https://bugs.winehq.org/show_bug.cgi?id=47137
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |gdiplus Summary|HX Edit (Line 6) : crashes |HX Edit v2.71 (Line 6) |on launch |crashes on startup (Wine | |builtin 'gdiplus.dll' | |missing version resource)
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Line6/HX Edit
$ file *.{dll,exe} msvcp100.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows msvcp120.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows msvcr100.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows msvcr120.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows pthreadVC2.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows HX Edit.exe: PE32 executable (GUI) Intel 80386, for MS Windows Uninstall.exe: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
$ WINEDEBUG=+seh,+relay,+wbemprox wine ./HX\ Edit.exe >>log.txt 2>&1 ... 0034:trace:seh:raise_exception code=c0000005 flags=0 addr=0x649dd0 ip=00649dd0 tid=0034 0034:trace:seh:raise_exception info[0]=00000000 0034:trace:seh:raise_exception info[1]=00000000 0034:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=0190f9d0 edx=00000001 esi=00000000 edi=0191a040 0034:trace:seh:raise_exception ebp=0034f9b8 esp=0034f9a4 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0034:trace:seh:call_stack_handlers calling handler at 0x821e78 code=c0000005 flags=0 ...Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x00649dd0). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:00649dd0 ESP:0034f9a4 EBP:0034f9b8 EFLAGS:00010202( R- -- I - - - ) EAX:00000000 EBX:00000000 ECX:0190f9d0 EDX:00000001 ESI:00000000 EDI:0191a040 ... Backtrace: =>0 0x00649dd0 EntryPoint+0xffffffff() in hx edit (0x0034f9b8) 1 0x007a1d77 EntryPoint+0xffffffff() in hx edit (0x0034f9d4) 2 0x007a1d9f EntryPoint+0xffffffff() in hx edit (0x0034f9f0) 3 0x007bb3d0 EntryPoint+0xffffffff() in hx edit (0x0034fa18) 4 0x006479f3 EntryPoint+0xffffffff() in hx edit (0x0034fa58) 5 0x0062a5c8 EntryPoint+0xffffffff() in hx edit (0x0034faf0) 6 0x00543c47 EntryPoint+0xffffffff() in hx edit (0x0034fb5c) 7 0x005433a7 EntryPoint+0xffffffff() in hx edit (0x0034fbac) 8 0x0074e4cd EntryPoint+0xffffffff() in hx edit (0x0034fe84) 9 0x007e84ed EntryPoint+0xffffffff() in hx edit (0x0034fed0) 10 0x7b47aee2 call_process_entry+0x11() in kernel32 (0x0034fee8) 11 0x7b47d5c6 start_process+0x105(entry=<couldn't compute location>, peb=<couldn't compute location>) [/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1257] in kernel32 (0x0034ffd8) 12 0x7b47aeee start_process_wrapper+0x9() in kernel32 (0x0034ffec) 0x00649dd0 EntryPoint+0xffffffff in hx edit: movl 0x0(%esi),%edx Modules: Module Address Debug info Name (128 modules) PE 400000- c3e000 Export hx edit PE 10000000-1000c000 Deferred pthreadvc2 ELF 7a800000-7a944000 Deferred opengl32<elf> -PE 7a840000-7a944000 \ opengl32 ELF 7b1ed000-7b36c000 Deferred wined3d<elf> -PE 7b230000-7b36c000 \ wined3d ELF 7b36c000-7b3a9000 Deferred dxgi<elf> -PE 7b380000-7b3a9000 \ dxgi ELF 7b400000-7b841000 Dwarf kernel32<elf> -PE 7b430000-7b841000 \ kernel32 ... ELF f7e00000-f7fb6000 Dwarf libwine.so.1 ELF f7fb8000-f7fe1000 Deferred ld-linux.so.2 ELF f7fe4000-f7fe5000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000033 (D) C:\Program Files (x86)\Line6\HX Edit\HX Edit.exe 00000035 0 00000034 0 <== --- snip ---
There is nothing in the trace log/crash that hints at the problem hence one has to debug it.
