp=0033d850 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0028:trace:seh:call_stack_handlers calling handler at 0x7bc9dbe3 code=c0000005 flags=0 ... Unhandled exception: page fault on read access to 0x003fb000 in 32-bit code (0xf74c88e6). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f74c88e6 ESP:0033d850 EBP:0033d898 EFLAGS:00010206( R- -- I - -P- ) EAX:003faf90 EBX:f753a000 ECX:000031a0 EDX:00189fa0 ESI:00000800 EDI:00003800 ... Backtrace: =>0 0xf74c88e6 __memcpy_ssse3_rep+0x286() in libc.so.6 (0x0033d898) 1 0x7edb485a populate_module_icons+0x21e(hModule=0x340001, grpIconDir=0x3fa5dc, iconDirEntries=0x18d1c8, icons="(", iconOffset=0x33d8dc) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:624] in winemenubuilder (0x0033d898) 2 0x7edb4b27 add_module_icons_to_stream+0x279(iconData16=(nil), hModule=0x340001, grpIconDir=0x3fa5dc) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:675] in winemenubuilder (0x0033d998) 3 0x7edb59f6 open_module_icon+0x29b(szFileName="C:\Program Files\Inno Setup 5\Compil32.exe", nIndex=0, ppStream=0x33da98) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:911] in winemenubuilder (0x0033da28) 4 0x7edb6135 open_icon+0x2a(filename="C:\Program Files\Inno Setup 5\Compil32.exe", index=0, bWait=0x1, ppStream=0x33da98) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:1055] in winemenubuilder (0x0033da68) 5 0x7edb696b extract_icon+0xb0(icoPathW="C:\Program Files\Inno Setup 5\Compil32.exe", index=0, destFilename=0x0(nil), bWait=0x1) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:1367] in winemenubuilder (0x0033dac8) 6 0x7edbbc7e InvokeShellLinker+0x6f8(sl=0x136dfc, link="C:\users\Public\Start Menu\Programs\Inno Setup 5\Inno Setup Compiler.lnk", bWait=0x1) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:2865] in winemenubuilder (0x0033fa48) 7 0x7edbd6fc Process_Link+0x2d3(linkname="C:\users\Public\Start Menu\Programs\Inno Setup 5\Inno Setup Compiler.lnk", bWait=0x1) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:3250] in winemenubuilder (0x0033fce8) 8 0x7edbef43 wWinMain+0x26d(hInstance=<couldn't compute location>, prev=<couldn't compute location>, cmdline=<couldn't compute location>, show=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:3703] in winemenubuilder (0x0033fd68) 9 0x7edbf67a wmain+0x109(argc=0x3, argv=0x115258) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_wmain.c:51] in winemenubuilder (0x0033fde8) 10 0x7edbf555 __wine_spec_exe_wentry+0x74(peb=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_wentry.c:36] in winemenubuilder (0x0033fe18) 11 0x7b86404c call_process_entry+0xb() in kernel32 (0x0033fe38) ... 0xf74c88e6 __memcpy_ssse3_rep+0x286 in libc.so.6: Modules: Module Address Debug info Name (52 modules) ELF 7b800000-7ba62000 Dwarf kernel32<elf> -PE 7b810000-7ba62000 \ kernel32 ... ELF 7eda0000-7edcb000 Dwarf winemenubuilder<elf> -PE 7edb0000-7edcb000 \ winemenubuilder ... Threads: process tid prio (all id:s are in hex) ... 00000027 (D) C:\windows\system32\winemenubuilder.exe 00000028 0 <== --- snip ---
Hex dump of the raw data from first icon group:
(sorry for the DWORD dump, but you get the idea)
--- snip --- 003FA5DC 00010000 003FA5E0 10100008 003FA5E4 00010000 003FA5E8 05680008 ; group entry #1 size = 0x568 == icon res size (ok) 003FA5EC 00010000 003FA5F0 00002020 003FA5F4 00080001 003FA5F8 000008A8 ; group entry #2 size = 0x8A8 == icon res size (ok) 003FA5FC 30300002 003FA600 00010000 003FA604 0EA80008 ; group entry #3 size = 0xEA8 == icon res size (ok) 003FA608 00030000 003FA60C 00001010 003FA610 00200001 003FA614 00000468 ; group entry #4 size = 0x468 == icon res size (ok) 003FA618 20200004 003FA61C 00010000 003FA620 10A80020 ; group entry #5 size = 0x10A8 == icon res size (ok) 003FA624 00050000 003FA628 00003030 003FA62C 00200001 003FA630 000025A8 ; group entry #6 size = 0x25A8 == icon res size (ok) 003FA634 00800006 003FA638 00010000 003FA63C 08280020 ; group entry #7 size = 0x10828 == icon res size (ok) 003FA640 00070001 003FA644 00000000 003FA648 00200001 003FA64C 00040028 ; group entry #8 size = 0x40028 != icon res size = 0x90E4 (!) 003FA650 00000008 --- snip ---
Icon #8 is PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced.
Newer Windows versions, starting with Windows Vista+ support these, for example in large thumbnail view.
Some information here: http://www.axialis.com/tutorials/tutorial-vistaicons.html
The large size value from icon group entry #8 triggers an out-of-bounds exception on resource section (unmapped area) -> 'src' of icon data 'memcpy'.
Actually, the number 0x40028 could be a magic or hint for this new stuff.
I tested other installers with my patch/hacks that dumped a bit more information about resource processing, especially inconsistencies.
Whenever the executable resource section contained 256x256 icons, the magic number was there but the actual icon resource (PNG) had different sizes.
'winemenubuilder' needs to cope with these large icons and their peculiarities (at least avoid the crash).
--- snip --- trace:menubuilder:extract_icon path=[L"C:\Program Files\Inno Setup 5\Compil32.exe"] index=0 destFilename=[(null)] trace:menubuilder:platform_write_icon [0]: 16 x 16 @ 8 trace:menubuilder:platform_write_icon Selected: 3 trace:menubuilder:platform_write_icon [1]: 32 x 32 @ 8 trace:menubuilder:platform_write_icon Selected: 4 trace:menubuilder:platform_write_icon [2]: 48 x 48 @ 8 trace:menubuilder:platform_write_icon Selected: 5 trace:menubuilder:platform_write_icon [3]: 16 x 16 @ 32 trace:menubuilder:platform_write_icon [4]: 32 x 32 @ 32 trace:menubuilder:platform_write_icon [5]: 48 x 48 @ 32 trace:menubuilder:platform_write_icon [6]: 128 x 0 @ 32 trace:menubuilder:platform_write_icon Selected: 6 trace:menubuilder:platform_write_icon [7]: 0 x 0 @ 32 trace:menubuilder:platform_write_icon Selected: 7 --- snip ---
$ sha1sum isetup-5.5.4.exe 6ddc6db3a85882711470e0eeba861249b64edaf8 isetup-5.5.4.exe
$ du -sh isetup-5.5.4.exe 1.9M isetup-5.5.4.exe
$ wine --version wine-1.7.21-61-gf9f3b21
Regards