Checking the crash site:
--- snip --- 00649D70 | push ebp 00649D71 | mov ebp,esp 00649D73 | sub esp,8 00649D76 | push esi 00649D77 | mov esi,dword ptr ss:[ebp+8] 00649D7A | push edi 00649D7B | push dword ptr ss:[ebp+C] 00649D7E | mov edi,ecx 00649D80 | push esi 00649D81 | call hx edit.7A3FE0 00649D86 | cmp esi,80000001 00649D8C | jne hx edit.649E37 00649D92 | push 1 00649D94 | push 65747874 00649D99 | mov ecx,edi 00649D9B | call hx edit.7A2CF0 00649DA0 | mov dword ptr ds:[edi+34],eax 00649DA3 | test eax,eax 00649DA5 | je hx edit.649E37 00649DAB | lea eax,dword ptr ss:[ebp-8] 00649DAE | mov dword ptr ss:[ebp-8],1 00649DB5 | push eax 00649DB6 | mov dword ptr ss:[ebp-4],1 00649DBD | call hx edit.7B29F0 ; EAX = retval = NULL 00649DC2 | mov ecx,dword ptr ds:[edi+34] 00649DC5 | add esp,4 00649DC8 | mov esi,eax ; ESI = NULL 00649DCA | push dword ptr ds:[ecx+C0] 00649DD0 | mov edx,dword ptr ds:[esi] ; *boom* 00649DD2 | add ecx,38 00649DD5 | push ecx 00649DD6 | mov ecx,esi 00649DD8 | call dword ptr ds:[edx+80] ... --- snip ---
The sub-routine that returned NULL:
--- snip --- 007B29F0 | push ebp 007B29F1 | mov ebp,esp 007B29F3 | push FFFFFFFF 007B29F5 | push hx edit.8280FB 007B29FA | mov eax,dword ptr fs:[0] 007B2A00 | push eax 007B2A01 | push ecx 007B2A02 | mov eax,dword ptr ds:[A2F840] 007B2A07 | xor eax,ebp 007B2A09 | push eax 007B2A0A | lea eax,dword ptr ss:[ebp-C] 007B2A0D | mov dword ptr fs:[0],eax 007B2A13 | cmp dword ptr ds:[A46720],0 ; var == 0 ? 007B2A1A | je hx edit.7B2A50 007B2A1C | push 10CC 007B2A21 | call hx edit.7E245E 007B2A26 | add esp,4 007B2A29 | mov dword ptr ss:[ebp-10],eax 007B2A2C | mov dword ptr ss:[ebp-4],0 007B2A33 | test eax,eax 007B2A35 | je hx edit.7B2A50 007B2A37 | push dword ptr ss:[ebp+8] 007B2A3A | mov ecx,eax 007B2A3C | call hx edit.7C4910 007B2A41 | mov ecx,dword ptr ss:[ebp-C] 007B2A44 | mov dword ptr fs:[0],ecx 007B2A4B | pop ecx 007B2A4C | mov esp,ebp 007B2A4E | pop ebp 007B2A4F | ret 007B2A50 | xor eax,eax ; bad code path, retval = NULL 007B2A52 | mov ecx,dword ptr ss:[ebp-C] 007B2A55 | mov dword ptr fs:[0],ecx 007B2A5C | pop ecx 007B2A5D | mov esp,ebp 007B2A5F | pop ebp 007B2A60 | ret --- snip ---
Now we have to find the code that writes to memory location 0xA46720. Searching for all direct (immediate value) references to 0xA46720 yields:
--- snip --- 007B2A13 cmp dword ptr ds:[A46720],0 007C08D4 cmp dword ptr ds:[A46720],0 007C096B cmp dword ptr ds:[A46720],0 007C0D65 cmp dword ptr ds:[A46720],0 007C37F1 mov dword ptr ds:[A46720],eax ; yay, here we go 007C40D5 cmp dword ptr ds:[A46720],0 007C48E0 cmp dword ptr ds:[A46720],0 007C5529 cmp dword ptr ds:[A46720],esi 007C5688 cmp dword ptr ds:[A46720],0 007C5B50 cmp dword ptr ds:[A46720],0 007C5C8D cmp dword ptr ds:[A46720],0 007C5CC0 cmp dword ptr ds:[A46720],0 007C6AA7 cmp dword ptr ds:[A46720],0 007C77AC cmp dword ptr ds:[A46720],0 --- snip ---
Which brings us here:
--- snip --- 007C37D0 | push ebp 007C37D1 | mov ebp,esp 007C37D3 | sub esp,14 007C37D6 | lea eax,dword ptr ss:[ebp-4] 007C37D9 | mov dword ptr ss:[ebp-4],0 007C37E0 | push eax 007C37E1 | push hx edit.98FF28 ; L"gdiplus.dll" 007C37E6 | call hx edit.74E6B2 ; GetFileVersionInfoSizeW 007C37EB | neg eax 007C37ED | sbb eax,eax 007C37EF | neg eax 007C37F1 | mov dword ptr ds:[A46720],eax ; result 007C37F6 | je hx edit.7C387D 007C37FC | push esi 007C37FD | push 0 007C37FF | lea eax,dword ptr ss:[ebp-14] 007C3802 | mov dword ptr ss:[ebp-14],1 007C3809 | push eax 007C380A | push hx edit.A46728 007C380F | mov dword ptr ss:[ebp-10],0 007C3816 | mov dword ptr ss:[ebp-C],0 007C381D | mov dword ptr ss:[ebp-8],0 007C3824 | call hx edit.80B99C ... --- snip ---
Armed with that information we can go back to the tracelog and find this place:
--- snip --- ... 0034:Call version.GetFileVersionInfoSizeW(0098ff28 L"gdiplus.dll",0034fa08) ret=007c37eb ... 0034:Ret version.GetFileVersionInfoSizeW() retval=00000000 ret=007c37eb ... --- snip ---
That call was done very early at startup and there was no visible relation to the actual crash.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/gdiplus/gdiplus.rc
--- snip --- ... 21 /* @makedep: gdiplus.manifest */ 22 WINE_MANIFEST 24 gdiplus.manifest 23 24 /* @makedep: gdiplus11.manifest */ 25 WINE_MANIFEST11 24 gdiplus11.manifest --- snip ---
Quick test to verify the finding: 'winetricks -q gdiplus' (native has version resource).
Indeed, it makes the app start.
$ sha1sum HX\ Edit\ v2.71\ Installer.exe 33c1ba4d6242ea11ef9d529e40fca1d07d679d63 HX Edit v2.71 Installer.exe
$ du -sh HX\ Edit\ v2.71\ Installer.exe 78M HX Edit v2.71 Installer.exe
$ wine --version wine-4.8-202-g61aea5a987
Regards